Merge branch 'master' of gitlab.telemabk.pl:jifwin/CTF

cd915a3d · Dominik Rosiek · 61c07f20 · 8e46ed7a · cd915a3d · cd915a3d
Commit cd915a3d authored Apr 10, 2016 by Dominik Rosiek
9 changed files
--- a/service/configuration.local.yml
+++ b/service/configuration.local.yml
@@ -15,6 +15,11 @@ startupConfiguration:

 digestMethod: "MD5"

+proxiedHeaders:
+  - "KYN_2016"
+  - "EY_HEADER"
+  - "Content-Type"
+
 admins:
  - name: "gpietrus_admin"
    password: "41b450e73c974fca46911eba84e114f2" #gpietrus md5

--- a/service/configuration.prod.yml
+++ b/service/configuration.prod.yml
@@ -15,6 +15,11 @@ startupConfiguration:

 digestMethod: "MD5"

+proxiedHeaders:
+  - "KYN_2016"
+  - "EY_HEADER"
+  - "Content-Type"
+
 admins:
  - name: "gpietrus_admin"
    password: "41b450e73c974fca46911eba84e114f2" #gpietrus md5

--- a/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/Task.java
+++ b/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/Task.java
@@ -2,13 +2,11 @@ package com.telephoners.krakyournet.ctf.beans.tasks;

 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.telephoners.krakyournet.ctf.beans.Flag;
-import com.telephoners.krakyournet.ctf.beans.User;
 import com.telephoners.krakyournet.ctf.helpers.PublicProperty;
 import org.bson.types.ObjectId;
 import org.mongodb.morphia.annotations.Entity;
 import org.mongodb.morphia.annotations.Id;

-import javax.ws.rs.container.ContainerRequestContext;
 import java.io.IOException;
 import java.util.List;

@@ -38,7 +36,7 @@ public abstract class Task
    {
    }

-    public abstract TaskResponse getTaskResponse(User user, String path, ContainerRequestContext containerRequestContext) throws IOException;
+    public abstract TaskResponse getTaskResponse(TaskRequestContext taskRequestContext) throws IOException;

    public String getName()
    {

--- a/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/TaskRequestContext.java
+++ b/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/TaskRequestContext.java
+package com.telephoners.krakyournet.ctf.beans.tasks;
+
+import com.telephoners.krakyournet.ctf.beans.User;
+
+import java.util.Map;
+
+public class TaskRequestContext
+{
+    private String httpMethod; //todo: use class
+    private User user;
+    private String path;
+    private String body;
+    private Map<String, String> headers;
+
+    public TaskRequestContext withHttpMethod(String httpMethod)
+    {
+        this.httpMethod = httpMethod;
+        return this;
+    }
+
+    public TaskRequestContext withUser(User user)
+    {
+        this.user = user;
+        return this;
+    }
+
+    public TaskRequestContext withPath(String path)
+    {
+        this.path = path;
+        return this;
+    }
+
+    public TaskRequestContext withBody(String body) {
+        this.body = body;
+        return this;
+    }
+
+    public TaskRequestContext withHeaders(Map<String, String> headers) {
+        this.headers = headers;
+        return this;
+    }
+
+    public String getHttpMethod()
+    {
+        return httpMethod;
+    }
+
+    public User getUser()
+    {
+        return user;
+    }
+
+    public String getPath()
+    {
+        return path;
+    }
+
+    public String getBody()
+    {
+        return body;
+    }
+
+    public Map<String, String> getHeaders()
+    {
+        return headers;
+    }
+}
--- a/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/TaskResponse.java
+++ b/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/TaskResponse.java
 package com.telephoners.krakyournet.ctf.beans.tasks;

+import java.util.Map;
+
 public class TaskResponse
 {
    private String text;
-    private String kynHeader;
+    private Map<String, String> headers;

-    public TaskResponse(String text, String kynHeader)
+    public TaskResponse(String text, Map<String,String> headers)
    {
        this.text = text;
-        this.kynHeader = kynHeader;
+        this.headers = headers;
    }

    public String getText()
    {
-
        return text;
    }

-    public String getKynHeader()
+    public Map<String, String> getHeaders()
    {
-        return kynHeader;
+        return headers;
    }
 }
\ No newline at end of file
--- a/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/TextTask.java
+++ b/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/TextTask.java
@@ -6,6 +6,7 @@ import com.telephoners.krakyournet.ctf.beans.User;
 import org.mongodb.morphia.annotations.Entity;

 import javax.ws.rs.container.ContainerRequestContext;
+import java.io.IOException;
 import java.util.List;

 @Entity("tasks")
@@ -24,12 +25,12 @@ public class TextTask extends Task
    {
    }

-    public TaskResponse getTaskResponse(User user, String path, ContainerRequestContext containerRequestContext)
+    @Override
+    public TaskResponse getTaskResponse(TaskRequestContext taskRequestContext) throws IOException
    {
        return new TaskResponse(text, null);
    }

-
    public void setText(String text)
    {
        this.text = text;

--- a/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/WebTask.java
+++ b/service/src/main/java/com/telephoners/krakyournet/ctf/beans/tasks/WebTask.java
 package com.telephoners.krakyournet.ctf.beans.tasks;

 import com.fasterxml.jackson.annotation.JsonInclude;
-import com.google.common.base.Joiner;
 import com.telephoners.krakyournet.ctf.beans.Flag;
 import com.telephoners.krakyournet.ctf.beans.User;
 import com.telephoners.krakyournet.ctf.helpers.StreamUtils;
-import org.apache.http.Header;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.mongodb.morphia.annotations.Entity;

