Merge branch 'flag_commit_per_task'

and lots of other improvments

service/configuration.yml

@@ -10,6 +10,7 @@ dbPort: 27017
 dbName: db
 
 flagHashMethod: "MD5"
+salt: "SECURE_SALT"
 
 admins:
   - name: "gpietrus_admin"

service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/Task.java

 package com.telephoners.krakyournet.ctf.beans.tasks;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
+import com.telephoners.krakyournet.ctf.beans.User;
 import com.telephoners.krakyournet.ctf.helpers.PublicProperty;
 import com.telephoners.krakyournet.ctf.beans.Flag;
 import org.bson.types.ObjectId;
 import org.mongodb.morphia.annotations.Entity;
 import org.mongodb.morphia.annotations.Id;
 
+import java.io.IOException;
 import java.util.List;
 
 @Entity("tasks")
@@ -32,6 +34,8 @@ public abstract class Task
     {
     }
 
+    public abstract String getTextForUser(User user) throws IOException;
+
     public String getName()
     {
         return name;

service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/TextTask.java

@@ -2,6 +2,7 @@ package com.telephoners.krakyournet.ctf.beans.tasks;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.telephoners.krakyournet.ctf.beans.Flag;
+import com.telephoners.krakyournet.ctf.beans.User;
 import org.mongodb.morphia.annotations.Entity;
 
 import java.util.List;
@@ -22,7 +23,7 @@ public class TextTask extends Task
     {
     }
 
-    public String getText()
+    public String getTextForUser(User user)
     {
         return text;
     }

service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/WebTask.java

@@ -2,8 +2,17 @@ package com.telephoners.krakyournet.ctf.beans.tasks;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.telephoners.krakyournet.ctf.beans.Flag;
+import com.telephoners.krakyournet.ctf.beans.User;
+import com.telephoners.krakyournet.ctf.helpers.StreamUtils;
+import org.apache.http.HttpEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
 import org.mongodb.morphia.annotations.Entity;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.util.List;
 
 @Entity("tasks")
@@ -22,6 +31,11 @@ public class WebTask extends Task
     {
     }
 
+    public String getTextForUser(User user) throws IOException
+    {
+        return StreamUtils.readStream(proxyRequest(getUrl(), user));
+    }
+
     public String getUrl()
     {
         return url;
@@ -31,4 +45,14 @@ public class WebTask extends Task
     {
         this.url = url;
     }
+
+    private InputStream proxyRequest(String url, User user) throws IOException
+    {
+        CloseableHttpClient httpClient = HttpClients.createDefault();
+        HttpGet httpget = new HttpGet(url);
+        httpget.setHeader("CTF-User", user.getName());
+        CloseableHttpResponse execute = httpClient.execute(httpget);
+        HttpEntity entity = execute.getEntity();
+        return entity.getContent();
+    }
 }

service/src/main/java/com/telephoners/krakyournet/ctf/core/ApplicationConfiguration.java

@@ -18,6 +18,7 @@ public class ApplicationConfiguration extends Configuration
     private List<TextTask> textTasks;
     private List<WebTask> webTasks;
     private List<User> admins;
+    private String salt;
 
     public List<User> getAdmins()
     {
@@ -98,4 +99,14 @@ public class ApplicationConfiguration extends Configuration
     {
         this.webTasks = webTasks;
     }
+
+    public String getSalt()
+    {
+        return salt;
+    }
+
+    public void setSalt(String salt)
+    {
+        this.salt = salt;
+    }
 }

service/src/main/java/com/telephoners/krakyournet/ctf/helpers/StreamUtils.java

+package com.telephoners.krakyournet.ctf.helpers;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.stream.Collectors;
+
+public class StreamUtils
+{
+    public static String readStream(InputStream input) throws IOException
+    {
+        try (BufferedReader buffer = new BufferedReader(new InputStreamReader(input))) {
+            return buffer.lines().collect(Collectors.joining("\n"));
+        }
+    }
+}

service/src/main/java/com/telephoners/krakyournet/ctf/modules/ApplicationModule.java

 package com.telephoners.krakyournet.ctf.modules;
 
 import com.google.inject.AbstractModule;
+import com.google.inject.name.Names;
 import com.mongodb.MongoClient;
 import com.telephoners.krakyournet.ctf.core.ApplicationConfiguration;
 import org.mongodb.morphia.Datastore;
 import org.mongodb.morphia.Morphia;
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
 public class ApplicationModule extends AbstractModule
 {
 
