Merge pull request #37 from smswithoutborders/staging

Added blog post on bridges

.github/workflows/prod-deploy.yml

@@ -1,11 +1,11 @@
-name: 🚀 Deploy SMSWithoutBorders Blog on Server (production)
+name: Deploy SMSWithoutBorders Blog on Server (production)
 on:
   push:
     branches:
       - main
 jobs:
   deploy:
-    name: 🚀 Execute Deployment Script on Server
+    name: Execute Deployment Script on Server
     runs-on: ubuntu-latest
     environment:
       name: production
@@ -17,41 +17,41 @@ jobs:
       - name: Setup NodeJs
         uses: actions/setup-node@v4
         with: 
-          node-version: 18
+          node-version: 20
 
       - name: Create .env.local file
         run: echo "BASE_URL=${{ secrets.BASE_URL }}" > .env.local
 
       - name: Install Dependencies
         run: |
           npm install -g pnpm
-          pnpm install
+          pnpm install --no-lockfile
 
       - name: Build Application
         run: pnpm build
 
       - name: Securely Copy Artifacts to Server
-        uses: appleboy/scp-action@v0.1.7
+        uses: appleboy/scp-action@master
         with:
           host: ${{ secrets.HOST }}
           username: ${{ secrets.USERNAME }}
-          password: ${{ secrets.PASSWORD }}
+          key: ${{ secrets.KEY }}
           source: "./out/*"
           target: ${{ secrets.BUILD_PATH }}
           strip_components: 1
           rm: true
 
-      - name: 🚀 Execute Remote SSH Commands
+      - name: Execute Remote SSH Commands
         uses: appleboy/ssh-action@master
         with:
           host: ${{ secrets.HOST }}
           username: ${{ secrets.USERNAME }}
-          password: ${{ secrets.PASSWORD }}
+          key: ${{ secrets.KEY }}
           script: |
             set -e
 
             echo "============================"
-            echo "🚀 Deploy Project ..."
+            echo "Deploy Project ..."
             echo "============================"
             if ! ${{secrets.BUILD_CMD}}; then
               echo "❌ Error deploying project!"

.github/workflows/staging-deploy.yml

@@ -1,27 +1,27 @@
-name: 🚀 Deploy SMSWithoutBorders Blog on Server (staging)
+name: Deploy SMSWithoutBorders Blog on Server (staging)
 on:
   push:
     branches:
       - staging
 jobs:
   deploy:
-    name: 🚀 Execute Deployment Script on Server
+    name: Execute Deployment Script on Server
     runs-on: ubuntu-latest
     environment:
       name: staging
       url: https://staging.smswithoutborders.com:18000
     steps:
-      - name: 🚀 Execute Remote SSH Commands
+      - name: Execute Remote SSH Commands
         uses: appleboy/ssh-action@master
         with:
           host: ${{ secrets.HOST }}
           username: ${{ secrets.USERNAME }}
-          password: ${{ secrets.PASSWORD }}
+          key: ${{ secrets.KEY }}
           script: |
             set -e
 
             echo "============================"
-            echo "🚀 Updating repository ..."
+            echo "Updating repository ..."
             echo "============================"
             cd ${{ secrets.PROJECT_PATH }}
             if ! git pull; then
@@ -33,7 +33,7 @@ jobs:
             echo "==============================="
 
             echo "========================="
-            echo "🚀 Building project ..."
+            echo "Building project ..."
             echo "========================="
             if ! ${{ secrets.BUILD_CMD }}; then
               echo "❌ Error building project!"
@@ -42,4 +42,10 @@ jobs:
             echo "==========================="
             echo "✅ Project build complete"
             echo "==========================="
-            
+            if ! ${{ secrets.CLEANUP_CMD }}; then
+              echo "❌ Error cleaning up builds!"
+              exit 1
+            fi
+            echo "============================="
+            echo "✅ Cleanup complete"
+            echo "============================="

.gitignore

@@ -35,3 +35,5 @@ yarn-error.log*
 # typescript
 *.tsbuildinfo
 next-env.d.ts
+
+pnpm-lock.yaml

Dockerfile

@@ -1,18 +1,13 @@
-# build environment
-FROM node:18-alpine as build
+FROM node:20-alpine as build
 WORKDIR /app
 
