Add ShieldAI browser extension with phishing & spam detection (FRE-4576)

- Extension package: Manifest V3, background service worker, content scripts - Phishing detection engine with heuristic analysis (typosquatting, entropy, TLD, brand impersonation) - Local URL caching layer (Storage API) for <100ms cached lookups - Popup UI with protection status, stats, and phishing report button - Options page for settings management (blocked/allowed domains, feature toggles) - Server-side extension routes: URL check, phishing report, auth, stats, exposure check - Tier-aware feature gating (Basic/Plus/Premium) - 25 passing tests for phishing detection heuristics - Declarative net request rules for known phishing patterns - DarkWatch integration for credential exposure checks - Firefox compatibility layer via build modes Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-09 21:53:29 -04:00
parent e5294ec712
commit de0ddac65d
27 changed files with 2591 additions and 1 deletions
--- a/packages/extension/src/options/options.html
+++ b/packages/extension/src/options/options.html
@@ -0,0 +1,189 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>ShieldAI Options</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      font-size: 14px;
+      color: #1f2937;
+      background: #f9fafb;
+      padding: 32px;
+      max-width: 640px;
+      margin: 0 auto;
+    }
+    h1 { font-size: 24px; margin-bottom: 4px; }
+    .subtitle { color: #6b7280; margin-bottom: 32px; }
+    .section {
+      background: white;
+      border-radius: 12px;
+      padding: 24px;
+      margin-bottom: 24px;
+      box-shadow: 0 1px 3px rgba(0,0,0,0.1);
+    }
+    .section-title {
+      font-size: 16px;
+      font-weight: 600;
+      margin-bottom: 16px;
+      padding-bottom: 8px;
+      border-bottom: 1px solid #e5e7eb;
+    }
+    .form-group { margin-bottom: 16px; }
+    .form-group:last-child { margin-bottom: 0; }
+    label {
+      display: block;
+      font-size: 13px;
+      font-weight: 500;
+      margin-bottom: 6px;
+      color: #374151;
+    }
+    input[type="text"], input[type="password"], input[type="url"] {
+      width: 100%;
+      padding: 10px 12px;
+      border: 1px solid #d1d5db;
+      border-radius: 8px;
+      font-size: 14px;
+      outline: none;
+      transition: border-color 0.2s;
+    }
+    input:focus { border-color: #3b82f6; }
+    .checkbox-group {
+      display: flex;
+      align-items: center;
+      gap: 8px;
+      padding: 8px 0;
+    }
+    .checkbox-group input[type="checkbox"] {
+      width: 18px;
+      height: 18px;
+      accent-color: #3b82f6;
+    }
+    .checkbox-group label { margin-bottom: 0; cursor: pointer; }
+    .btn {
+      padding: 10px 20px;
+      border: none;
+      border-radius: 8px;
+      font-size: 14px;
+      font-weight: 600;
+      cursor: pointer;
+      transition: opacity 0.2s;
+    }
+    .btn:hover { opacity: 0.9; }
+    .btn-primary { background: #3b82f6; color: white; }
+    .btn-secondary { background: #f3f4f6; color: #374151; }
+    .btn-danger { background: #ef4444; color: white; }
+    .btn-group { display: flex; gap: 8px; margin-top: 16px; }
+    .domain-list {
+      list-style: none;
+      padding: 0;
+    }
+    .domain-item {
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      padding: 8px 12px;
+      background: #f9fafb;
+      border-radius: 6px;
+      margin-bottom: 4px;
+    }
+    .domain-remove {
+      background: none;
+      border: none;
+      color: #ef4444;
+      cursor: pointer;
+      font-size: 16px;
+      padding: 0 4px;
+    }
+    .add-domain-row {
+      display: flex;
+      gap: 8px;
+      margin-top: 8px;
+    }
+    .add-domain-row input { flex: 1; }
+    .toast {
+      position: fixed;
+      bottom: 24px;
+      right: 24px;
+      background: #10b981;
+      color: white;
+      padding: 12px 20px;
