From 44473e2fe63f6cee1cd252228c996ce2707b2cee Mon Sep 17 00:00:00 2001
From: James Wang <jameswang9909@hotmail.com>
Date: Sat, 2 Jan 2016 14:30:42 -0500
Subject: [PATCH] Display items in the navbar when appropriate

---
 server/api/decorators.py | 26 ++++++++++++++++++--------
 server/api/problem.py    |  3 ++-
 server/api/user.py       | 18 +++++++++++++++++-
 web/index.html           | 12 ++++++++++--
 web/js/easyctf.js        | 24 ++++++++++++++++++++++++
 5 files changed, 71 insertions(+), 12 deletions(-)

diff --git a/server/api/decorators.py b/server/api/decorators.py
index 44552cf..27565ce 100644
--- a/server/api/decorators.py
+++ b/server/api/decorators.py
@@ -6,14 +6,6 @@ from flask import session
 
 class WebException(Exception): pass
 
-def admins_only(f):
-    @wraps(f)
-    def decorated_function(*args, **kwargs):
-        if "admin" not in session and not session["admin"]:
-            return { "success": 0, "message": "Not authorized." }
-        return f(*args, **kwargs)
-    return decorated_function
-
 def api_wrapper(f):
     @wraps(f)
     def wrapper(*args, **kwds):
@@ -30,3 +22,21 @@ def api_wrapper(f):
             web_result = { "success": 0, "message": "Something went wrong! Please notify us about this immediately.", str(error): traceback.format_exc() }
         return json.dumps(web_result), response, { "Content-Type": "application/json; charset=utf-8" }
     return wrapper
+
+import user # Must go below api_wrapper to prevent import loops
+
+def login_required(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if not user.is_logged_in():
+            return { "success": 0, "message": "Not logged in." }
+        return f(*args, **kwargs)
+    return decorated_function
+
+def admins_only(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if not user.is_admin():
+            return { "success": 0, "message": "Not authorized." }
+        return f(*args, **kwargs)
+    return decorated_function
diff --git a/server/api/problem.py b/server/api/problem.py
index 5aa9820..d55a1f5 100644
--- a/server/api/problem.py
+++ b/server/api/problem.py
@@ -4,7 +4,7 @@ from flask import Blueprint, session, request
 from flask import current_app as app
 
 from models import db, Problems, Solves, Teams
-from decorators import admins_only, api_wrapper
+from decorators import admins_only, api_wrapper, login_required
 
 blueprint = Blueprint("problem", __name__)
 
@@ -72,6 +72,7 @@ def problem_update():
 
 @blueprint.route("/submit", methods=["POST"])
 @api_wrapper
+@login_required
 def problem_submit():
     pid = request.form["pid"]
     flag = request.form["flag"]
diff --git a/server/api/user.py b/server/api/user.py
index 9a07f05..048115e 100644
--- a/server/api/user.py
+++ b/server/api/user.py
@@ -1,4 +1,4 @@
-from flask import Blueprint, session, request
+from flask import Blueprint, session, request, redirect, url_for
 from flask import current_app as app
 
 from models import db, Users
@@ -66,6 +66,22 @@ def user_login():
     else:
         return { "success": 0, "message": "Invalid credentials." }
 
+@blueprint.route("/status", methods=["POST"])
+@api_wrapper
+def user_status():
+    status = {
+        "logged_in": is_logged_in(),
+        "admin": is_admin(),
+        "username": session["username"] if is_logged_in() else "",
+    }
+    return status
+
+def is_logged_in():
+    return "logged_in" in session and session["logged_in"]
+
+def is_admin():
+    return "admin" in session and session["admin"]
+
 def add_user(name, username, email, password):
     user = Users(name, username, email, password)
     db.session.add(user)
diff --git a/web/index.html b/web/index.html
index 128d79a..ec80906 100644
--- a/web/index.html
+++ b/web/index.html
@@ -66,14 +66,22 @@
 							</li>
 						</ul>
 					</li>
-					<li>
+					<li id="login_link" style="display:none">
 						<a href="/login">
 							<span class="fa fa-sign-in"></span>&nbsp;&nbsp;Login</a>
 					</li>
-					<li>
+					<li id="register_link" style="display:none">
 						<a href="/register">
 							<span class="fa fa-pencil"></span>&nbsp;&nbsp;Register</a>
 					</li>
+					<li id="account_link" style="display:none">
+						<a href="/account">
+							<span class="fa fa-pencil"></span>&nbsp;&nbsp;Account</a>
+					</li>
+					<li id="logout" style="display:none">
+						<a href="/api/user/logout">
+							<span class="fa fa-pencil"></span>&nbsp;&nbsp;Logout</a>
+					</li>
 				</ul>
 			</div>
 		</div>
diff --git a/web/js/easyctf.js b/web/js/easyctf.js
index 1237680..b3788fa 100644
--- a/web/js/easyctf.js
+++ b/web/js/easyctf.js
@@ -58,3 +58,27 @@ function display_message(containerId, alertType, message, callback) {
         });
     }, 2000);
 }
+
+function load_navbar() {
+    $.post("/api/user/status", {
+    },
+    function(data) {
+        if (data.logged_in) {
+            $("#logout").show();
+            $("#account_link").show();
+        } else {
+            $("#login_link").show();
+            $("#register_link").show();
+        }
+    });
+}
+
+$("#logout").click(function(e) {
+    e.preventDefault();
+    $.post("/api/user/logout", {
+    }, function (data) {
+        window.location = "/";
+    });
+})
+
+$(document).ready( load_navbar() );