Self-hosted server host / url requirements

[gmaclennan]

Description

For a user to add an archive server (self-hosted server for syncing with CoMapeo over the internet), they need to enter a server address. This issue is to define what the requirements for the server address are. Proposal:

1. The address that the user enters does not need to include a protocol (e.g. https://)
2. If the user does enter a protocol, then it must be https://
3. Server address may include a port and a path.
4. For websocket connections, a server address with https:// should map to wss://, and http:// to ws://. Unencrypted protocols should only be allowed with dangerouslyAllowInsecureConnections.

Questions:

1. Should the backend or frontend be responsible for parsing the URL to check if it's valid? Maybe both?

[EvanHahn]

I basically agree.

The frontend should:

• add https:// as necessary
• validate that the URL it's sending to the backend is valid (see below)

The backend should:

• try to parse the URL with the URL constructor, failing if it cannot
• assert that the protocol is https: (unless dangerouslyAllowInsecureConnections is true)
• assert that the URL lacks authentication, a query string, or a hash

I wrote the frontend's URL normalization logic here: https://github.com/digidem/comapeo-mobile/pull/779