diff --git a/ctf.nginx b/ctf.nginx index 9e58b4b..6bfe75d 100644 --- a/ctf.nginx +++ b/ctf.nginx @@ -11,6 +11,8 @@ server { # location / { # try_files $uri $uri/ =404; # } + + # Put all the pages here so Angular doesn't fail. location ~^/(about|login|register)$ { default_type text/html; try_files /index.html /index.html; diff --git a/deploy b/deploy index fc3edc2..628c543 100755 --- a/deploy +++ b/deploy @@ -3,8 +3,9 @@ echo "Stopping the server..." pkill gunicorn sudo service nginx stop +tmux kill-session -t ctf echo "Starting the server..." cd /home/vagrant/server sudo service nginx start -gunicorn "app:app" -c /home/vagrant/scripts/gunicorn.py.ini +tmux new-session -s ctf -d 'gunicorn "app:app" -c /home/vagrant/scripts/gunicorn.py.ini' diff --git a/server/api/user.py b/server/api/user.py index 8723ce5..24396ec 100644 --- a/server/api/user.py +++ b/server/api/user.py @@ -4,6 +4,7 @@ from flask import current_app as app from models import db, Users from utils import api_wrapper +import logging import requests import utils @@ -12,68 +13,70 @@ blueprint = Blueprint("user", __name__) @blueprint.route("/register", methods=["POST"]) @api_wrapper def user_register(): - if not validate_captcha(request.form): - return { "success": 0, "message": "Please do the captcha." } + if not validate_captcha(request.form): + return { "success": 0, "message": "Please do the captcha." } - name = request.form["name"] - username = request.form["username"] - password = request.form["password"] - password_confirm = request.form["password_confirm"] - email = request.form["email"] + name = request.form["name"] + username = request.form["username"] + password = request.form["password"] + password_confirm = request.form["password_confirm"] + email = request.form["email"] - username_exists = Users.query.add_columns("name", "uid").filter_by(username_lower=username.lower()).first() - email_exists = Users.query.add_columns("name", "uid").filter_by(email=email).first() + username_exists = Users.query.add_columns("name", "uid").filter_by(username_lower=username.lower()).first() + email_exists = Users.query.add_columns("name", "uid").filter_by(email=email).first() - if password != password_confirm: - return { "success": 0, "message": "Passwords do not match." } - if len(password) > 128: - return { "success": 0, "message": "Password is too long." } - if len(password) == 0: - return { "success": 0, "message": "Password is too short." } - if len(username) > 64: - return { "success": 0, "message": "Username is too long." } - if username_exists: - return { "success": 0, "message": "Username is already taken." } - if email_exists: - return { "success": 0, "message": "Email has already been used." } + if password != password_confirm: + return { "success": 0, "message": "Passwords do not match." } + if len(password) > 128: + return { "success": 0, "message": "Password is too long." } + if len(password) == 0: + return { "success": 0, "message": "Password is too short." } + if len(username) > 64: + return { "success": 0, "message": "Username is too long." } + if username_exists: + return { "success": 0, "message": "Username is already taken." } + if email_exists: + return { "success": 0, "message": "Email has already been used." } - add_user(name, username, email, password) + add_user(name, username, email, password) + logger = logging.getLogger("regs") + logger.warn("[{0}] {1} registered with {2}".format(time.strftime("%m/%d/%Y %X"), name.encode("utf-8"), email.encode("utf-8"))) - return { "success": 1, "message": "Success!" } + return { "success": 1, "message": "Success!" } @blueprint.route("/logout", methods=["POST"]) @api_wrapper def user_logout(): - session.clear() + session.clear() @blueprint.route("/login", methods=["POST"]) @api_wrapper def user_login(): - email = request.form["email"] - password = request.form["password"] - user = Users.query.filter_by(email=email).first() - if user is None: - return { "success": 0, "message": "Invalid credentials." } + email = request.form["email"] + password = request.form["password"] + user = Users.query.filter_by(email=email).first() + if user is None: + return { "success": 0, "message": "Invalid credentials." } - if utils.check_password(user.password, password): - session["username"] = user.username - session["admin"] = user.admin - session["logged_in"] = True - return { "success": 1, "message": "Success!" } - else: - return { "success": 0, "message": "Invalid credentials." } + if utils.check_password(user.password, password): + session["username"] = user.username + session["admin"] = user.admin + session["logged_in"] = True + return { "success": 1, "message": "Success!" } + else: + return { "success": 0, "message": "Invalid credentials." } def add_user(name, username, email, password): - user = Users(name, username, email, password) - db.session.add(user) - db.session.commit() + user = Users(name, username, email, password) + db.session.add(user) + db.session.commit() def validate_captcha(form): - if "captcha_response" not in form: - return False - captcha_response = form["captcha_response"] - data = {"secret": "6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu", "response": captcha_response} - response = requests.post("https://www.google.com/recaptcha/api/siteverify", data=data) - if response.json()["success"]: - return True - return False + if "captcha_response" not in form: + return False + captcha_response = form["captcha_response"] + data = {"secret": "6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu", "response": captcha_response} + response = requests.post("https://www.google.com/recaptcha/api/siteverify", data=data) + if response.json()["success"]: + return True + return False