From 192a7e0d7ec3b4d487d8f083527cdd317a962dc0 Mon Sep 17 00:00:00 2001
From: Ahmad Mujahid <55625580+AhmadMuj@users.noreply.github.com>
Date: Sun, 9 Feb 2025 15:18:01 +0400
Subject: feat: add URL protocol validation to extension and mobile app (#996)

---
 apps/browser-extension/src/NotConfiguredPage.tsx | 10 ++++++++++
 apps/mobile/app/signin.tsx                       | 13 +++++++++++++
 2 files changed, 23 insertions(+)

(limited to 'apps')

diff --git a/apps/browser-extension/src/NotConfiguredPage.tsx b/apps/browser-extension/src/NotConfiguredPage.tsx
index 31d45d6a..fdda480e 100644
--- a/apps/browser-extension/src/NotConfiguredPage.tsx
+++ b/apps/browser-extension/src/NotConfiguredPage.tsx
@@ -22,6 +22,16 @@ export default function NotConfiguredPage() {
       setError("Server address is required");
       return;
     }
+
+    // Add URL protocol validation
+    if (
+      !serverAddress.startsWith("http://") &&
+      !serverAddress.startsWith("https://")
+    ) {
+      setError("Server address must start with http:// or https://");
+      return;
+    }
+
     setSettings((s) => ({ ...s, address: serverAddress.replace(/\/$/, "") }));
     navigate("/signin");
   };
diff --git a/apps/mobile/app/signin.tsx b/apps/mobile/app/signin.tsx
index 31cb1e01..17a2158d 100644
--- a/apps/mobile/app/signin.tsx
+++ b/apps/mobile/app/signin.tsx
@@ -84,6 +84,19 @@ export default function Signin() {
   }
 
   const onSignin = () => {
+    if (!formState.serverAddress) {
+      setError("Server address is required");
+      return;
+    }
+
+    if (
+      !formState.serverAddress.startsWith("http://") &&
+      !formState.serverAddress.startsWith("https://")
+    ) {
+      setError("Server address must start with http:// or https://");
+      return;
+    }
+
     if (loginType === LoginType.Password) {
       const randStr = (Math.random() + 1).toString(36).substring(5);
       login({
-- 
cgit v1.2.3-70-g09d2