@@ -28,5 +32,11 @@ public class ApplicationModule extends AbstractModule
                 new MongoClient(applicationConfiguration.getDbHost(), applicationConfiguration.getDbPort()), applicationConfiguration.getDbName());
         datastore.ensureIndexes();
         bind(Datastore.class).toInstance(datastore);
+        try {
+            bind(MessageDigest.class).annotatedWith(Names.named("messageDigest"))
+                    .toInstance(MessageDigest.getInstance(applicationConfiguration.getFlagHashMethod()));
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        }
     }
 }

service/src/main/java/com/telephoners/krakyournet/ctf/repositories/Repository.java

 package com.telephoners.krakyournet.ctf.repositories;
 
+import org.mongodb.morphia.Datastore;
+
+import javax.inject.Inject;
+import java.lang.reflect.ParameterizedType;
 import java.util.List;
 
-/**
- * Created by gpietrus on 20.02.2016.
- */
-public interface Repository {
-//    void getByTaskName(UUID uuid);
-    List getAll();
+public abstract class Repository<T>
+{
+    protected Datastore datastore;
+
+    @Inject
+    public Repository(Datastore datastore)
+    {
+        this.datastore = datastore;
+    }
+
+    protected Repository()
+    {
+    }
+
+    public void add(T item)
+    {
+        datastore.save(item);
+    }
+
+    public List<T> getAll()
+    {
+        //todo: unchecked cast
+        return datastore.createQuery(getRepositoryType()).asList();
+    }
+
+    public void clean()
+    {
+        datastore.getCollection(getRepositoryType()).drop();
+    }
 
-//    void add(User user); //todo: not user //todo: use generics?
+    Class getRepositoryType() {
+        try {
+            return Class.forName((((ParameterizedType) this.getClass().getGenericSuperclass())
+                    .getActualTypeArguments()[0]).getTypeName());
+        } catch (ClassNotFoundException e) {
+            throw new IllegalStateException("Class not found");
+        }
+    }
 }

service/src/main/java/com/telephoners/krakyournet/ctf/repositories/SolutionsRepository.java

 package com.telephoners.krakyournet.ctf.repositories;
 
-import com.telephoners.krakyournet.ctf.beans.Flag;
 import com.telephoners.krakyournet.ctf.beans.Solution;
 import com.telephoners.krakyournet.ctf.beans.Team;
 import com.telephoners.krakyournet.ctf.beans.tasks.Task;
 import org.mongodb.morphia.Datastore;
 
-import javax.inject.Inject;
 import javax.inject.Singleton;
 import java.util.List;
 import java.util.Map;
@@ -16,25 +14,15 @@ import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
 @Singleton
-public class SolutionsRepository implements Repository
+public class SolutionsRepository extends Repository<Solution>
 {
-    private Datastore datastore;
-
-    @Inject
     public SolutionsRepository(Datastore datastore)
     {
-        this.datastore = datastore;
+        super(datastore);
     }
 
-    public List<Solution> getAll()
+    public SolutionsRepository()
     {
-        return datastore.createQuery(Solution.class).asList();
-    }
-
-    public void add(Solution solution)
-    { //todo
-        datastore.save(solution); //todo: error handling?
-        //todo: do not add if already exists
     }
 
     public List<Solution> getByTeam(Team team)

service/src/main/java/com/telephoners/krakyournet/ctf/repositories/TasksRepository.java

@@ -18,24 +18,21 @@ import java.security.NoSuchAlgorithmException;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.function.Function;
-import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
 @Singleton
-public class TasksRepository implements Repository
+public class TasksRepository extends Repository<Task>
 {
-
     private ApplicationConfiguration applicationConfiguration;
     private Datastore datastore;
     private TeamsRepository teamsRepository;
     private SolutionsRepository solutionsRepository;
-    private String salt = "SECURE_SALT"; //todo: move to configuration!
 