-# Install global dependencies
 RUN npm install -g pnpm
 
-# Copy only necessary files
-COPY package.json pnpm-lock.yaml tsconfig.json ./
+COPY package.json tsconfig.json ./
 COPY scripts ./scripts
 
-# Install dependencies
-RUN pnpm install
+RUN pnpm install --no-lockfile
 
-# Build the application
 COPY . .
 ARG PORT
 ARG SSL_PORT
@@ -21,22 +16,16 @@ RUN export PORT=${PORT} SSL_PORT=${SSL_PORT} SERVER_NAME=${SERVER_NAME} && \
     ./scripts/generate_env.sh && \
     pnpm build
 
-# production environment
 FROM nginx:stable-alpine
 
-# Copy built files to NGINX html directory
 COPY --from=build /app/out /usr/share/nginx/html
 
-# Copy NGINX configuration template
 COPY nginx/nginx.conf.template /etc/nginx/conf.d/default.template
 
-# Copy entry script
 COPY scripts/docker-entrypoint.sh /docker-entrypoint.sh
 RUN chmod +x /docker-entrypoint.sh
 
-# Expose ports
 EXPOSE 80
 EXPOSE 443
 
-# Start NGINX using entry script
 CMD ["/docker-entrypoint.sh"]

_posts/Bridges.md

@@ -0,0 +1,28 @@
+---
+title: "RelaySMS Bridges"
+excerpt: "SBefore now RelaySMS required online setup processes, including account creation and saving platforms. RelaySMS Bridges breaks these barriers."
+coverImage: "/icon.png"
+date: "2024-11-14"
+author:
+  name: "Aysha Musa"
+  picture: "/anon-avatar.jpeg"
+ogImage:
+  url: "/icon.png"
+---
+
+Before now RelaySMS required online setup processes, including account creation and saving platforms. RelaySMS Bridges breaks these barriers. With Bridges, you can start using the app immediately, without needing to sign up, log in, or save platform credentials. This eliminates the need for an internet connection during critical situations when immediate communication is indispensable.
+
+### How it Works
+
+When the user chooses to use bridges they receive a one-time code and a special phrase via SMS to verify their identity and encrypt their messages. Bridges uses the phone number to create a temporary alias (e.g.,[[email protected]]([email protected])) which will be used to send messages.
+
+<!-- ![Bridges1](/posts/Bridges1.png)
+![Bridges2](/posts/Bridges2.png)
+![Bridges3](/posts/Bridges3.png)
+![Bridges4](/posts/Bridges4.png)  -->
+
+RelaySMS Bridges prioritize security. The one-time code verifies your number, and the special phrase creates an encrypted connection for your messages. Users are required to paste the entire authentication message to ensure the process is completed successfully.
+
+Once verified, you can now send messages to your preferred online platforms, without the need for internet. This functionality empowers individuals, organizations, and communities to stay connected and informed, regardless of their internet access. Whether facing internet outages, censorship attempts, or simply needing reliable communication in remote regions, Bridges ensures your voice remains heard.
+
+[Download](https://play.google.com/store/apps/details?id=com.afkanerd.sw0b) the latest update to experience the convenience and security of Bridges. Communicate freely, even when the internet isn't an option.

