# -----------------------------------------------------------
# Add Trusted Sites Script
# -----------------------------------------------------------

# List of URLs to add (supports Domains, IPs, and Wildcards)
$targetUrls = @(
    "https://www.google.com",       # Standard Domain
    "http://192.168.1.50",          # IP Address
    "https://10.0.0.1",             # IP Address (SSL)
    "https://*.example.com",        # Wildcard Domain
    "http://intranet-server"        # Local Hostname
)


# Zone ID for Trusted Sites (2 = Trusted Sites)
$zoneId = 2

# Registry Base Paths (Current User)
$basePathDomains = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
$basePathRanges  = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

Write-Host "Starting process..." -ForegroundColor Cyan

foreach ($url in $targetUrls) {
    try {
        # Parse URL (Separate Scheme from Host)
        # $Matches[1] = http or https, $Matches[2] = domain or IP
        if ($url -match "^(https?)://(.+)") {
            $scheme = $Matches[1] 
            $hostPart = $Matches[2] 

            # Simple Regex check for IPv4 Address format
            $isIpAddress = $hostPart -match "^\d{1,3}(\.\d{1,3}){3}$"

            if ($isIpAddress) {
                # --- Handle IP Address (Stored in 'Ranges' key) ---
                
                # Create a unique key name to avoid collisions (e.g., IP_192_168_1_50)
                $safeIpName = "IP_" + $hostPart.Replace(".", "_")
                $regKeyPath = Join-Path -Path $basePathRanges -ChildPath $safeIpName

                # Create Registry Key if it doesn't exist
                if (!(Test-Path $regKeyPath)) {
                    New-Item -Path $regKeyPath -Force | Out-Null
                }

                # Set the ":Range" value to the actual IP string
                New-ItemProperty -Path $regKeyPath -Name ":Range" -Value $hostPart -PropertyType String -Force | Out-Null
                
                # Set the Scheme (http/https) with the Zone ID
                New-ItemProperty -Path $regKeyPath -Name $scheme -Value $zoneId -PropertyType DWORD -Force | Out-Null

                Write-Host "[Added IP] $url" -ForegroundColor Yellow
            }
            else {
                # --- Handle Domain Name (Stored in 'Domains' key) ---
                
                # Construct the Registry Key Path using the domain name
                $regKeyPath = Join-Path -Path $basePathDomains -ChildPath $hostPart

                # Create Registry Key if it doesn't exist
                if (!(Test-Path $regKeyPath)) {
                    New-Item -Path $regKeyPath -Force | Out-Null
                }

                # Set the Scheme (http/https) with the Zone ID
                New-ItemProperty -Path $regKeyPath -Name $scheme -Value $zoneId -PropertyType DWORD -Force | Out-Null

                Write-Host "[Added Domain] $url" -ForegroundColor Green
            }
        }
        else {
            Write-Warning "Invalid Format (must include http/https): $url"
        }
    }
    catch {
        Write-Error "Error ($url): $($_.Exception.Message)"
    }
}

Write-Host "-----------------------------------------------------------"
Write-Host "Process completed. Please restart your browser to apply settings." -ForegroundColor Cyan