def resolve_challenge(self, info, **kwargs): validate_user_is_authenticated(info.context.user) if validate_user_is_staff(info.context.user): return Challenge.objects.get(pk=kwargs.get('id')) else: validate_active_event() return Challenge.objects.get(pk=kwargs.get('id'), hidden=False)
def resolve_challenges(self, info, **kwargs): validate_user_is_authenticated(info.context.user) if validate_user_is_staff(info.context.user): return Challenge.objects.all().order_by('points') else: return Challenge.objects.filter(category__hidden=False, hidden=False).order_by('points')
def mutate(self, info, challenge, flag): validate_user_is_authenticated(info.context.user) # If user is not staff validate there is an active event. if not validate_user_is_staff(info.context.user): validate_active_event() try: team = Profile.objects.get(user=info.context.user).team except: raise Exception('You must be on a team to submit flags') try: challenge = Challenge.objects.get(pk=challenge) except: raise Exception('Challenge not found') # Check if challenge has been solved by the team if team.solved.filter(challenge=challenge): raise Exception('Challenge already solved!') solved = False if challenge.flag.hashed: if challenge.flag.value == hashlib.sha256(flag.encode('utf-8')).hexdigest(): solved = True else: if challenge.flag.value == flag: solved = True if solved: solve = SolvedChallenge(team=team, user=info.context.user, challenge=challenge) solve.save() ''' Flag tracker ''' # print(info.context.META.get('HTTP_X_FORWARDED_FOR'), info.context.META.get('HTTP_X_REAL_IP'), info.context.META.get('HTTP_USER_AGENT')) try: flagtracker = FlagTracker(solve=solve, address=info.context.META.get('HTTP_X_REAL_IP'), agent=info.context.META.get('HTTP_USER_AGENT')) flagtracker.save() except: pass code=1 else: fail = Failure(team=team, user=info.context.user, challenge=challenge) fail.save() code=0 # if code == 1: # try: # # Send signal to scoreboard # channel_layer = channels.layers.get_channel_layer() # async_to_sync(channel_layer.group_send)("scoreboard", {"type": "scoreboard.update", "team": team.name, "points": team.points, "added": get_challenge.points, "time": solve.timestamp.strftime("%I:%M:%S")} ) # except: # pass return SubmitFlag(code=code)
def resolve_user(self, info, id=None): validate_user_is_admin(info.context.user) if validate_user_is_staff(info.context.user): if id: return User.objects.get(id=id) else: raise Exception('No user ID was provided') else: raise Exception('Not authorized to view query users')
def resolve_categories(self, info, first=None, skip=None, **kwargs): validate_user_is_authenticated(info.context.user) if validate_user_is_staff(info.context.user): categories = Category.objects.all() if skip is not None: categories = categories[skip:] if first is not None: categories = categories[:first] return categories else: validate_active_event() return Category.objects.filter(hidden=False)
def resolve_challenges(self, info, first=None, skip=None, **kwargs): validate_user_is_authenticated(info.context.user) if validate_user_is_staff(info.context.user): challenges = Challenge.objects.all().order_by('name') if skip is not None : challenges = challenges[skip:] if first is not None: challenges = challenges[:first] return challenges else: validate_active_event() return Challenge.objects.filter(category__hidden=False, hidden=False).order_by('points')
def resolve_team_name(self, info, **kwargs): validate_user_is_authenticated(info.context.user) if validate_user_is_staff(info.context.user): return Team.objects.get(name__iexact=kwargs.get('name')) else: if Event.objects.first() and Event.objects.first().private is True: team = Team.objects.get(name__iexact=kwargs.get('name')) if info.context.user.profile.team == team: return team else: raise Exception( "This event is being run in privacy mode. You are not allowed to query teams. If you are querying for your team please use the team query" ) else: return Team.objects.get(name__iexact=kwargs.get('name'))
def resolve_searchteam(self, info, **kwargs): validate_user_is_authenticated(info.context.user) if validate_user_is_staff(info.context.user): return Team.objects.filter( Q(name__contains=kwargs.get('query')) | Q(affiliation__contains=kwargs.get('query')) | Q(website__contains=kwargs.get('query'))) else: if Event.objects.first() and Event.objects.first().private is True: raise Exception( "This event is being run in privacy mode. You are not allowed to search teams." ) return Team.objects.filter(hidden=False).filter( Q(name__contains=kwargs.get('query')) | Q(affiliation__contains=kwargs.get('query')) | Q(website__contains=kwargs.get('query')))
