def tracker(): if request.endpoint == "views.themes": return if authed(): track = Tracking.query.filter_by(ip=get_ip(), user_id=session["id"]).first() if not track: visit = Tracking(ip=get_ip(), user_id=session["id"]) db.session.add(visit) else: track.date = datetime.datetime.utcnow() try: db.session.commit() except (InvalidRequestError, IntegrityError): db.session.rollback() logout_user() if authed(): user = get_current_user() team = get_current_team() if request.path.startswith("/themes") is False: if user and user.banned: return ( render_template( "errors/403.html", error="You have been banned from this CTF", ), 403, ) if team and team.banned: return ( render_template( "errors/403.html", error="Your team has been banned from this CTF", ), 403, ) db.session.close()
def log(logger, format, **kwargs): logger = logging.getLogger(logger) props = { "id": session.get("id"), "name": session.get("name"), "email": session.get("email"), "type": session.get("type"), "date": time.strftime("%m/%d/%Y %X"), "ip": get_ip(), } props.update(kwargs) msg = format.format(**props) print(msg) logger.info(msg)
def fail(user, team, challenge, request): """ This method is used to insert Fails into the database in order to mark an answer incorrect. :param team: The Team object from the database :param chal: The Challenge object from the database :param request: The request the user submitted :return: """ data = request.form or request.get_json() submission = data["submission"].strip() wrong = Fails( user_id=user.id, team_id=team.id if team else None, challenge_id=challenge.id, ip=get_ip(request), provided=submission, ) db.session.add(wrong) db.session.commit() db.session.close()
def solve(user, team, challenge, request): """ This method is used to insert Solves into the database in order to mark a challenge as solved. :param team: The Team object from the database :param chal: The Challenge object from the database :param request: The request the user submitted :return: """ data = request.form or request.get_json() submission = data["submission"].strip() solve = Solves( user_id=user.id, team_id=team.id if team else None, challenge_id=challenge.id, ip=get_ip(req=request), provided=submission, ) db.session.add(solve) db.session.commit() db.session.close()
def ratelimit_function(*args, **kwargs): ip_address = current_user.get_ip() key = "{}:{}:{}".format(key_prefix, ip_address, request.endpoint) current = cache.get(key) if request.method == method: if ( current and int(current) > limit - 1 ): # -1 in order to align expected limit with the real value resp = jsonify({ "code": 429, "message": "Too many requests. Limit is %s requests in %s seconds" % (limit, interval), }) resp.status_code = 429 return resp else: if current is None: cache.set(key, 1, timeout=interval) else: cache.set(key, int(current) + 1, timeout=interval) return f(*args, **kwargs)