Merge branch 'master' of https://www.github.com/failedxyz/easyctf

server/api/decorators.py

@@ -6,25 +6,14 @@ from flask import session
 
 class WebException(Exception): pass
 
-def login_required(f):
-    @wraps(f)
-    def decorated_function(*args, **kwargs):
-        return f(*args, **kwargs)
-    return decorated_function
-
 def admins_only(f):
     @wraps(f)
     def decorated_function(*args, **kwargs):
+        if "admin" not in session and not session["admin"]:
+            return { "success": 0, "message": "Not authorized." }
         return f(*args, **kwargs)
     return decorated_function
 
-def check_csrf(f):
-    @wraps(f)
-    @login_required
-    def wrapper(*args, **kwds):
-        return f(*args, **kwds)
-    return wrapper
-
 def api_wrapper(f):
     @wraps(f)
     def wrapper(*args, **kwds):

server/api/problem.py

@@ -4,7 +4,7 @@ from flask import Blueprint, session, request
 from flask import current_app as app
 
 from models import db, Problems, Solves, Teams
-from decorators import admins_only, api_wrapper, login_required
+from decorators import admins_only, api_wrapper
 
 blueprint = Blueprint("problem", __name__)
 
@@ -72,7 +72,6 @@ def problem_update():
 
 @blueprint.route("/submit", methods=["POST"])
 @api_wrapper
-@login_required
 def problem_submit():
     pid = request.form["pid"]
     flag = request.form["flag"]

server/api/user.py

@@ -59,7 +59,8 @@ def user_login():
 
     if utils.check_password(user.password, password):
         session["username"] = user.username
-        session["admin"] = user.admin
+        if user.admin:
+            session["admin"] = True
         session["logged_in"] = True
         return { "success": 1, "message": "Success!" }
     else:

web/js/admin/problem.js

@@ -0,0 +1,11 @@
+function add_problem(name, category, description, hint, flag, value) {
+    $.post("/api/problem/add", {
+        name: name,
+        category: category,
+        hint: hint,
+        flag: flag,
+        value: value
+    }, function(data) {
+
+    })
+}

web/js/easyctf.js

@@ -1,51 +1,60 @@
 var app = angular.module("easyctf", [ "ngRoute" ]);
 app.config(function($routeProvider, $locationProvider) {
-	$routeProvider.when("/", {
-		templateUrl: "pages/home.html",
-		controller: "mainController"
-	})
-	.when("/about", {
-		templateUrl: "pages/about.html",
-		controller: "mainController"
-	})
-	.when("/register", {
-		templateUrl: "pages/register.html",
-		controller: "mainController"
-	})
-	.when("/login", {
-		templateUrl: "pages/login.html",
-		controller: "mainController"
-	})
-	.when("/chat", {
-		templateUrl: "pages/chat.html",
-		controller: "mainController"
-	})
-	.when("/updates", {
-		templateUrl: "pages/updates.html",
-		controller: "mainController"
-	})
-	.when("/problems", {
-		templateUrl: "pages/problems.html",
-		controller: "mainController"
-	})
-	.when("/programming", {
-		templateUrl: "pages/programming.html",
-		controller: "mainController"
-	})
-	.when("/shell", {
-		templateUrl: "pages/shell.html",
-		controller: "mainController"
-	})
-	.when("/rules", {
-		templateUrl: "pages/rules.html",
-		controller: "mainController"
-	})
-	.when("/scoreboard", {
-		templateUrl: "pages/scoreboard.html",
-		controller: "mainController"
-	});
-	$locationProvider.html5Mode(true);
+    $routeProvider.when("/", {
+        templateUrl: "pages/home.html",
+        controller: "mainController"
+    })
+    .when("/about", {
+        templateUrl: "pages/about.html",
+        controller: "mainController"
+    })
+    .when("/register", {
+        templateUrl: "pages/register.html",
+        controller: "mainController"
+    })
+    .when("/login", {
+        templateUrl: "pages/login.html",
+        controller: "mainController"
+    })
+    .when("/chat", {
+        templateUrl: "pages/chat.html",
+        controller: "mainController"
+    })
+    .when("/updates", {
+        templateUrl: "pages/updates.html",
+        controller: "mainController"
+    })
+    .when("/problems", {
+        templateUrl: "pages/problems.html",
+        controller: "mainController"
+    })
+    .when("/programming", {
+        templateUrl: "pages/programming.html",
+        controller: "mainController"
+    })
+    .when("/shell", {
+        templateUrl: "pages/shell.html",
+        controller: "mainController"
+    })
+    .when("/rules", {
+        templateUrl: "pages/rules.html",
+        controller: "mainController"
+    })
+    .when("/scoreboard", {
+        templateUrl: "pages/scoreboard.html",
+        controller: "mainController"
+    });
+    $locationProvider.html5Mode(true);
 });
 app.controller("mainController", function($scope) {
 
 });
+
+function display_message(containerId, alertType, message, callback) {
+    $("#" + containerId).html('<div class="alert alert-' + alertType + '">' + message + '</div>');
+    $("#" + containerId).hide().slideDown("fast", "swing", function() {
+        window.setTimeout(function () {
+            $("#" + containerId).slideUp("fast", "swing", callback);
+        });
+    }, 2000);
+}

web/js/login.js

@@ -4,13 +4,16 @@ $("#login-form").on("submit", function(e) {
 });
 
 function login(email, password) {
+    $("#login").attr("disabled", "disabled");
     $.post("/api/user/login", {
         email: email,
         password: password
     }, function(data) {
-        $("#status").text(data.message);
         if (data.success == 1) {
+            display_message("status", "success", "Success!", function() {$("#login").removeAttr("disabled");});
             // wait then redirect or whatever
+        } else {
+            display_message("status", "danger", data.message, function() {$("#login").removeAttr("disabled");});
         }
     });
 }

web/js/register.js

@@ -4,6 +4,7 @@ $("#registration-form").on("submit", function(e) {
 });
 
 function register(name, username, password, password_confirm, email, captcha_response) {
+    $("#register").attr("disabled", "disabled");
     $.post("/api/user/register", {
         name: name,
         username: username,
@@ -14,8 +15,10 @@ function register(name, username, password, password_confirm, email, captcha_res
     }, function(data) {
         $("#status").text(data.message);
         if (data.success == 1) {
+            display_message("status", "success", "Success!", function() {$("#register").removeAttr("disabled")});
             // wait then redirect or whatever
         } else {
+            display_message("status", "danger", data.message, function() {$("#register").removeAttr("disabled")});
             grecaptcha.reset();
         }
     });

web/pages/login.html

@@ -4,7 +4,7 @@
 		<form id="login-form">
 			<input type="text" class="form-control" placeholder="Email" id="email">
 			<input type="password" id="password" name="password" placeholder="Password" class="form-control">
-			<input type="submit" class="btn btn-lg btn-success" value="Login">
+			<input id="login" type="submit" class="btn btn-lg btn-success" value="Login">
 		</form>
 	</div>
 	<div id="status"></div>

web/pages/register.html

@@ -51,14 +51,14 @@
 					<br>
 				</div>
 
-				<div id="status"></div>
 				<label>I have read and I agree to <a href="/rules" target="_blank">EasyCTF Rules</a>.</label>
 				<br>
 				<br>
 				<input class="style2" type="checkbox" class="form-control" value="didRead">
 				<br>
-				<input class="style3" type="submit" class="btn btn-lg btn-success" value="Register">
+				<input id="register" class="style3" type="submit" class="btn btn-lg btn-success" value="Register">
 			</div>
 		</form>
+		<div id="status"></div>
 	</div>
 </div>