respond to sms messages

Value

• Many users (particularly in communities with lower overall tech literacy or security consciousness) find it confusing that a signup message is suposed to come via a signal message as opposed to an SMS message.
• In the failure mode, they send an SMS, nothing happens, and we lose them
• It would be nice to respond with a message that helps them install signal!

Behavior

• GIVEN a broadcast or Hotline channel
• WHEN a user attempts to subscribe or message the channel over SMS to its phone number
• THEN Twilio should respond with a helpful message explaining they need to first install Signal (and providing a link to that) Ideally only one message per user ever.

Implementation

• i (@aguestuser) think the idea would be to branch between 2 handlers on the /twilioSms endpoint based on the status of the phone number:
  • call the the (current) signal verification code handler if phoneNumber.status !== VERIFIED || phoneNumber.status !== ACTIVE
  • call a (new) SMS autoresponse-sending handler if the number is verified or active
    • this response handler would defend against flooding attacks by imposing a 1-response per phone number per channel limit
      • before responding, first check a (new) table of smsResponses (fields: channelNumber recipientNumber) and, if it finds a match don't respond
      • if it doesn't find a match, send a response and record it (so no further responses will be sent)
      • implementation details of how to program twilio response handlers ("twiml something something") in node can be found here: https://www.twilio.com/docs/sms/tutorials/how-to-receive-and-reply-node-js
      • if we are nervous about storing metadata of who texted what phone number, maybe limit a user to one incoming SMS period? (but this means they might have an unhappy experience on a second phone number before figuring out the signal thing?)