def add_chal(): chal=Challenges.query.filter(Challenges.name==request.form.get('name')).first() if chal: return jsonify({ 'code':500, 'msg':'添加chal失败:用户名已存在', 'type':'fail' }) chalname=request.form.get('name') chaltype=request.form.get('type') dockername=request.form.get('dockername') score=request.form.get('score') Chal=Challenges(chalname,dockername,chaltype,score) Chal.command=request.form.get('command') Chal.flagcommand=request.form.get('flagcommand') Chal.desc=request.form.get('desc') db.session.add(Chal) db.session.commit() redis_store.hset('chals',Chal.id,json.dumps({ 'id': Chal.id, 'name': Chal.name, 'dockername': Chal.dockername, 'type': Chal.type, 'score': Chal.score, 'command': Chal.command, 'flagcommand': Chal.flagcommand, 'desc': Chal.desc })) return jsonify({ 'code':200, 'msg':'添加成功', 'type':'success' })
def load_to_redis(): chals=Challenges.query.all() teams=db.session.query(Teams).join(Origin).all() chals_dict={} teams_dict={} for chal in chals: chals_dict[chal.id]=json.dumps({ 'id': chal.id, 'name': chal.name, 'dockername': chal.dockername, 'type': chal.type, 'score': chal.score, 'command': chal.command, 'flagcommand': chal.flagcommand, 'desc': chal.desc }) if len(chals_dict): redis_store.hmset('chals',chals_dict) for team in teams: teams_dict[team.id]=json.dumps({ 'id': team.id, 'name': team.name, 'nickname': team.nickname, 'score': team.score, 'password': team.origin_pass[0].password, 'attackid':team.attackid, 'instances': [] }) if not redis_store.hget('attackpack',team.attackid): redis_store.hset('attackpack',team.attackid,team.id) if len(teams_dict): redis_store.hmset('teams',teams_dict)
def add_team(): teamtest = Teams.query.filter(Teams.name == request.form['name']).first() if teamtest: return jsonify({'code': 500, 'msg': "添加失败:用户已存在", 'type': "fail"}) md5 = hashlib.md5() md5.update(request.form['password']) pwd = md5.hexdigest() team = Teams(request.form['name'], pwd) team.nickname = request.form['nickname'] team.score = 10000 db.session.add(team) db.session.commit() origin_pass = Origin() origin_pass.password = request.form['password'] origin_pass.teamid = team.id db.session.add(origin_pass) db.session.commit() redis_store.hset( 'teams', team.id, json.dumps({ 'id': team.id, 'name': team.name, 'nickname': team.nickname, 'password': origin_pass.password, 'score': team.score, 'instances': [] })) return jsonify({'code': 200, 'msg': "添加成功", 'type': "success"})
def changeteam(): id = request.form['id'] team = Teams.query.join(Origin).filter(Teams.id == id).first() if not team: abort(404) team2 = Teams.query.filter(Teams.name == request.form['name']).first() if team2 and team2.id != team.id: return jsonify({'code': 500, 'msg': '添加失败:team已存在', 'type': 'fail'}) team_in_redis = json.loads(redis_store.hget('teams', team.id)) team.name = request.form['name'] md5 = hashlib.md5() md5.update(request.form['password']) pwd = md5.hexdigest() team.password = pwd team.score = team_in_redis['score'] origin_pass = team.origin_pass[0] origin_pass.password = request.form['password'] team.nickname = request.form['nickname'] db.session.commit() redis_store.hset( 'teams', team.id, json.dumps({ 'id': team.id, 'name': team.name, 'nickname': team.nickname, 'password': origin_pass.password, 'score': team_in_redis['score'], 'instances': team_in_redis['instances'] })) return jsonify({'code': 200, 'msg': '更改成功', 'type': 'success'})
def edit_chal(): chal = Challenges.query.filter(Challenges.id == request.form['id']).first() if not chal: return abort(404) chal2 = Challenges.query.filter( Challenges.name == request.form.get('name')).first() if chal2 and chal2.id != chal.id: return jsonify({'code': 500, 'msg': '编辑失败:chal已存在', 'type': 'fail'}) chalname = request.form.get('name') chaltype = request.form.get('type') dockername = request.form.get('dockername') score = request.form.get('score') chal.name = chalname chal.type = chaltype chal.dockername = dockername chal.score = score chal.command = request.form.get('command') chal.flagcommand = request.form.get('flagcommand') chal.desc = request.form.get('desc') db.session.commit() redis_store.hset( 'chals', chal.id, json.dumps({ 'id': chal.id, 'name': chal.name, 'dockername': chal.dockername, 'type': chal.type, 'score': chal.score, 'command': chal.command, 'flagcommand': chal.flagcommand, 'desc': chal.desc })) return jsonify({'code': 200, 'msg': '编辑成功', 'type': 'success'})