     @Inject
     public TasksRepository(ApplicationConfiguration applicationConfiguration, Datastore datastore,
                            TeamsRepository teamsRepository, SolutionsRepository solutionsRepository)
     {
+        super(datastore);
         this.applicationConfiguration = applicationConfiguration;
         this.datastore = datastore;
         this.teamsRepository = teamsRepository;
@@ -49,16 +46,6 @@ public class TasksRepository implements Repository
                 .get();
     }
 
-    private Optional<Task> getByUserFlag(String username, String flagValue)
-    {
-        return getUserFlagsHashes(username).entrySet()
-                .stream()
-                .filter(flagsMapEntry -> flagsMapEntry.getKey().contains(flagValue))
-                .map(Map.Entry::getValue)
-                .map(this::getByLevel)
-                .findFirst();
-    }
-
     public List<Task> getAllPublic()
     {
         return datastore.createQuery(Task.class)
@@ -66,16 +53,6 @@ public class TasksRepository implements Repository
                 .asList();
     }
 
-    public List<Task> getAll()
-    {
-        return datastore.createQuery(Task.class).asList();
-    }
-
-    public void add(Task task)
-    {
-        datastore.save(task);
-    }
-
     //todo: refactor?
     public Map<List<String>, Integer> getUserFlagsHashes(String username)
     {
@@ -92,55 +69,21 @@ public class TasksRepository implements Repository
     }
 
     //todo: refactor with the function below
-    private Optional<Pair<Task, Flag>> getTaskFlagPairByHashValue(User user, String userHash)
+    private Optional<Pair<Task, Flag>> getTaskFlagPairByHashValue(User user, String userHash, int taskLevel)
     {
         String username = user.getName();
-        //todo: collapse lambdas
-        Optional<Pair<Task, Flag>> matched = this.getAll().stream()
-                .collect(Collectors.toMap(
-                        task -> task,
-                        Task::getFlags
-                ))
-                .entrySet()
-                .stream()
-                .map((Function<Map.Entry<Task, List<Flag>>, Pair<Task, Optional<Flag>>>) taskFlagsEntry -> {
-                    Task task = taskFlagsEntry.getKey();
-                    Optional<Flag> matchedFlag = taskFlagsEntry.getValue().stream()
-                            .filter(new Predicate<Flag>()
-                            {
-                                @Override
-                                public boolean test(Flag flag1)
-                                {
-                                    return calculateHashValue(username, flag1.getValue()).equals(userHash);
-                                }
-                            })
+        Optional<Flag> matchedFlag = getByLevel(taskLevel).getFlags().stream()
+                .filter(flag -> calculateHashValue(username, flag.getValue()).equals(userHash))
                 .findFirst();
-                    return new Pair<Task, Optional<Flag>>(task, matchedFlag);
-                })
-                .filter(new Predicate<Pair<Task, Optional<Flag>>>()
-                {
-                    @Override
-                    public boolean test(Pair<Task, Optional<Flag>> taskOptionalPair)
-                    {
-                        return taskOptionalPair.getValue().isPresent();
-                    }
-                })
-                .map(new Function<Pair<Task, Optional<Flag>>, Pair<Task, Flag>>()
-                {
-                    @Override
-                    public Pair<Task, Flag> apply(Pair<Task, Optional<Flag>> taskOptionalPair)
-                    {
-                        return new Pair<Task, Flag>(taskOptionalPair.getKey(), taskOptionalPair.getValue().get());
+        if (matchedFlag.isPresent()) {
+            return Optional.of(new Pair<>(getByLevel(taskLevel), matchedFlag.get()));
         }
-                })
-                .findFirst();
-        return matched;
-        //todo: refactor
+        return Optional.empty();
     }
 
     public String calculateHashValue(String username, String flagValue)
     { //todo
-        String combinedStrings = salt + username + flagValue; //todo
+        String combinedStrings = applicationConfiguration.getSalt() + username + flagValue; //todo
         MessageDigest md5 = null;//todo: discuss
         try {
             md5 = MessageDigest.getInstance(applicationConfiguration.getFlagHashMethod());
@@ -156,10 +99,10 @@ public class TasksRepository implements Repository
         return solutionsRepository.exists(solution);
     }
 
