0.8.1

- Disable registration function
- Added strikethrough, tables support to markdown
- Fixed some bugs

Author: Tkaixiang

README.md

@@ -12,9 +12,11 @@ Feel free to take a look at the screenshots below for a peek at what the platfor
 - **Announcements** with markdown support
 - **Markdown supported Challenge Descriptions** that allow you to add **code blocks with syntax highlighting, math** and more
 - **Writeup links** per challenge (along with the option to only release writeups after submitting the flag)
+- **Challenge Creator Role** so as to allow challenge authors to submit challenges without having full admin access
 - Links to each challenge so that individual challenges can be shared
 - Easy management of challenges and users
-- ReactJS Modern Design (lol)
+  - Disable registration, change permissions etc.
+- Juicy React-Spring transitions
 
 ## Screenshots
 

api/api.js

@@ -89,7 +89,7 @@ console.info('Initialization complete');
 MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 	useNewUrlParser: true,
 	useUnifiedTopology: true
-}).then(client => {
+}).then(async (client) => {
 	const db = client.db('ctf');
 	const collections = {
 		users: db.collection('users'),
@@ -101,6 +101,20 @@ MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 	};
 	console.info('MongoDB connected');
 
+	createCache = async () => {
+		try {
+			await collections.cache.insertOne({ announcements: 0, challenges: 0, registerDisable: false });
+			console.info("Cache created")
+		}
+		catch (err) {
+			errors(err);
+		}
+
+	}
+
+	let cache = await collections.cache.findOne(null, { projection: { _id: 0 } })
+	if (cache === null) await createCache()
+
 	async function checkPermissions(username) {
 		if (permissions.includes(username)) return permissions.username;
 		const type = (await collections.users.findOne({ username: username }, { projection: { type: 1, _id: 0 } }));
@@ -111,14 +125,55 @@ MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 		}
 	}
 
-	createCache = async () => {
-		await collections.cache.insertOne({ announcements: 0, challenges: 0 })
-		console.log('Cache created')
-		return 0;
-	}
+	app.get('/v1/account/disableCreate', async (req, res) => {
+		try {
+			if (req.headers.authorization == undefined) throw new Error('MissingToken');
+			const username = signer.unsign(req.headers.authorization);
+			if (await checkPermissions(username) < 2) throw new Error('Permissions');
+			res.send({
+				success: true,
+				state: (await collections.cache.findOne(null, { projection: { _id: 0, registerDisable: 1 } })).registerDisable
+			});
+		}
+		catch (err) {
+			errors(err, res);
+		}
+	});
+
+
+	app.post('/v1/account/disableCreate', async (req, res) => {
+		try {
+			if (req.headers.authorization == undefined) throw new Error('MissingToken');
+			const username = signer.unsign(req.headers.authorization);
+			if (await checkPermissions(username) < 2) throw new Error('Permissions');
+			if ((await collections.cache.updateOne({}, { "$set": { registerDisable: req.body.disable } })).matchedCount > 0) {
+				res.send({
+					success: true
+				});
+			}
+			else {
+				throw new Error('Unknown');
+			}
+
+		}
+		catch (err) {
+			errors(err, res);
+		}
+	});
 
 	app.post('/v1/account/create', async (req, res) => {
+
+		let admin = false
 		try {
+
+			if (req.headers.authorization !== undefined) {
+				const username = signer.unsign(req.headers.authorization);
+				if (await checkPermissions(username) >= 2) admin = true
+			}
+			if (!admin && ((await collections.cache.findOne(null, { projection: { _id: 0, registerDisable: 1 } })).registerDisable)) {
+				return res.send({ success: false, error: 'registration-disabled' })
+			}
+
 			if (!/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/.test(req.body.email)) throw new Error('BadEmail');
 			await collections.users.insertOne({
 				username: req.body.username.toLowerCase(),
@@ -349,7 +404,7 @@ MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 			const permissions = await checkPermissions(username);
 			if (permissions === false) throw new Error('BadToken');
 
-			let announcement = await collections.announcements.findOne({_id: MongoDB.ObjectID(req.params.id)}, { projection: { _id: 0} })
+			let announcement = await collections.announcements.findOne({ _id: MongoDB.ObjectID(req.params.id) }, { projection: { _id: 0 } })
 			if (announcement !== null) {
 				res.send({
 					success: true,
@@ -1043,7 +1098,7 @@ MongoDB.MongoClient.connect('mongodb://localhost:27017', {
 			if (await checkPermissions(signer.unsign(req.headers.authorization)) === false) throw new Error('BadToken');
 			const score = (await collections.users.findOne({ username: req.params.username }, { projection: { score: 1, type: 1, _id: 0 } }));
 			if (score === null) throw new Error('NotFound');
-			if (score.type === 2) return res.send({success: true, score: "hidden" })
+			if (score.type === 2) return res.send({ success: true, score: "hidden" })
 			res.send({
 				success: true,
 				score: score.score

client/README.md

@@ -4,20 +4,20 @@ This project was bootstrapped with [Create React App](https://github.com/faceboo
 
 In the project directory, you can run:
 
-### `yarn start`
+### `npm start`
 
 Runs the app in the development mode.<br />
 Open [http://localhost:3000](http://localhost:3000) to view it in the browser.
 
