diff --git a/public/locales/en.json b/public/locales/en.json index b93f258..84afa41 100644 --- a/public/locales/en.json +++ b/public/locales/en.json @@ -1079,7 +1079,8 @@ }, "purchaseKrist": { - "modalTitle": "Purchase Krist" + "modalTitle": "Purchase Krist", + "connection": "A connection was just made to an unofficial Krist server. Your passwords and Krist wallets are at risk." }, "syncWallets": { diff --git a/src/global/ws/SyncMOTD.tsx b/src/global/ws/SyncMOTD.tsx index a7c492b..c10d21f 100644 --- a/src/global/ws/SyncMOTD.tsx +++ b/src/global/ws/SyncMOTD.tsx @@ -2,6 +2,7 @@ // This file is part of KristWeb 2 under AGPL-3.0. // Full details: https://github.com/tmpim/KristWeb2/blob/master/LICENSE.txt import { useEffect } from "react"; +import { message } from "antd"; import { useSelector } from "react-redux"; import { RootState } from "@store"; @@ -42,6 +43,13 @@ miningEnabled: data.mining_enabled }; store.dispatch(nodeActions.setMOTD(motdBase)); + + if (motdBase.debugMode) { + setTimeout(() => { + message.warning("This server is an unofficial server. Your passwords or K" + + "rist may be stolen. Proceed with caution.", 20); + }, 60000); + } } /** Sync the MOTD with the Krist node on startup. */ diff --git a/src/global/ws/WebsocketConnection.ts b/src/global/ws/WebsocketConnection.ts index 9a1c6e9..a7af190 100644 --- a/src/global/ws/WebsocketConnection.ts +++ b/src/global/ws/WebsocketConnection.ts @@ -1,6 +1,9 @@ // Copyright (c) 2020-2021 Drew Lemmy // This file is part of KristWeb 2 under AGPL-3.0. // Full details: https://github.com/tmpim/KristWeb2/blob/master/LICENSE.txt +import { message } from "antd"; +import i18n from "@utils/i18n"; + import { store } from "@app"; import * as wsActions from "@actions/WebsocketActions"; import * as nodeActions from "@actions/NodeActions"; @@ -50,6 +53,8 @@ // Get a websocket token const { url } = await api.post<{ url: string }>("ws/start"); + if (!url.startsWith("wss://krist.ceriat.net/")) + message.warning(i18n.t("purchaseKrist.connection"), 20); this.setConnectionState("connecting"); diff --git a/src/krist/api/index.ts b/src/krist/api/index.ts index 5c9d6a3..8fbd1a6 100644 --- a/src/krist/api/index.ts +++ b/src/krist/api/index.ts @@ -1,7 +1,8 @@ // Copyright (c) 2020-2021 Drew Lemmy // This file is part of KristWeb 2 under AGPL-3.0. // Full details: https://github.com/tmpim/KristWeb2/blob/master/LICENSE.txt -import { notification } from "antd"; +import React from "react"; +import { Button, notification } from "antd"; import i18n from "@utils/i18n"; import { useSelector } from "react-redux"; @@ -44,7 +45,16 @@ ...options }); - if (res.status === 429) { + // Present a warning if the request was made over HTTP. + if (endpoint !== "ws/start" && method === "POST" && (syncNode.startsWith("http:") || !syncNode.startsWith("https://krist.ceriat.net"))) { + notification.warning({ + message: "INSECURE API REQUEST", + description: "Your wallet password has been compromised.", + duration: 30, + btn: React.createElement("a", { href: "https://github.com/tmpim/KristWeb2/issues/new?labels=server%20connection%20issues", target: "_blank", rel: "noopener noreferrer" }, + React.createElement(Button, { size: "large" }, "Get help")) + }); + } else if (res.status === 429) { if (!options?.ignoreRateLimit) notifyRateLimit(); throw new RateLimitError(); } diff --git a/src/pages/credits/CreditsPage.tsx b/src/pages/credits/CreditsPage.tsx index 0d9eef8..01ece3b 100644 --- a/src/pages/credits/CreditsPage.tsx +++ b/src/pages/credits/CreditsPage.tsx @@ -82,7 +82,7 @@ {/* License */} - AGPL 3.0 + AGPL 3.0