This commit is contained in:
Thomas 2016-01-02 12:45:47 -06:00
commit d47f6274d9
9 changed files with 80 additions and 65 deletions

View file

@ -6,25 +6,14 @@ from flask import session
class WebException(Exception): pass class WebException(Exception): pass
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
return f(*args, **kwargs)
return decorated_function
def admins_only(f): def admins_only(f):
@wraps(f) @wraps(f)
def decorated_function(*args, **kwargs): def decorated_function(*args, **kwargs):
if "admin" not in session and not session["admin"]:
return { "success": 0, "message": "Not authorized." }
return f(*args, **kwargs) return f(*args, **kwargs)
return decorated_function return decorated_function
def check_csrf(f):
@wraps(f)
@login_required
def wrapper(*args, **kwds):
return f(*args, **kwds)
return wrapper
def api_wrapper(f): def api_wrapper(f):
@wraps(f) @wraps(f)
def wrapper(*args, **kwds): def wrapper(*args, **kwds):

View file

@ -4,7 +4,7 @@ from flask import Blueprint, session, request
from flask import current_app as app from flask import current_app as app
from models import db, Problems, Solves, Teams from models import db, Problems, Solves, Teams
from decorators import admins_only, api_wrapper, login_required from decorators import admins_only, api_wrapper
blueprint = Blueprint("problem", __name__) blueprint = Blueprint("problem", __name__)
@ -72,7 +72,6 @@ def problem_update():
@blueprint.route("/submit", methods=["POST"]) @blueprint.route("/submit", methods=["POST"])
@api_wrapper @api_wrapper
@login_required
def problem_submit(): def problem_submit():
pid = request.form["pid"] pid = request.form["pid"]
flag = request.form["flag"] flag = request.form["flag"]

View file

@ -59,7 +59,8 @@ def user_login():
if utils.check_password(user.password, password): if utils.check_password(user.password, password):
session["username"] = user.username session["username"] = user.username
session["admin"] = user.admin if user.admin:
session["admin"] = True
session["logged_in"] = True session["logged_in"] = True
return { "success": 1, "message": "Success!" } return { "success": 1, "message": "Success!" }
else: else:

11
web/js/admin/problem.js Normal file
View file

@ -0,0 +1,11 @@
function add_problem(name, category, description, hint, flag, value) {
$.post("/api/problem/add", {
name: name,
category: category,
hint: hint,
flag: flag,
value: value
}, function(data) {
})
}

View file

@ -49,3 +49,12 @@ app.config(function($routeProvider, $locationProvider) {
app.controller("mainController", function($scope) { app.controller("mainController", function($scope) {
}); });
function display_message(containerId, alertType, message, callback) {
$("#" + containerId).html('<div class="alert alert-' + alertType + '">' + message + '</div>');
$("#" + containerId).hide().slideDown("fast", "swing", function() {
window.setTimeout(function () {
$("#" + containerId).slideUp("fast", "swing", callback);
});
}, 2000);
}

View file

@ -4,13 +4,16 @@ $("#login-form").on("submit", function(e) {
}); });
function login(email, password) { function login(email, password) {
$("#login").attr("disabled", "disabled");
$.post("/api/user/login", { $.post("/api/user/login", {
email: email, email: email,
password: password password: password
}, function(data) { }, function(data) {
$("#status").text(data.message);
if (data.success == 1) { if (data.success == 1) {
display_message("status", "success", "Success!", function() {$("#login").removeAttr("disabled");});
// wait then redirect or whatever // wait then redirect or whatever
} else {
display_message("status", "danger", data.message, function() {$("#login").removeAttr("disabled");});
} }
}); });
} }

View file

@ -4,6 +4,7 @@ $("#registration-form").on("submit", function(e) {
}); });
function register(name, username, password, password_confirm, email, captcha_response) { function register(name, username, password, password_confirm, email, captcha_response) {
$("#register").attr("disabled", "disabled");
$.post("/api/user/register", { $.post("/api/user/register", {
name: name, name: name,
username: username, username: username,
@ -14,8 +15,10 @@ function register(name, username, password, password_confirm, email, captcha_res
}, function(data) { }, function(data) {
$("#status").text(data.message); $("#status").text(data.message);
if (data.success == 1) { if (data.success == 1) {
display_message("status", "success", "Success!", function() {$("#register").removeAttr("disabled")});
// wait then redirect or whatever // wait then redirect or whatever
} else { } else {
display_message("status", "danger", data.message, function() {$("#register").removeAttr("disabled")});
grecaptcha.reset(); grecaptcha.reset();
} }
}); });

View file

@ -4,7 +4,7 @@
<form id="login-form"> <form id="login-form">
<input type="text" class="form-control" placeholder="Email" id="email"> <input type="text" class="form-control" placeholder="Email" id="email">
<input type="password" id="password" name="password" placeholder="Password" class="form-control"> <input type="password" id="password" name="password" placeholder="Password" class="form-control">
<input type="submit" class="btn btn-lg btn-success" value="Login"> <input id="login" type="submit" class="btn btn-lg btn-success" value="Login">
</form> </form>
</div> </div>
<div id="status"></div> <div id="status"></div>

View file

@ -51,14 +51,14 @@
<br> <br>
</div> </div>
<div id="status"></div>
<label>I have read and I agree to <a href="/rules" target="_blank">EasyCTF Rules</a>.</label> <label>I have read and I agree to <a href="/rules" target="_blank">EasyCTF Rules</a>.</label>
<br> <br>
<br> <br>
<input class="style2" type="checkbox" class="form-control" value="didRead"> <input class="style2" type="checkbox" class="form-control" value="didRead">
<br> <br>
<input class="style3" type="submit" class="btn btn-lg btn-success" value="Register"> <input id="register" class="style3" type="submit" class="btn btn-lg btn-success" value="Register">
</div> </div>
</form> </form>
<div id="status"></div>
</div> </div>
</div> </div>