 The page will reload if you make edits.<br />
 You will also see any lint errors in the console.
 
-### `yarn test`
+### `npm test`
 
 Launches the test runner in the interactive watch mode.<br />
 See the section about [running tests](https://facebook.github.io/create-react-app/docs/running-tests) for more information.
 
-### `yarn build`
+### `npm build`
 
 Builds the app for production to the `build` folder.<br />
 It correctly bundles React in production mode and optimizes the build for the best performance.
@@ -27,7 +27,7 @@ Your app is ready to be deployed!
 
 See the section about [deployment](https://facebook.github.io/create-react-app/docs/deployment) for more information.
 
-### `yarn eject`
+### `npm eject`
 
 **Note: this is a one-way operation. Once you `eject`, you can’t go back!**
 
@@ -65,4 +65,4 @@ This section has moved here: https://facebook.github.io/create-react-app/docs/de
 
 ### `yarn build` fails to minify
 
-This section has moved here: https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify
+This section has moved here: https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify

client/package-lock.json

@@ -13,7 +13,6 @@
     "react": "^17.0.1",
     "react-dimensions": "^1.3.1",
     "react-dom": "^17.0.1",
-    "react-jsx-parser": "^1.28.1",
     "react-markdown": "^6.0.2",
     "react-mathjax": "^1.0.1",
     "react-router": "^5.2.0",

client/package.json

@@ -4,12 +4,17 @@
 }
 
 .buttonHover:hover {
-    background-color: #15395b
+    background-color: #15395b;
 }
 
 .ant-layout-sider {
     width: "10vw"!important;
-    min-width: "5vw"!important
+    min-width: "5vw"!important;
+}
+
+.challengeModal ul {
+    display: inline-block;
+    text-align: left;
 }
 
 @keyframes slideInFromLeft {

client/src/App.css

@@ -264,7 +264,7 @@ class App extends React.Component {
 
                       </Menu>
                       <div style={{ textAlign: "center", marginTop: "3ch", color: "#8c8c8c" }}>
-                        <p>Sieberrsec CTF Platform 0.8 <a href="https://github.com/IRS-Cybersec/ctf_platform" target="_blank">Contribute <GithubOutlined /></a></p>
+                        <p>Sieberrsec CTF Platform 0.8.1 <a href="https://github.com/IRS-Cybersec/ctf_platform" target="_blank">Contribute <GithubOutlined /></a></p>
                       </div>
                     </Sider>
 

client/src/App.js

@@ -5,6 +5,8 @@ import rehypeRaw from 'rehype-raw';
 import 'katex/dist/katex.min.css';
 import { Prism as SyntaxHighlighter } from 'react-syntax-highlighter';
 import { atomDark } from 'react-syntax-highlighter/dist/esm/styles/prism';
+import gfm from 'remark-gfm';
+
 
 function MarkdownRender(props) {
     const components = {
@@ -21,7 +23,7 @@ function MarkdownRender(props) {
     //rehypeRaw is to render HTML to support older challenge descriptions which were written in JSX
     //should be removed in the future
     return (
-        <ReactMarkdown remarkPlugins={[remarkMath]} rehypePlugins={[rehypeKatex, rehypeRaw]} components={components} children={props.children} />
+        <ReactMarkdown remarkPlugins={[remarkMath, gfm]} rehypePlugins={[rehypeKatex, rehypeRaw]} components={components} children={props.children} />
     );
 }
 

client/src/App.min.css

@@ -172,6 +172,7 @@ const CreateChallengeForm = (props) => {
                 type="inner"
                 bordered={true}
                 bodyStyle={{ backgroundColor: "#262626", textAlign: "center" }}
+                className="challengeModal"
             >
                 <MarkdownRender>{editorValue}</MarkdownRender>
             </Card>
@@ -505,6 +506,7 @@ class AdminChallengeCreate extends React.Component {
                     visible={this.state.previewModal}
                     footer={null}
                     bodyStyle={{ textAlign: "center" }}
+                    className="challengeModal"
                     onCancel={() => { this.setState({ previewModal: false }) }}
                 >
                     <Tabs defaultActiveKey="challenge">