+      border-radius: 8px;
+      font-size: 14px;
+      font-weight: 500;
+      opacity: 0;
+      transition: opacity 0.3s;
+    }
+    .toast.show { opacity: 1; }
+  </style>
+</head>
+<body>
+  <h1>🛡️ ShieldAI Options</h1>
+  <p class="subtitle">Configure your phishing & spam protection</p>
+
+  <div class="section">
+    <div class="section-title">Connection</div>
+    <div class="form-group">
+      <label for="api-url">API Base URL</label>
+      <input type="url" id="api-url" value="https://api.shieldai.com" placeholder="https://api.shieldai.com">
+    </div>
+    <div class="form-group">
+      <label for="auth-token">Auth Token (optional)</label>
+      <input type="password" id="auth-token" placeholder="Bearer token for ShieldAI account">
+    </div>
+  </div>
+
+  <div class="section">
+    <div class="section-title">Protection Settings</div>
+    <div class="checkbox-group">
+      <input type="checkbox" id="enabled" checked>
+      <label for="enabled">Enable protection</label>
+    </div>
+    <div class="checkbox-group">
+      <input type="checkbox" id="active-blocking">
+      <label for="active-blocking">Active blocking (Plus tier)</label>
+    </div>
+    <div class="checkbox-group">
+      <input type="checkbox" id="darkwatch-enabled">
+      <label for="darkwatch-enabled">DarkWatch credential exposure checks (Plus tier)</label>
+    </div>
+    <div class="checkbox-group">
+      <input type="checkbox" id="spam-enabled" checked>
+      <label for="spam-enabled">Spam protection</label>
+    </div>
+    <div class="checkbox-group">
+      <input type="checkbox" id="notifications" checked>
+      <label for="notifications">Show notifications</label>
+    </div>
+  </div>
+
+  <div class="section">
+    <div class="section-title">Blocked Domains</div>
+    <ul class="domain-list" id="blocked-domains"></ul>
+    <div class="add-domain-row">
+      <input type="text" id="new-blocked-domain" placeholder="example.com">
+      <button class="btn btn-secondary" id="add-blocked">Add</button>
+    </div>
+  </div>
+
+  <div class="section">
+    <div class="section-title">Allowed Domains (Whitelist)</div>
+    <ul class="domain-list" id="allowed-domains"></ul>
+    <div class="add-domain-row">
+      <input type="text" id="new-allowed-domain" placeholder="example.com">
+      <button class="btn btn-secondary" id="add-allowed">Add</button>
+    </div>
+  </div>
+
+  <div class="btn-group">
+    <button class="btn btn-primary" id="save-btn">Save Settings</button>
+    <button class="btn btn-secondary" id="reset-btn">Reset to Defaults</button>
+  </div>
+
+  <div class="toast" id="toast">Settings saved!</div>
+
+  <script src="options.js"></script>
+</body>
+</html>
--- a/packages/extension/src/options/options.ts
+++ b/packages/extension/src/options/options.ts
@@ -0,0 +1,113 @@
+import { BackgroundMessage, MessageType } from '../types';
+
+const apiUrlInput = document.getElementById('api-url') as HTMLInputElement;
+const authTokenInput = document.getElementById('auth-token') as HTMLInputElement;
+const enabledCheckbox = document.getElementById('enabled') as HTMLInputElement;
+const activeBlockingCheckbox = document.getElementById('active-blocking') as HTMLInputElement;
+const darkwatchCheckbox = document.getElementById('darkwatch-enabled') as HTMLInputElement;
+const spamCheckbox = document.getElementById('spam-enabled') as HTMLInputElement;
+const notificationsCheckbox = document.getElementById('notifications') as HTMLInputElement;
+const blockedDomainsList = document.getElementById('blocked-domains') as HTMLElement;
+const allowedDomainsList = document.getElementById('allowed-domains') as HTMLElement;
+const newBlockedInput = document.getElementById('new-blocked-domain') as HTMLInputElement;
+const newAllowedInput = document.getElementById('new-allowed-domain') as HTMLInputElement;