-    public boolean checkHash(User user, String hashValue)
+    public boolean checkHash(User user, String hashValue, int taskLevel)
     {
         //todo: refactor
-        Optional<Pair<Task, Flag>> taskFlagPairOptional = getTaskFlagPairByHashValue(user, hashValue);
+        Optional<Pair<Task, Flag>> taskFlagPairOptional = getTaskFlagPairByHashValue(user, hashValue, taskLevel);
         if (!taskFlagPairOptional.isPresent()) {
             return false;
         }
@@ -179,11 +122,6 @@ public class TasksRepository implements Repository
         return false;
     }
 
-    public void clean()
-    {
-        datastore.getCollection(Task.class).drop();
-    }
-
     //todo: should it be here?
     public List<Integer> getCompletedTasks(Team team)
     {

service/src/main/java/com/telephoners/krakyournet/ctf/repositories/TeamsRepository.java

 package com.telephoners.krakyournet.ctf.repositories;
 
-import com.telephoners.krakyournet.ctf.core.ApplicationConfiguration;
 import com.telephoners.krakyournet.ctf.beans.Team;
 import com.telephoners.krakyournet.ctf.beans.User;
 import org.mongodb.morphia.Datastore;
@@ -11,23 +10,19 @@ import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 
-/**
- * Created by gpietrus on 20.02.2016.
- */
 @Singleton
-public class TeamsRepository implements Repository
+public class TeamsRepository extends Repository<Team>
 {
 
     private Datastore datastore;
-    private ApplicationConfiguration applicationConfiguration;
     private UsersRepository usersRepository;
 
     @Inject
-    public TeamsRepository(Datastore datastore, ApplicationConfiguration applicationConfiguration,
+    public TeamsRepository(Datastore datastore,
                            UsersRepository usersRepository)
     {
+        super(datastore);
         this.datastore = datastore;
-        this.applicationConfiguration = applicationConfiguration;
         this.usersRepository = usersRepository;
     }
 
@@ -47,22 +42,4 @@ public class TeamsRepository implements Repository
     {
 
     }
-
-    public List<Team> getAll()
-    {
-        return datastore.createQuery(Team.class).asList();
-    }
-
-    //todo: move to interface
-    //todo: use default as interface-implemented methods
-    public void add(Team team)
-    {
-        datastore.save(team);
-    }
-
-    //todo: move clean to upper class?
-    public void clean()
-    {
-        datastore.getCollection(Team.class).drop();
-    }
 }

service/src/main/java/com/telephoners/krakyournet/ctf/repositories/UsersRepository.java

@@ -2,35 +2,24 @@ package com.telephoners.krakyournet.ctf.repositories;
 
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
+import com.google.inject.name.Named;
 import com.telephoners.krakyournet.ctf.beans.User;
 import io.dropwizard.auth.basic.BasicCredentials;
 import org.apache.commons.codec.binary.Hex;
 import org.mongodb.morphia.Datastore;
 
 import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
 
 @Singleton
-public class UsersRepository implements Repository
+public class UsersRepository extends Repository<User>
 {
-    private Datastore datastore;
     private MessageDigest messageDigest;
 
     @Inject
-    public UsersRepository(Datastore datastore)
+    public UsersRepository(Datastore datastore, final @Named("messageDigest") MessageDigest messageDigest)
     {
-        this.datastore = datastore;
-        try {
-            messageDigest = MessageDigest.getInstance("MD5"); //todo
-        } catch (NoSuchAlgorithmException e) {
-            e.printStackTrace();
-        }
-    }
-
-    public void add(User user)
-    {
-        datastore.save(user);
+        super(datastore);
+        this.messageDigest = messageDigest;
     }
 
     public User getUserByName(String username)
@@ -47,10 +36,4 @@ public class UsersRepository implements Repository
                 .field("password").equal(Hex.encodeHexString(messageDigest.digest(basicCredentials.getPassword().getBytes())))
                 .get();
     }
-
-    @Override
-    public List getAll()
-    {
-        return null;
-    }
 }

service/src/main/java/com/telephoners/krakyournet/ctf/resources/SolutionsResource.java

