Force console https

Author: tgmstudios

backend/managers/openstack.js

@@ -453,6 +453,20 @@ async function restartInstance(provider, instance, hard = false) {
   }
 }
 
+/**
+ * Force HTTPS for console URLs to prevent mixed content errors
+ */
+function forceHttpsForConsoleUrl(url, consoleType) {
+  if (!url) return url;
+  
+  // Force HTTPS for VNC/NoVNC URLs to prevent mixed content errors
+  if ((consoleType.toUpperCase() === 'VNC' || consoleType.toUpperCase() === 'NOVNC') && url.startsWith('http://')) {
+    url = url.replace('http://', 'https://');
+  }
+  
+  return url;
+}
+
 /**
  * Get console URL for instance
  */
@@ -494,6 +508,9 @@ async function getConsoleUrl(provider, instance, consoleType = 'NOVNC') {
 
     let consoleUrl = response.remote_console?.url;
 
+    // Force HTTPS for VNC URLs to prevent mixed content errors
+    consoleUrl = forceHttpsForConsoleUrl(consoleUrl, consoleType);
+    
     // Add auto-scaling to NoVNC URLs like compsole does
     if ((consoleType.toUpperCase() === 'VNC' || consoleType.toUpperCase() === 'NOVNC') && consoleUrl && !consoleUrl.includes('scale=true')) {
       consoleUrl += '&scale=true';
@@ -547,6 +564,9 @@ async function getConsoleUrlForProject(provider, projectName, instance, consoleT
 
     let consoleUrl = response.remote_console?.url;
 
+    // Force HTTPS for VNC URLs to prevent mixed content errors
+    consoleUrl = forceHttpsForConsoleUrl(consoleUrl, consoleType);
+    
     // Add auto-scaling to NoVNC URLs like compsole does
     if ((consoleType.toUpperCase() === 'VNC' || consoleType.toUpperCase() === 'NOVNC') && consoleUrl && !consoleUrl.includes('scale=true')) {
       consoleUrl += '&scale=true';

backend/routes/admin.js

@@ -117,17 +117,19 @@ const { v4: uuidv4 } = require('uuid');
  *           type: boolean
  *           description: Whether the workshop is currently locked
  *         nextAction:
- *           type: object
- *           nullable: true
- *           properties:
- *             type:
- *               type: string
- *               enum: [lock, unlock]
- *               description: Type of next action
- *             at:
- *               type: string
- *               format: date-time
- *               description: When the next action will occur
+ *           oneOf:
+ *             - type: object
+ *               properties:
+ *                 type:
+ *                   type: string
+ *                   enum: [lock, unlock]
+ *                   description: Type of next action
+ *                 at:
+ *                   type: string
+ *                   format: date-time
+ *                   description: When the next action will occur
+ *               required: [type, at]
+ *             - type: "null"
  */
 
 /**
@@ -979,17 +981,19 @@ router.post('/workshops/:id/unlock', authenticateToken, requireAdmin, async (req
  *                         type: boolean
  *                         description: Whether the workshop is currently locked
  *                       nextAction:
- *                         type: object
- *                         nullable: true
- *                         properties:
- *                           type:
- *                             type: string
- *                             enum: [lock, unlock]
- *                             description: Type of next action
- *                           at:
- *                             type: string
- *                             format: date-time
- *                             description: When the next action will occur
+ *                         oneOf:
+ *                           - type: object
+ *                             properties:
+ *                               type:
+ *                                 type: string
+ *                                 enum: [lock, unlock]
+ *                                 description: Type of next action
+ *                               at:
+ *                                 type: string
+ *                                 format: date-time
+ *                                 description: When the next action will occur
+ *                             required: [type, at]
+ *                           - type: "null"
  *       500:
  *         description: Internal server error
  *         content:
@@ -1070,7 +1074,6 @@ router.get('/lockouts', authenticateToken, requireAdmin, async (req, res) => {
  * /api/admin/logs/cleanup:
  *   post:
  *     summary: Clean up old logs
- *     description: Deletes logs older than a specified number of days (default: 7 days)
  *     tags: [Admin]
  *     security:
  *       - BearerAuth: []

frontend/index.html

@@ -4,6 +4,7 @@
     <meta charset="UTF-8">
     <link rel="icon" href="/icon.png">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
     <title>Wiretap - CCSO Competition Platform</title>
     <meta name="description" content="Wiretap is the CCSO Competition Platform. It is a platform for the CCSO to manage their competitions and instances.">
     <!-- Runtime environment configuration -->

frontend/src/views/Console.vue

@@ -176,12 +176,14 @@
         >
           <!-- VNC Console iframe -->
           <iframe
-            v-if="consoleUrl"
-            :src="consoleUrl"
+            v-if="secureConsoleUrl"
+            :src="secureConsoleUrl"
             class="w-full h-full border-0"
             allowfullscreen
             frameborder="0"
             scrolling="no"
+            sandbox="allow-scripts allow-same-origin allow-forms allow-popups allow-modals"
+            referrerpolicy="no-referrer"
           ></iframe>
           <div v-else class="w-full h-full flex items-center justify-center text-green-400 font-mono text-sm">
             <div class="text-center">
@@ -336,6 +338,18 @@ export default {
       type: 'success'
     })
 
+    // Ensure console URL is always HTTPS to prevent mixed content errors
+    const secureConsoleUrl = computed(() => {
+      if (!consoleUrl.value) return ''
+      
+      // Force HTTPS for VNC console URLs to prevent mixed content errors
+      if (consoleUrl.value.startsWith('http://')) {
+        return consoleUrl.value.replace('http://', 'https://')
+      }
+      
+      return consoleUrl.value
+    })
+
     const isLocked = computed(() => {
       if (user.value?.role === 'ADMIN' || user.value?.role === 'admin') return false
       return instance.value?.locked || false
@@ -612,6 +626,7 @@ export default {
       isRebootMenuOpen,
       consoleContainer,
       consoleUrl,
+      secureConsoleUrl,
       isLocked,
       canShowConsole,
       isFullscreenRoute,