def resolve_failures(self, info, first=None, skip=None, **kwargs): validate_user_is_authenticated(info.context.user) if validate_user_is_staff(info.context.user): failures = Failure.objects.all().order_by('-timestamp') else: if Event.objects.first() and Event.objects.first().private is True: raise Exception( "This event is being run in privacy mode. You are not allowed to query failures." ) else: failures = Failure.objects.all().order_by('-timestamp') if skip is not None: failures = failures[skip:] if first is not None: failures = failures[:first] return failures
def resolve_solves(self, info, first=None, skip=None, **kwargs): validate_user_is_authenticated(info.context.user) if validate_user_is_staff(info.context.user): solves = SolvedChallenge.objects.all().order_by('-timestamp') else: if Event.objects.first() and Event.objects.first().private is True: raise Exception( "This event is being run in privacy mode. You are not allowed to query solves. If you want to query your team solves please use the teamsolves query." ) else: solves = SolvedChallenge.objects.all().order_by('-timestamp') if skip is not None: solves = solves[skip:] if first is not None: solves = solves[:first] return solves
def resolve_users(self, info): validate_user_is_admin(info.context.user) if validate_user_is_staff(info.context.user): return User.objects.all() else: raise Exception('Not authorized to view query users')
def resolve_email(self, info): if validate_user_is_staff(info.context.user): return self.email else: raise Exception( 'Not authorized to view email information for users')
def resolve_last_login(self, info): if validate_user_is_staff(info.context.user): return self.last_login else: raise Exception('Not authorized to view last login information')
def resolve_is_active(self, info): if validate_user_is_staff(info.context.user): return self.is_active else: raise Exception('Not authorized to view active information')
def resolve_value(self, info): if validate_user_is_staff(info.context.user): return self.value else: raise Exception( 'Not authorized to view accesscode information for teams')
def resolve_categories(self, info, **kwargs): validate_user_is_authenticated(info.context.user) if validate_user_is_staff(info.context.user): return Category.objects.all() else: return Category.objects.filter(hidden=False)
def resolve_category(self, info, id=None, **kwargs): if validate_user_is_staff(info.context.user): return Category.objects.get(id=id) else: raise Exception("Bad permissions.")
def resolve_flag_tracker(self, info, **kwargs): if validate_user_is_staff(info.context.user): return FlagTracker.objects.all() else: raise Exception('Not authorized to view flag tracking information')
def resolve_categories_count(self, info, **kwargs): if validate_user_is_staff(info.context.user): return Category.objects.count() else: raise Exception("You are not authorized to view this information.")
def mutate(self, info, number=10): validate_user_is_authenticated(info.context.user) if not validate_user_is_staff(info.context.user): if Event.objects.first() and Event.objects.first().private is True: raise Exception( "This event is being run in privacy mode. You are not allowed to query teams." ) # Sort to get the top 5 by point value if validate_user_is_staff(info.context.user): teams = sorted(list(Team.objects.all()), key=lambda x: x.points, reverse=True)[:5] else: teams = sorted(list(Team.objects.filter(hidden=False)), key=lambda x: x.points, reverse=True)[:5] # Get all solved challenges from the top 5 teams. solved = SolvedChallenge.objects.filter( team__name__in=[team.name for team in teams]).order_by('timestamp') graph = [] for team in teams: graph.append({ 'label': team.name, 'data': [0], 'backgroundColor': '', 'borderColor': '', 'fill': 'false' }) colors = ['#FFD700', '#909497', '#A46628', '#3232CD', '#93C54B'] # Build colors for i, team in enumerate(graph): team['backgroundColor'] = colors[i] team['borderColor'] = colors[i] # Construct the data for solved timelinw for solve in solved: for team in graph: if team["label"] == solve.team.name: if team['data']: team['data'].append(team['data'][-1] + solve.challenge.points) else: team['data'].append(solve.challenge.points) else: if team['data']: team['data'].append(team['data'][-1]) else: team['data'].append(0) # Construct time for all solved challenges. timeline = [0] for solve in solved: utc = solve.timestamp.replace(tzinfo=pytz.UTC) localtz = utc.astimezone(timezone.get_current_timezone()) # "%m/%d %I:%M:%S" timeline.append(localtz.strftime("%I:%M:%S")) return Graph(json.dumps(timeline), json.dumps(graph))