_posts/audit-blog-post.md

@@ -0,0 +1,30 @@
+---
+title: "SMSWithoutBorders: Keeping You Secure - Results of a Penetration Test"
+excerpt: "We're committed to keeping your communications safe. That's why we had a rigorous penetration test conducted by Radically Open Security (ROS). While we found and fixed a few vulnerabilities, the good news is that your data is secure with RelaySMS"
+coverImage: "/icon.png"
+date: "2024-07-31"
+author:
+  name: "Aysha Musa"
+  picture: "/anon-avatar.jpeg"
+ogImage:
+  url: "/icon.png"
+---
+
+Here at SMSWithoutBorders, your security is our top priority. That's why we had a penetration test conducted by Open Technology Fund’s [Radically Open Security (ROS)](https://www.radicallyopensecurity.com/), a team of experts dedicated to finding and eliminating vulnerabilities in software. This test focused on the SWOB Android app (now RelaySMS) and back-end(now vault) code, aiming to identify any potential weaknesses that could be exploited.
+
+### What is a Penetration Test?
+
+Imagine a team of skilled ethical hackers trying to break into your house. A penetration test is similar, but instead of a house, it's your software! The ROS team had full access to the inner workings of SWOB (like a blueprint of the house) to see if they could find ways to bypass security measures.
+
+### What Did They Find?
+
+The good news is that the test identified only one high-severity vulnerability. This issue stemmed from a lack of input validation in a specific area, potentially allowing attackers to inject malicious code when users sync saved tokens. In simpler terms, a cleverly crafted username could have tricked the system into running harmful scripts. However, rest assured, this vulnerability has been completely fixed!
+The test also uncovered several medium-to-low [severity vulnerabilities](https://www.opentech.fund/wp-content/uploads/2023/06/ROS-pentest-report-SMS-without-borders-May-2023.pdf#%5B%7B%22num%22%3A226%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C56.692%2C427.173%2Cnull%5D), which have all been addressed by the SWOB development team. Following these fixes, ROS conducted additional tests to confirm that the vulnerabilities were truly eliminated.
+
+### What This Means for You
+
+This penetration test demonstrates our commitment to proactive security measures. By actively seeking out and eliminating vulnerabilities, we can ensure that your communication with SWOB remains secure, even in offline situations.
+
+### Stay Informed, Stay Secure
+
+We will continue to conduct regular penetration tests and security audits to maintain the highest level of protection for our users. Read Open Technology Fund’s [full official](https://www.opentech.fund/wp-content/uploads/2023/06/ROS-pentest-report-SMS-without-borders-May-2023.pdf) report on the audits for more information.

docker-compose.yml

@@ -1,7 +1,7 @@
-version: "3"
-
 services:
-  blog:
+  blog-web:
+    container_name: blog-web
+    restart: always
     build:
       context: .
       dockerfile: Dockerfile

package.json

@@ -10,36 +10,37 @@
 	},
 	"dependencies": {
 		"classnames": "^2.5.1",
-		"date-fns": "^3.3.1",
+		"date-fns": "^3.6.0",
 		"gray-matter": "^4.0.3",
 		"next": "14.1.0",
-		"next-nprogress-bar": "^2.3.11",
-		"react": "^18",
-		"react-dom": "^18",
-		"react-icons": "^5.0.1",
+		"next-nprogress-bar": "^2.3.15",
+		"react": "^18.3.1",
+		"react-dom": "^18.3.1",
+		"react-icons": "^5.3.0",
+		"react-markdown": "^9.0.1",
 		"remark": "^15.0.1",
 		"remark-html": "^16.0.1"
 	},
 	"devDependencies": {
-		"@next/eslint-plugin-next": "^14.1.4",
-		"@types/node": "^20",
-		"@types/react": "^18",
-		"@types/react-dom": "^18",
-		"@typescript-eslint/eslint-plugin": "^7.4.0",
-		"@typescript-eslint/parser": "^7.4.0",
-		"autoprefixer": "^10.0.1",
-		"eslint": "^8.57.0",
+		"@next/eslint-plugin-next": "^14.2.18",
+		"@types/node": "^20.17.6",
+		"@types/react": "^18.3.12",
+		"@types/react-dom": "^18.3.1",
+		"@typescript-eslint/eslint-plugin": "^7.18.0",
+		"@typescript-eslint/parser": "^7.18.0",
+		"autoprefixer": "^10.4.20",
+		"eslint": "^8.57.1",
 		"eslint-config-prettier": "^9.1.0",
 		"eslint-formatter-summary": "^1.1.0",
 		"eslint-plugin-json": "^3.1.0",
-		"eslint-plugin-prettier": "^5.1.3",
-		"eslint-plugin-react": "^7.34.1",
-		"husky": "^9.0.11",
-		"lint-staged": "^15.2.2",
-		"postcss": "^8",
-		"prettier": "^3.2.5",
-		"tailwindcss": "^3.3.0",
-		"typescript": "^5"
+		"eslint-plugin-prettier": "^5.2.1",
+		"eslint-plugin-react": "^7.37.2",
+		"husky": "^9.1.6",
+		"lint-staged": "^15.2.10",
+		"postcss": "^8.4.49",
+		"prettier": "^3.3.3",
+		"tailwindcss": "^3.4.14",
+		"typescript": "^5.6.3"
 	},
 	"lint-staged": {
 		"*.js,jsx,ts,tsx": "eslint --cache --fix",