def get_challenges():
if not is_admin():
if not ctftime():
if view_after_ctf():
pass
else:
return []
if challenges_visible() and (ctf_started() or is_admin()):
chals = db.session.query(Challenges.id, Challenges.name,
Challenges.category).filter(
or_(Challenges.state != 'hidden',
Challenges.state is None)).all()
jchals = []
for x in chals:
jchals.append({
'id': x.id,
'name': x.name,
'category': x.category
})
# Sort into groups
categories = set(map(lambda x: x['category'], jchals))
jchals = [
j for c in categories for j in jchals if j['category'] == c
]
return jchals
return []
def during_ctf_time_only_wrapper(*args, **kwargs):
if ctftime() or current_user.is_admin():
return f(*args, **kwargs)
else:
if ctf_ended():
if view_after_ctf():
return f(*args, **kwargs)
else:
error = "{} has ended".format(config.ctf_name())
abort(403, description=error)
if ctf_started() is False:
error = "{} has not started yet".format(config.ctf_name())
abort(403, description=error)
def listing():
infos = get_infos()
errors = get_errors()
start = get_config("start") or 0
end = get_config("end") or 0
if ctf_paused():
infos.append("{} is paused".format(config.ctf_name()))
# CTF has ended but we want to allow view_after_ctf. Show error but let JS load challenges.
if ctf_ended() and view_after_ctf():
infos.append("{} has ended".format(config.ctf_name()))
return render_template(
"challenges.html", infos=infos, errors=errors, start=int(start), end=int(end)
)
def listing():
infos = get_infos()
errors = get_errors()
start = get_config('start') or 0
end = get_config('end') or 0
if ctf_paused():
infos.append('{} is paused'.format(config.ctf_name()))
if view_after_ctf():
infos.append('{} has ended'.format(config.ctf_name()))
return render_template('challenges.html',
infos=infos,
errors=errors,
start=int(start),
end=int(end))
def static_html(route):
"""
Route in charge of routing users to Pages.
:param route:
:return:
"""
page = get_page(route)
if page is None:
if (ctftime() or current_user.is_admin()
or (ctf_ended() and view_after_ctf())):
filename = safe_join(app.root_path, "static", route)
if os.path.isfile(filename):
return send_file(filename)
abort(404)
else:
if page.auth_required and authed() is False:
return redirect(url_for("auth.login", next=request.full_path))
return render_template("page.html", content=markdown(page.content))
def files(path):
"""
Route in charge of dealing with making sure that CTF challenges are only accessible during the competition.
:param path:
:return:
"""
f = Files.query.filter_by(location=path).first_or_404()
if f.type == "challenge":
if challenges_visible():
if current_user.is_admin() is False:
if not ctftime():
if ctf_ended() and view_after_ctf():
pass
else:
abort(403)
else:
if not ctftime():
abort(403)
# Allow downloads if a valid token is provided
token = request.args.get("token", "")
try:
data = unserialize(token, max_age=3600)
user_id = data.get("user_id")
team_id = data.get("team_id")
file_id = data.get("file_id")
user = Users.query.filter_by(id=user_id).first()
team = Teams.query.filter_by(id=team_id).first()
# Check user is admin if challenge_visibility is admins only
if (
get_config(ConfigTypes.CHALLENGE_VISIBILITY) == "admins"
and user.type != "admin"
):
abort(403)
# Check that the user exists and isn't banned
if user:
if user.banned:
abort(403)
else:
abort(403)
# Check that the team isn't banned
if team:
if team.banned:
abort(403)
else:
pass
# Check that the token properly refers to the file
if file_id != f.id:
abort(403)
# The token isn't expired or broken
except (BadTimeSignature, SignatureExpired, BadSignature):
abort(403)
uploader = get_uploader()
try:
return uploader.download(f.location)
except IOError:
abort(404)
