Web app: validate server URLs

[cmeis]

As in issue #193 for the Android app, the web app doesn't do any validation on the server url for user accounts (apart from it having to be at least one character long ;-) ). See screenshot:

Needs proper input validation for the URL.

[binwiederhier]

Indeed. 😱

Good catch.

[binwiederhier]

There isn't really much validation I can do apart from just checking that it starts with https?:// -- If I was gonna get fancy, I could make an endpoint to check that the server is a valid ntfy server, but that's not really worth it, so I think I'll stick with the http/s-chekc

[cmeis]

Well you could validate the host a bit more, like: - is it a valid IPv4/IPv6 address? - is it a syntactically correct FQDN? Perhaps something like https://www.npmjs.com/package/is-valid-hostname

[binwiederhier]

is-valid-hostname reminded me of the left-pad debacle. I generally try to keep dependencies out as much as possible (though that's hard to do in the JS world). But hostname checking doesn't have to be that strict. If it's wrong, stuff will not work and you'll fix it. :-D

I think I'm alright with just checking for http://..

[cmeis]

Tell me about dependency hell..... I'm fine with fixing my own sh*t 😉

[binwiederhier]

This is done and will be in the next release. Just basic URL validation