+const saveBtn = document.getElementById('save-btn') as HTMLButtonElement;
+const resetBtn = document.getElementById('reset-btn') as HTMLButtonElement;
+const toast = document.getElementById('toast') as HTMLElement;
+
+loadSettings();
+
+function loadSettings(): void {
+  chrome.runtime.sendMessage({ type: MessageType.GET_SETTINGS }, (response) => {
+    const settings = (response as { settings: Record<string, unknown> }).settings;
+    if (!settings) return;
+
+    apiUrlInput.value = settings.apiBaseUrl || 'https://api.shieldai.com';
+    authTokenInput.value = settings.authToken || '';
+    enabledCheckbox.checked = settings.enabled !== false;
+    activeBlockingCheckbox.checked = !!settings.activeBlocking;
+    darkwatchCheckbox.checked = !!settings.darkWatchEnabled;
+    spamCheckbox.checked = settings.spamProtectionEnabled !== false;
+    notificationsCheckbox.checked = settings.showNotifications !== false;
+
+    renderDomainList(blockedDomainsList, (settings.blockedDomains || []) as string[], 'blocked');
+    renderDomainList(allowedDomainsList, (settings.allowedDomains || []) as string[], 'allowed');
+  });
+}
+
+function renderDomainList(container: HTMLElement, domains: string[], type: string): void {
+  container.innerHTML = domains.map((d, i) => `
+    <li class="domain-item">
+      <span>${d}</span>
+      <button class="domain-remove" data-type="${type}" data-index="${i}">✕</button>
+    </li>
+  `).join('');
+}
+
+saveBtn.addEventListener('click', () => {
+  chrome.runtime.sendMessage({
+    type: MessageType.UPDATE_SETTINGS,
+    payload: {
+      apiBaseUrl: apiUrlInput.value,
+      authToken: authTokenInput.value || null,
+      enabled: enabledCheckbox.checked,
+      activeBlocking: activeBlockingCheckbox.checked,
+      darkWatchEnabled: darkwatchCheckbox.checked,
+      spamProtectionEnabled: spamCheckbox.checked,
+      showNotifications: notificationsCheckbox.checked,
+    },
+  }, () => {
+    showToast('Settings saved!');
+  });
+});
+
+resetBtn.addEventListener('click', () => {
+  chrome.storage.sync.set({ shieldaiSettings: null }, () => {
+    chrome.runtime.sendMessage({ type: MessageType.GET_SETTINGS }, (response) => {
+      loadSettings();
+      showToast('Settings reset to defaults');
+    });
+  });
+});
+
+document.getElementById('add-blocked')?.addEventListener('click', () => {
+  const domain = newBlockedInput.value.trim().toLowerCase();
+  if (!domain) return;
+
+  chrome.runtime.sendMessage({ type: MessageType.GET_SETTINGS }, (response) => {
+    const settings = (response as { settings: Record<string, unknown> }).settings;
+    const domains = [...(settings.blockedDomains || []), domain];
+    chrome.runtime.sendMessage({
+      type: MessageType.UPDATE_SETTINGS,
+      payload: { blockedDomains: domains },
+    }, () => {
+      newBlockedInput.value = '';
+      renderDomainList(blockedDomainsList, domains, 'blocked');
+      showToast(`Added ${domain} to blocked list`);
+    });
+  });
+});
+
+document.getElementById('add-allowed')?.addEventListener('click', () => {
+  const domain = newAllowedInput.value.trim().toLowerCase();
+  if (!domain) return;
+
+  chrome.runtime.sendMessage({ type: MessageType.GET_SETTINGS }, (response) => {
+    const settings = (response as { settings: Record<string, unknown> }).settings;
+    const domains = [...(settings.allowedDomains || []), domain];
+    chrome.runtime.sendMessage({
+      type: MessageType.UPDATE_SETTINGS,
+      payload: { allowedDomains: domains },
+    }, () => {
+      newAllowedInput.value = '';
+      renderDomainList(allowedDomainsList, domains, 'allowed');
+      showToast(`Added ${domain} to allowed list`);
+    });
+  });
+});
+
+function showToast(message: string): void {
+  toast.textContent = message;
+  toast.classList.add('show');
+  setTimeout(() => toast.classList.remove('show'), 3000);
+}