diff --git a/index.html b/index.html index c385abc..f238e2a 100644 --- a/index.html +++ b/index.html @@ -55,10 +55,10 @@

logo - Glowing Bear + Glowing Bear for local networks WeeChat web frontend

-
You're using Glowing Bear over an unencrypted connection (http://). This is not recommended! We recommend using our secure hosted version at https://www.glowing-bear.org/, or https://latest.glowing-bear.org for the latest development version. If your relay is on your local network, that is unfortunately impossible, but be aware of the implications.
+
You're using Glowing Bear over an unencrypted connection (http://). This is dangerous for relays outside your local network! You can only connect to localhost and IP addresses on this instance. We recommend using our secure hosted version at https://www.glowing-bear.org/ to connect to a remote WeeChat instance.
Connection error The client was unable to connect to the WeeChat relay
@@ -66,7 +66,7 @@ Secure connection error A secure connection with the WeeChat relay could not be initiated. This is most likely because your browser does not trust your relay's certificate. Please read the encryption instructions below!
- Secure connection error Unable to connect to unencrypted relay when you are connecting to Glowing Bear over HTTPS. Please use an encrypted relay or load the page without using HTTPS. + Secure connection error Cannot connect to unencrypted relay over the internet. Please use an encrypted relay. Only local IP addresses are permitted on insecure connections.
@@ -131,8 +131,13 @@
diff --git a/js/glowingbear.js b/js/glowingbear.js index 227f32d..2be64cd 100644 --- a/js/glowingbear.js +++ b/js/glowingbear.js @@ -651,6 +651,18 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout', $scope.connect = function() { + // check tls requirements + if ($scope.show_tls_warning) { + // adapted from https://stackoverflow.com/a/34529037/3793885, which + // is adapted from O'Reillys Regular Expressions Cookbook, 2nd Ed. + var ip_regex = /((^localhost$)|(^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?$))/; + if (!ip_regex.test(settings.host)) { + // refuse to connect + $rootScope.securityError = true; + return; + } + } + notifications.requestNotificationPermission(); $rootScope.sslError = false; $rootScope.securityError = false;