def team_list(): ans = [] result_in_json = {} teams_in_redis = redis_store.hgetall('teams') if not teams_in_redis: total = db.session.query(db.func.count(Teams.id)).scalar() if request.args.has_key('page'): page = int(request.args['page']) teams = db.session.query(Teams).join(Origin).limit(20).offset( (page - 1) * 20).all() else: teams = db.session.query(Teams).join(Origin).all() for team in teams: json_team = { 'id': team.id, 'name': team.name, 'nickname': team.nickname, 'score': team.score, 'password': team.origin_pass[0].password, 'attackid': team.attackid, 'instances': [] } if not redis_store.hget('attackpack', team.attackid): redis_store.hset('attackpack', team.attackid, team.id) ans.append({ 'id': team.id, 'name': team.name, 'nickname': team.nickname, 'score': team.score }) result_in_json[team.id] = json.dumps(json_team) redis_store.hmset('teams', result_in_json) else: total = len(teams_in_redis) if request.args.has_key('page') and request.args['page'] != '': page = int(request.args['page']) has_page = True else: has_page = False counter = 0 for teamid in teams_in_redis: if has_page and counter < (page - 1) * 20: counter += 1 continue team = json.loads(teams_in_redis[teamid]) ans.append({ 'id': team['id'], 'name': team['name'], 'nickname': team['nickname'], 'score': team['score'] }) if has_page and len(ans) == 20: break return jsonify({'total': total, 'users': ans})
def treatflag(): flag=request.args.get('flag') fr=request.args.get('from') #flag查询结果 result=redis_store.hget('flags',flag) #攻击方查询结果 attackerid=redis_store.hget('attackpack',fr) if not attackerid: return jsonify({"status":"fail"}) attack=redis_store.hget('teams',attackerid) if not result or not attack: return jsonify({"status":"fail"}) if redis_store.get(fr+flag): return jsonify({"status":"fail"}) #获取flag信息与攻击方信息 flagInfo=json.loads(result) attacker=json.loads(attack) if flagInfo['teamid']==attacker['id']: return jsonify({"status":"fail"}) #获取题目信息 chal=json.loads(redis_store.hget('chals',flagInfo['chalid'])) #获取被攻击队伍的信息 attacked=json.loads(redis_store.hget('teams',flagInfo['teamid'])) connect_queue=RedisQueue('flag_message') connect_queue.put(json.dumps({ 'command':'add', 'score':chal['score'], 'teamid':attacker['id'] })) connect_queue.put(json.dumps({ 'command':'sub', 'score':chal['score'], 'teamid':attacked['id'] })) ttl=redis_store.ttl('flags') redis_store.set(fr+flag,1) redis_store.expire(fr+flag,ttl) instance=json.loads(redis_store.hget('instances',flagInfo['instid'])) if instance['attack_status']=='stable': instance['attack_status']='attacked' elif instance['attack_status']=='down': instance['attack_status']='d/a' redis_store.hset('instances',flagInfo['instid'],json.dumps(instance)) #写回数据到redis中 redis_store.rpush('attack',json.dumps({ 'attacker':attacker['id'], 'attacked':attacked['id'], 'chal':chal['id'], 'time':str(datetime.datetime.utcnow()) })) return jsonify({'status':'success'})
def team_info(): team = json.loads(redis_store.hget('teams', session['user']['id'])) if not team: abort(404) if not redis_store.hget('attackpack', team['attackid']): redis_store.hset('attackpack', team['attackid'], team['id']) ans = { 'id': team['id'], 'name': team['name'], 'nickname': team['nickname'], 'score': team['score'], 'attackid': team['attackid'] } return jsonify({'user': ans})
def treatflag(): flag = request.args.get('flag') fr = request.args.get('from') #flag查询结果 result = redis_store.hget('flags', flag) #攻击方查询结果 attack = redis_store.hget('teams', fr) if not result or not attack: return jsonify({"status": "fail"}) if redis_store.get(fr + flag): return jsonify({"status": "fail"}) #获取flag信息与攻击方信息 flagInfo = json.loads(result) attacker = json.loads(attack) if flagInfo['teamid'] == attacker['id']: return jsonify({"status": "fail"}) #获取题目信息 chal = json.loads(redis_store.hget('chals', flagInfo['chalid'])) print chal #获取被攻击队伍的信息 attacked = json.loads(redis_store.hget('teams', flagInfo['teamid'])) print attacked, attacker #攻击方加分,被攻击方减分 attacker['score'] = attacker['score'] + chal['score'] attacked['score'] = attacked['score'] - chal['score'] print attacked, attacker ttl = redis_store.ttl('flags') redis_store.set(fr + flag, 1) redis_store.expire(fr + flag, ttl) #写回数据到redis中 redis_store.hset('teams', attacker['id'], json.dumps(attacker)) redis_store.hset('teams', attacked['id'], json.dumps(attacked)) redis_store.rpush( 'attack', json.dumps({ 'attacker': attacker['id'], 'attacked': attacked['id'], 'chal': chal['id'], 'time': str(datetime.datetime.utcnow()) })) return jsonify({'status': 'success'})
def team_edit(): team = Teams.query.filter(Teams.id == session['user']['id']).first() if not team: abort(403) md5 = hashlib.md5() md5.update(request.form.get('old_password')) pwd = md5.hexdigest() if team.password != pwd: return jsonify({'code': 403, 'msg': '密码错误'}) md5 = hashlib.md5() md5.update(request.form.get('password')) pwd = md5.hexdigest() team.name = request.form.get('name') team.nickname = request.form.get('nickname') team.password = pwd db.session.commit() team_in_redis = json.loads(redis_store.hget('teams', team.id)) team_in_redis['name'] = team.name team_in_redis['nickname'] = team.nickname redis_store.hset('teams', team.id, json.dumps(team_in_redis)) session['user']['name'] = team.name session['user']['nickname'] = team.nickname return jsonify({'code': 200, 'msg': '更改成功'})