def get_challenges(): if not is_admin(): if not ctftime(): if view_after_ctf(): pass else: return [] if challenges_visible() and (ctf_started() or is_admin()): chals = db.session.query(Challenges.id, Challenges.name, Challenges.category).filter( or_(Challenges.state != 'hidden', Challenges.state is None)).all() jchals = [] for x in chals: jchals.append({ 'id': x.id, 'name': x.name, 'category': x.category }) # Sort into groups categories = set(map(lambda x: x['category'], jchals)) jchals = [ j for c in categories for j in jchals if j['category'] == c ] return jchals return []
def during_ctf_time_only_wrapper(*args, **kwargs): if ctftime() or current_user.is_admin(): return f(*args, **kwargs) else: if ctf_ended(): if view_after_ctf(): return f(*args, **kwargs) else: error = "{} has ended".format(config.ctf_name()) abort(403, description=error) if ctf_started() is False: error = "{} has not started yet".format(config.ctf_name()) abort(403, description=error)
def listing(): infos = get_infos() errors = get_errors() start = get_config("start") or 0 end = get_config("end") or 0 if ctf_paused(): infos.append("{} is paused".format(config.ctf_name())) # CTF has ended but we want to allow view_after_ctf. Show error but let JS load challenges. if ctf_ended() and view_after_ctf(): infos.append("{} has ended".format(config.ctf_name())) return render_template( "challenges.html", infos=infos, errors=errors, start=int(start), end=int(end) )
def listing(): infos = get_infos() errors = get_errors() start = get_config('start') or 0 end = get_config('end') or 0 if ctf_paused(): infos.append('{} is paused'.format(config.ctf_name())) if view_after_ctf(): infos.append('{} has ended'.format(config.ctf_name())) return render_template('challenges.html', infos=infos, errors=errors, start=int(start), end=int(end))
def static_html(route): """ Route in charge of routing users to Pages. :param route: :return: """ page = get_page(route) if page is None: if (ctftime() or current_user.is_admin() or (ctf_ended() and view_after_ctf())): filename = safe_join(app.root_path, "static", route) if os.path.isfile(filename): return send_file(filename) abort(404) else: if page.auth_required and authed() is False: return redirect(url_for("auth.login", next=request.full_path)) return render_template("page.html", content=markdown(page.content))
def files(path): """ Route in charge of dealing with making sure that CTF challenges are only accessible during the competition. :param path: :return: """ f = Files.query.filter_by(location=path).first_or_404() if f.type == "challenge": if challenges_visible(): if current_user.is_admin() is False: if not ctftime(): if ctf_ended() and view_after_ctf(): pass else: abort(403) else: if not ctftime(): abort(403) # Allow downloads if a valid token is provided token = request.args.get("token", "") try: data = unserialize(token, max_age=3600) user_id = data.get("user_id") team_id = data.get("team_id") file_id = data.get("file_id") user = Users.query.filter_by(id=user_id).first() team = Teams.query.filter_by(id=team_id).first() # Check user is admin if challenge_visibility is admins only if ( get_config(ConfigTypes.CHALLENGE_VISIBILITY) == "admins" and user.type != "admin" ): abort(403) # Check that the user exists and isn't banned if user: if user.banned: abort(403) else: abort(403) # Check that the team isn't banned if team: if team.banned: abort(403) else: pass # Check that the token properly refers to the file if file_id != f.id: abort(403) # The token isn't expired or broken except (BadTimeSignature, SignatureExpired, BadSignature): abort(403) uploader = get_uploader() try: return uploader.download(f.location) except IOError: abort(404)