Merge pull request #59 from abs0lut3pwn4g3/challenges-dev

merge "challenges-dev" into "gssoc20-dev"
abs0lut3pwn4g3 · Apr 30, 2020 · 5bfa08b · 5bfa08b
2 parents 1405748 + c77dcfa
commit 5bfa08b
Show file tree

Hide file tree

Showing 53 changed files with 2,043 additions and 787 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -19,9 +19,9 @@ before_install:
 
 install: 
   - "pip install -r src/requirements.txt"
-  - "python src/create_db.py"
+  - "python src/create_db.test.py"
 
 before_script:
   - black . --check
 script:
-  - flake8 . --count --max-line-length=88 --show-source --statistics
+  - flake8 . --count --max-line-length=88 --show-source --statistics
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -43,7 +43,7 @@ $ black .
 ```
 
 ```bash
-$ flake8 src/ ---max-line-length=88 --show-source --statistics
+$ flake8 src/ --max-line-length=88 --show-source --statistics
 ```
 
 if flake8 shows any errors or warnings, please fix the changes in a new commit and squash all the commits into one before submitting the PR.

diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,28 @@
-FROM python:3
+FROM python:3.8.2-alpine3.11
 
+MAINTAINER [email protected]
+
+# Env
+RUN export DATABASE_URL="postgres://${DB_USER}:${DB_PASSWORD}@postgres:${DB_PORT}/${DB_NAME}" \
+    && export REDIS_URL="redis://redis:6379/0"
+
+# update and install packages
+RUN apk update \
+    && apk add libpq postgresql-dev \
+    && apk add build-base \
+    && apk add --no-cache git libssl1.1 g++ make libffi-dev
+
+# Add a new low-privileged user
+RUN adduser --shell /sbin/login www-data -DH
+
+# Install RTB-CTF-Framework
 WORKDIR /usr/src/app
 COPY src ./
-RUN pip install --no-cache-dir -r requirements.txt
-EXPOSE 8080
-RUN chown -R 1001:1001 .
-USER 1001
+RUN pip install --no-cache-dir -r requirements.txt \
+    && chown -R www-data ./
+
+USER www-data
+
+EXPOSE 8000
 RUN chmod +x /usr/src/app/docker-entrypoint.sh
 ENTRYPOINT [ "/usr/src/app/docker-entrypoint.sh" ]
diff --git a/README.md b/README.md
@@ -10,9 +10,9 @@
   <a href="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework" target="_blank">
     <img alt="Build Status" src="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework.svg?branch=gssoc20-dev"/>
   </a>
-  <!-- <a href="https://lgtm.com/projects/g/abs0lut3pwn4g3/RTB-CTF-Framework/context:python">
+  <a href="https://lgtm.com/projects/g/abs0lut3pwn4g3/RTB-CTF-Framework/context:python">
   	<img alt="Language grade: Python" src="https://img.shields.io/lgtm/grade/python/g/abs0lut3pwn4g3/RTB-CTF-Framework.svg?logo=lgtm&logoWidth=18"/>
-  </a> -->
+  </a>
   <a href="https://github.com/psf/black" target="_blank">
     <img alt="Code style: black" src="https://img.shields.io/badge/code%20style-black-000000.svg"/>
   </a>
@@ -30,50 +30,34 @@ The main purpose of this project is to serve as a scoring engine and CTF manager
 
 ## Features
 
-##### For CTF hosters
-* A page to show relevant details about the machine such as name, IP, OS, points and difficulty level. 
+* Machines listing name, IP, OS, points and difficulty level.
+* Challenges listing with title, description, URL, points.
+* Totally configurable settings such running time, organization details, CTF name.
 * Automatic strong password for administrator
 * Well implemented controls for administrators providing features such as issuing notifications, database CRUD operations, full fledged logging,
 * Simple User Registration/login process, account management, Forgot password functionalities,
 * Flag submission (currently 2 flags: user and root),
 * Real time scoreboard tracking,
+* Efficient caching so it's fast
 * Easily deployable on Heroku. 
 
-##### For Developers & Contributors
-* Flask-blueprints for modularity and clean codebase,
-* Flask-admin for Admin views and easy realtime management,
