added a new script to conevrt all md to asciidoc, rss feed now sends the entire asciidoc for the teaser

1 files changed, 228 insertions, 0 deletions

diff --git a/mds/howtogetyourSMSonIRC.txt b/mds/howtogetyourSMSonIRC.txt
new file mode 100644
index 0000000..438e7b0
--- /dev/null
+++ b/mds/howtogetyourSMSonIRC.txt
@@ -0,0 +1,228 @@
+== How to get your SMS on IRC
+
+It’s not really a continuation of the ``one client for everything'' post
+but it is in the same vein. Basically, in this post we are going to make
+it so that we receive our SMS messages on IRC. More specifically, it
+will send it to a IRC channel. In my case this works and is actually
+secure, since the channel I have the SMS going to is on my own IRC
+network which only allows users in after they do a successful SASL
+authentication.
+
+The general idea is this:
+
+* We run an app on our phone that will send the SMS to a web hook server
+* The web hook server has an IRC client that will send the message to
+the IRC channel
+
+=== security considerations
+
+==== SMS vs https://en.wikipedia.org/wiki/Rich_Communication_Services[RCS]
+
+For forwarding the SMS I get on my cellphone from my cellphone to the
+web hook server, i use
+https://github.com/bogkonstantin/android_income_sms_gateway_webhook[android_income_sms_gateway_webhook].
+This app does not support RCS(see
+https://github.com/bogkonstantin/android_income_sms_gateway_webhook/issues/46[#46]).
+For this to work, make sure your phone has RCS disabled unless you use
+another app that supports RCS.
+
+==== web hook server connection
+
+The app will be connecting to our web hook server. The ideal way I
+wanted to do this would be to connect to a VPN, only through which we
+can access the web hook server. But its android not linux. I dont know
+how I can do that on android so that’s a no go. Next idea is to use
+local port mapping using openssh to send the SMS through the ssh tunnel.
+While that is very feasible without rooting the phone, a one-liner in
+termux can take care of it but automating it is a bit of a hassle.
+Currently the only measure I am taking is to just use https instead of
+http. Since we are using only tls we can use the normal TLS hardening
+measures, server-side. We are using nginx as the reverse proxy. We will
+also terminate the tls connection on nginx. We will be using
+https://github.com/pocketbase/pocketbase[pocketbase] for the record
+storage and authentication. We can extend pocketbase which is exactly
+how we will be making our sms web hook. Pocketbase will give us the
+record storage and authentication/registration we need. We will use
+https://github.com/lrstanley/girc[girc] for our IRC library. My personal
+IRC network wll require successful SASL authentication before letting
+anyone into the network so supporting SASL auth(PLAIN) is a requirement.
+
+We can use basic http authentication using our chosen app. We can
+configure the JSON body of the POST request our web hook server will
+receive. The default POST request the app will send looks like this: For
+the body:
+
+[source,json]
+----
+{
+  "from": "%from%",
+  "text": "%text%",
+  "sentStamp": "%sentStamp%",
+  "receivedStamp": "%receivedStamp%",
+  "sim": "%sim%"
+}
+----
+
+And for the header:
+
+[source,json]
+----
+{ "User-Agent": "SMS Forwarder App" }
+----
+
+We get static cerdentials so we can only do basic http auth. We dont
+need to encode the client information into the security token so we’ll
+just rely on a bearer-token in the header for both authentication and
+authorization.
+
+==== Authentication and Authorization
+
+In our case, the only resource we have is to be able to post anything on
+the endpoint so in our case, authentication and authorization will be
+synonimous. We can put the basic auth cerdentials in the url:
+
+....
+https://user:pass@sms.mywebhook.com
+....
+
+Also do please remember that on the app side we need to add the
+authorization header like so:
+
+[source,json]
+----
+{"Content-Type": "application/json"; "Authorization": "Basic base64-encoded-username:password"}
+----
+
+As for the url, use your endpoint without using the username and passwor
+in the URI.
+
+=== Dev works
+
+You can find the finished code
+https://github.com/terminaldweller/sms-webhook[here].
+
+Here’s a brief explanation of what the code does: We launch the irc bot
+in a goroutine. The web hook server will only respond to POST requests
+on `/sms` after a successful basic http authentication. In our case
+there is no reason not to use a randomized username as well. So
+effectively we will have two secrets this way. You can create a new user
+in the pocketbase admin panel. Pocketbase comes with a default
+collection for users so just create a new entry in there.
+
+* The code will respond with a 401 for all failed authentication
+attempts.
+* We dont fill out missing credentials for non-existant users to make
+timing attacks harder. Thats something we can do later.
+
+=== Deployment
+
+[source,nginx]
+----
+events {
+  worker_connections 1024;
+}
+http {
+  include /etc/nginx/mime.types;
+  server_tokens off;
+  limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
+  server {
+    listen 443 ssl;
+    keepalive_timeout 60;
+    charset utf-8;
+    ssl_certificate /etc/letsencrypt/live/sms.terminaldweller.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/sms.terminaldweller.com/privkey.pem;
+    ssl_ciphers HIGH:!aNULL:!MD5:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_timeout 1d;
+    ssl_session_tickets off;
+    ssl_prefer_server_ciphers on;
+    tcp_nopush on;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options SAMEORIGIN always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "no-referrer";
+    fastcgi_hide_header X-Powered-By;
+
+    error_page 401 403 404 /404.html;
+    location / {
+      proxy_pass http://sms-webhook:8090;
+    }
+  }
+}
+----
+
+[source,yaml]
+----
+version: "3.9"
+services:
+  sms-webhook:
+    image: sms-webhook
+    build:
+      context: .
+    deploy:
+      resources:
+        limits:
+          memory: 256M
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "100m"
+    networks:
+      - smsnet
+    restart: unless-stopped
+    depends_on:
+      - redis
+    volumes:
+      - pb-vault:/sms-webhook/pb_data
+      - ./config.toml:/opt/smswebhook/config.toml
+    cap_drop:
+      - ALL
+    dns:
+      - 9.9.9.9
+    environment:
+      - SERVER_DEPLOYMENT_TYPE=deployment
+    entrypoint: ["/sms-webhook/sms-webhook"]
+    command: ["serve", "--http=0.0.0.0:8090"]
+  nginx:
+    deploy:
+      resources:
+        limits:
+          memory: 128M
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "100m"
+    image: nginx:stable
+    ports:
+      - "8090:443"
+    networks:
+      - smsnet
+    restart: unless-stopped
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - DAC_OVERRIDE
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+      - /etc/letsencrypt/live/sms.terminaldweller.com/fullchain.pem:/etc/letsencrypt/live/sms.terminaldweller.com/fullchain.pem:ro
+      - /etc/letsencrypt/live/sms.terminaldweller.com/privkey.pem:/etc/letsencrypt/live/sms.terminaldweller.com/privkey.pem:ro
+networks:
+  smsnet:
+    driver: bridge
+volumes:
+  pb-vault:
+----
+
+timestamp:1706042815
+
+version:1.1.0
+
+https://blog.terminaldweller.com/rss/feed
+
+https://raw.githubusercontent.com/terminaldweller/blog/main/mds/howtogetyourSMSonIRC.md