@@ -9,10 +9,7 @@ import io.dropwizard.auth.Auth;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
+import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.util.List;
@@ -39,10 +36,12 @@ public class SolutionsResource
     }
 
     @POST
+    @Path("/{task_level}")
     public Response submitSolution(@Auth User user,
+                                   @PathParam("task_level") int taskLevel,
                                    String hash) throws Exception
     {
-        if (tasksRepository.checkHash(user, hash)) {
+        if (tasksRepository.checkHash(user, hash, taskLevel)) {
             return Response.ok().build();
         }
         return Response.status(Response.Status.NOT_ACCEPTABLE).build();
@@ -78,7 +77,6 @@ public class SolutionsResource
 
     @GET
     @Path("/all")
-    //todo: should return completed, not all flags?
     public Map<String, Map<Integer, List<String>>> getTeamsSolutions()
     {
         return teamsRepository.getAll()

service/src/main/java/com/telephoners/krakyournet/ctf/resources/TaskResource.java

@@ -46,36 +46,6 @@ public class TaskResource
         if (task == null) {
             return Response.status(Response.Status.BAD_REQUEST).build();
         }
-
-        String taskText = null;
-
-        //todo: refactor, so ugly;(
-        if(task instanceof WebTask) {
-            taskText = readStream(proxyRequest(((WebTask) task).getUrl(), user));
-        }
-        if(task instanceof TextTask) {
-            taskText = ((TextTask) task).getText();
-        }
-
-        //todo!!!!!
-        return Response.ok().entity(taskText).build();
-    }
-
-    //todo: remove proxy resource
-    private InputStream proxyRequest(String url, User user) throws IOException
-    {
-        CloseableHttpClient httpClient = HttpClients.createDefault();
-        HttpGet httpget = new HttpGet(url);
-        httpget.setHeader("CTF-User", user.getName());
-        CloseableHttpResponse execute = httpClient.execute(httpget);
-        HttpEntity entity = execute.getEntity();
-        return entity.getContent();
-    }
-
-    private String readStream(InputStream input) throws IOException
-    {
-        try (BufferedReader buffer = new BufferedReader(new InputStreamReader(input))) {
-            return buffer.lines().collect(Collectors.joining("\n"));
-        }
+        return Response.ok().entity(task.getTextForUser(user)).build();
     }
 }

service/src/main/java/com/telephoners/krakyournet/ctf/resources/UtilResource.java

@@ -5,6 +5,7 @@ import com.telephoners.krakyournet.ctf.beans.Team;
 import com.telephoners.krakyournet.ctf.beans.User;
 import com.telephoners.krakyournet.ctf.repositories.TeamsRepository;
 import io.dropwizard.auth.Auth;
+import org.apache.commons.io.FileUtils;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -14,6 +15,8 @@ import javax.ws.rs.Produces;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import java.io.File;
+import java.io.IOException;
 import java.util.Optional;
 
 @Singleton
@@ -44,16 +47,15 @@ public class UtilResource
         return responseBuilder.build();
     }
 
-    //todo: cleanup
     @GET
     @Path("/auth")
-    public Response auth(@Auth User user)
+    public Response auth(@Auth User user) throws IOException
     {
-        String jsRedirect = "<script type=\"text/javascript\">\n" +
-                "<!--\n" +
-                "window.location = \"http://\" + window.location.host + \"/page\"\n" +
-                "//-->\n" +
-                "</script>";
-        return Response.ok().entity(jsRedirect).header(HttpHeaders.CONTENT_TYPE, "text/html").header(HttpHeaders.WWW_AUTHENTICATE, "Basic").build();
+        String redirectHtml = new String(FileUtils.readFileToByteArray(new File("service/src/main/resources/assets/redirect.html")));
+        return Response.ok()
+                .entity(redirectHtml)
+                .header(HttpHeaders.CONTENT_TYPE, "text/html")
+                .header(HttpHeaders.WWW_AUTHENTICATE, "Basic")
+                .build();
     }
 }

service/src/main/resources/assets/redirect.html

+<!DOCTYPE html>
+<html lang="en" ng-app="ctfApp">
+<head>
+</head>
+<script type="text/javascript">
+    window.location = "http://" + window.location.host + "/page";
+</script>
+</body>
+</html>
+