-* Flask-SQLAlchemy for SQL models, 
-* Flask-login for session handling,
-* Flask-wtf for responsive forms,
-* Flask-mail for mail service,
-* Flask-bcrypt for password hashing and security,
-
 ## Build locally
 
 Please see [INSTALLATION.md](INSTALLATION.md).
 
-## Host Your Own CTF In 5 minutes with Heroku
-
-Using this is as simple as anything.
-
-1. Fork the `master` branch and clone your fork,
-
-```bash
-$ git clone https://github.com/<your_github_username>/RTB-CTF-Framework
-$ cd RTB-CTF-Framework/
-```
-
-2. Configure your CTF settings (such as name, running time) in [`config.py`](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/blob/master/src/FlaskRTBCTF/config.py).
+## Host Your Own CTF in a minute with Heroku
 
-3. In the `app.json`, change the `repository` key's value to match your fork's URL.
+1. Sign up on [Heroku](https://heroku.com), if you haven't already and click on the below "Deploy to Heroku" button.
 
-4. Push these changes to the remote of your fork.
+    [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
 
-5. Visit your Fork's GitHub URL in the browser and click on the following **Deploy to Heroku** button.
+2. Give your application an awesome name and _optionally_ specify mail environment variables.
 
     > Note: A psuedo-random password for the **admin** user would be created and set in the config variable `ADMIN_PASS`. On Heroku, you can reveal this password from your application's dashboard settings. Same for the Flask application's `SECRET_KEY`.
 
-    [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
+3. Open your newly deployed application in the browser, you'll be redirected to login as the `admin` user and do so.
+
+4. Finally, you'll want to `/setup` the CTF Settings and,
 
 #### Yay! Now you have a customized instance of the RTB-CTF-Framework live on Heroku. 🎉
 
@@ -104,11 +88,6 @@ $ cd RTB-CTF-Framework/
 
 For further guidelines, Please refer to [CONTRIBUTING.md](CONTRIBUTING.md)
 
-## Screenshots
-
-> Why look at static pictures, when you can use a demo ? Visit: <https://rtblivedemo.herokuapp.com/>.
-
-<img src="screenshots/home_ss.png" width=400 />
-<img src="screenshots/scoreboard_ss.png" width=400 />
-<img src="screenshots/machine_ss.png" width=400 />
+## Live Demo
 
+** Live Demo: <https://rtblivedemo.herokuapp.com/> (login with `admin:admin`)
diff --git a/app.json b/app.json
@@ -5,6 +5,9 @@
   "addons": [
     {
       "plan": "heroku-postgresql"
+    },
+    {
+      "plan": "heroku-redis"
     }
   ],
   "buildpacks": [
@@ -20,6 +23,17 @@
     "ADMIN_PASS": {
       "description": "Administrator password",
       "generator": "secret"
+    },
+    "ADMIN_EMAIL": {
+      "description": "Administrator email"
+    },
+    "MAIL_USER": {
+      "description": "Username for mail service",
+      "required": false
+    },
+    "MAIL_PASS": {
+      "description": "Password for mail service",
+      "required": false
     }
   },
   "scripts": {

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,8 +1,55 @@
 version: "3"
 
 services:
-  rtbd:
+  rtbctf:
     build: .
+    container_name: rtb_gunicorn
+    restart: unless-stopped
     ports:
-      - 80:8080
-    restart: unless-stopped
+      - "80:8000"
+    expose:
+      - 8000
+    environment:
+      - DEBUG=False
+      - SECRET_KEY=changeme
+      - DB_USER=eshaan
+      - DB_PASSWORD=eshaan
+      - DB_NAME=rtbctf
+      - DB_PORT=5432
+      - WORKERS=8
+      - ADMIN_PASS=admin
+    depends_on:
+      - postgres
+      - redis
+
+  postgres:
+    image: library/postgres:12.1-alpine
+    container_name: rtb_postgres
+    restart: unless-stopped
+    expose:
+      - "5432"
+    environment:
+      - POSTGRES_USER=eshaan
+      - POSTGRES_PASSWORD=eshaan
+      - POSTGRES_DB=rtbctf
+
+  redis:
+    image: redis:6.0-rc4-alpine
