feat: scaffold security modules and TLS foundation

2025-10-26 23:41:58 -06:00 · 2025-10-17 16:52:40 -06:00
parent fb09817288
commit f2722a75af
14 changed files with 966 additions and 5 deletions
--- a/Data/Server/WebUI/vite.config.mts
+++ b/Data/Server/WebUI/vite.config.mts
@@ -2,6 +2,20 @@
 import { defineConfig } from 'vite';
 import react from '@vitejs/plugin-react';
 import path from 'path';
+import fs from 'fs';
+
+const defaultCert = path.resolve(__dirname, '../certs/borealis-server-cert.pem');
+const defaultKey = path.resolve(__dirname, '../certs/borealis-server-key.pem');
+
+const certPath = process.env.BOREALIS_TLS_CERT ?? defaultCert;
+const keyPath = process.env.BOREALIS_TLS_KEY ?? defaultKey;
+
+const httpsOptions = fs.existsSync(certPath) && fs.existsSync(keyPath)
+  ? {
+      cert: fs.readFileSync(certPath),
+      key: fs.readFileSync(keyPath),
+    }
+  : undefined;

 export default defineConfig({
  plugins: [react()],
@@ -12,13 +26,20 @@ export default defineConfig({
    // Allow LAN/IP access during dev (so other devices can reach Vite)
    // If you want to restrict, replace `true` with an explicit allowlist.
    allowedHosts: true,
+    https: httpsOptions,
    proxy: {
-      // Ensure cookies/headers are forwarded correctly to Flask
+      // Ensure cookies/headers are forwarded correctly to Flask over TLS
      '/api': {
-        target: 'http://127.0.0.1:5000',
+        target: 'https://127.0.0.1:5000',
        changeOrigin: true,
+        secure: false,
      },
-      '/socket.io': { target:'ws://127.0.0.1:5000', ws:true, changeOrigin: true }
+      '/socket.io': {
+        target: 'wss://127.0.0.1:5000',
+        ws: true,
+        changeOrigin: true,
+        secure: false,
+      }
    }
  },
  build: {