+    container_name: rtb_redis
+    restart: unless-stopped
+    expose:
+      - "6379"
+
+
+  # nginx:
+  #   image: library/nginx:1.16.1-alpine
+  #   container_name: rtb_nginx
+  #   restart: unless-stopped
+  #   hostname: nginx
+  #   volumes:
+  #     - ./rtb_nginx_http:/etc/nginx/conf.d/default.conf
+  #   ports:
+  #     - "80:80"
+  #     - "443:443"
+  #   depends_on:
+  #     - rtbctf
diff --git a/rtb_nginx_http b/rtb_nginx_http
@@ -0,0 +1,16 @@
+# the upstream component nginx needs to connect to
+upstream flask {
+    server rtbctf:8000 fail_timeout=30s;
+}
+
+
+server {
+    listen 80;
+
+    server_name rtbctf.com;
+
+    location / {
+        proxy_pass http://localhost:8000/
+   }
+
+}
diff --git a/screenshots/home_ss.png b/screenshots/home_ss.png
diff --git a/screenshots/machine_ss.png b/screenshots/machine_ss.png
diff --git a/screenshots/scoreboard_ss.png b/screenshots/scoreboard_ss.png
diff --git a/src/FlaskRTBCTF/.gitignore b/src/FlaskRTBCTF/.gitignore
diff --git a/src/FlaskRTBCTF/__init__.py b/src/FlaskRTBCTF/__init__.py
@@ -1,55 +1,42 @@
-from flask import Flask
-from flask_sqlalchemy import SQLAlchemy
-from flask_bcrypt import Bcrypt
-from flask_login import LoginManager
-from flask_admin import Admin
-from flask_mail import Mail
-from FlaskRTBCTF.config import Config, LOGGING
 import os
 
-db = SQLAlchemy()
-bcrypt = Bcrypt()
-login_manager = LoginManager()
-admin_manager = Admin()
-login_manager.login_view = "users.login"
-login_manager.login_message_category = "info"
-mail = Mail()
+from flask import Flask
+
+from FlaskRTBCTF.config import Config
+from FlaskRTBCTF.utils import (
+    db,
+    bcrypt,
+    cache,
+    login_manager,
+    admin_manager,
+    mail,
+    inject_app_context,
+)
+from FlaskRTBCTF.users.routes import users
+from FlaskRTBCTF.ctf.routes import ctf
+from FlaskRTBCTF.main.routes import main
+
+
+_blueprints = (users, ctf, main)
+
+_extensions = (db, bcrypt, cache, login_manager, admin_manager, mail)
 
 
 def create_app(config_class=Config):
     app = Flask(__name__)
     app.config.from_object(Config)
+    app.context_processor(inject_app_context)
+
+    for _ext in _extensions:
+        _ext.init_app(app)
 
-    db.init_app(app)
-    bcrypt.init_app(app)
-    login_manager.init_app(app)
-    admin_manager.init_app(app)
-    # Add model views
-    from FlaskRTBCTF.admin.views import MyModelView
-    from FlaskRTBCTF.models import User, Score, Notification, Machine
-
-    if LOGGING:
-        from FlaskRTBCTF.models import Logs
-    admin_manager.add_view(MyModelView(User, db.session))
-    admin_manager.add_view(MyModelView(Score, db.session))
-    admin_manager.add_view(MyModelView(Notification, db.session))
-    admin_manager.add_view(MyModelView(Machine, db.session))
-    if LOGGING:
-        admin_manager.add_view(MyModelView(Logs, db.session))
-    mail.init_app(app)
-
-    from flask_sslify import SSLify
+    for _bp in _blueprints:
+        app.register_blueprint(_bp)
 
     # only trigger SSLify if the app is running on Heroku
     if "DYNO" in os.environ:
-        _ = SSLify(app)
+        from flask_sslify import SSLify
 
-    from FlaskRTBCTF.users.routes import users
-    from FlaskRTBCTF.ctf.routes import ctf
-    from FlaskRTBCTF.main.routes import main
-
-    app.register_blueprint(users)
-    app.register_blueprint(ctf)
-    app.register_blueprint(main)
+        _ = SSLify(app)
 
     return app
-Original file line number
+Diff line change
@@ Expand Up / @@ -43,7 +43,7 @@ $ black . @@
     ```
     ```bash
-    $ flake8 src/ ---max-line-length=88 --show-source --statistics
+    $ flake8 src/ --max-line-length=88 --show-source --statistics
     ```
     if flake8 shows any errors or warnings, please fix the changes in a new commit and squash all the commits into one before submitting the PR.
@@ Expand Down @@