-import javax.ws.rs.container.ContainerRequestContext;
 import java.io.IOException;
 import java.util.List;

@@ -34,15 +31,27 @@ public class WebTask extends Task
    }

    @Override
+    public TaskResponse getTaskResponse(TaskRequestContext taskRequestContext) throws IOException
+    {
+        String url = getUrl() + taskRequestContext.getPath();
+        //todo: header in
+        CloseableHttpResponse response = proxyRequest(url, taskRequestContext.getUser(), null);
+        String text = StreamUtils.readStream(response.getEntity().getContent());
+        //todo: header out
+        TaskResponse taskResponse = new TaskResponse(text, null);//todo: build with
+        return taskResponse;
+    }
+
+    /*
    public TaskResponse getTaskResponse(User user, String path, ContainerRequestContext context) throws IOException
    {
-        String url = getUrl() + path;
        String kynHeaderValue = context.getHeaderString(KYN_HEADER_NAME);
        CloseableHttpResponse response = proxyRequest(url, user, kynHeaderValue);
        String text = StreamUtils.readStream(response.getEntity().getContent());
        Header kynHeader = response.getFirstHeader(KYN_HEADER_NAME);
        return new TaskResponse(text, kynHeader != null ? kynHeader.getValue() : null); //todo: needs refactorig
    }
+    */

    public String getUrl()
    {

--- a/service/src/main/java/com/telephoners/krakyournet/ctf/core/ApplicationConfiguration.java
+++ b/service/src/main/java/com/telephoners/krakyournet/ctf/core/ApplicationConfiguration.java
@@ -8,6 +8,7 @@ import io.dropwizard.Configuration;

 import javax.validation.constraints.NotNull;
 import java.util.List;
+import java.util.Set;

 public class ApplicationConfiguration extends Configuration
 {
@@ -38,6 +39,9 @@ public class ApplicationConfiguration extends Configuration
    @NotNull
    private StartupConfiguration startupConfiguration;

+    @NotNull
+    private Set<String> proxiedHeaders;
+
    public List<User> getAdmins()
    {
        return admins;
@@ -132,4 +136,14 @@ public class ApplicationConfiguration extends Configuration
    {
        this.startupConfiguration = startupConfiguration;
    }
+
+    public Set<String> getProxiedHeaders()
+    {
+        return proxiedHeaders;
+    }
+
+    public void setProxiedHeaders(Set<String> proxiedHeaders)
+    {
+        this.proxiedHeaders = proxiedHeaders;
+    }
 }
--- a/service/src/main/java/com/telephoners/krakyournet/ctf/resources/TaskResource.java
+++ b/service/src/main/java/com/telephoners/krakyournet/ctf/resources/TaskResource.java
@@ -2,7 +2,10 @@ package com.telephoners.krakyournet.ctf.resources;

 import com.telephoners.krakyournet.ctf.beans.User;
 import com.telephoners.krakyournet.ctf.beans.tasks.Task;
+import com.telephoners.krakyournet.ctf.beans.tasks.TaskRequestContext;
 import com.telephoners.krakyournet.ctf.beans.tasks.TaskResponse;
+import com.telephoners.krakyournet.ctf.core.ApplicationConfiguration;
+import com.telephoners.krakyournet.ctf.helpers.StreamUtils;
 import com.telephoners.krakyournet.ctf.repositories.TasksRepository;
 import io.dropwizard.auth.Auth;
 import org.glassfish.jersey.server.ContainerRequest;
@@ -10,49 +13,114 @@ import org.glassfish.jersey.server.ContainerRequest;
 import javax.inject.Inject;
 import javax.inject.Singleton;
 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;

 @Singleton
 @Path(value = "/task")
 public class TaskResource
 {
+    private final ApplicationConfiguration applicationConfiguration;
    private final TasksRepository tasksRepository;
-    private static final String KYN_HEADER_NAME = "KYN_2016"; //todo, move to configuration

    @Inject
-    public TaskResource(TasksRepository tasksRepository)
+    public TaskResource(ApplicationConfiguration applicationConfiguration, TasksRepository tasksRepository)
    {
+        this.applicationConfiguration = applicationConfiguration;
        this.tasksRepository = tasksRepository;
    }

+    //todo: name
+    private TaskResponse getTaskResponse(int taskLevel, TaskRequestContext taskRequestContext) throws IOException
+    {
+        Task task = tasksRepository.getByLevel(taskLevel);
+        return task.getTaskResponse(taskRequestContext);
+    }
+
+    private Map<String, String> extractProxiedHeaders(MultivaluedMap<String, String> headers) {
+        Set<String> proxiedHeaders = applicationConfiguration.getProxiedHeaders();
+        return headers.entrySet()
+                .stream()
+                .filter(header -> proxiedHeaders.contains(header.getKey()))
+                .collect(Collectors.toMap(
+                        Map.Entry::getKey,
+                        entry -> entry.getValue().get(0) //todo: check
+                ));
+    }
+
    @Path("{task_level}/{path: .*}")
    @GET
-    public Response getTask(@Auth User user,
+    public Response getTaskGet(@Auth User user,
+                                final @PathParam("task_level") int taskLevel,
+                                final @PathParam("path") String path,
+                                @Context ContainerRequestContext containerRequestContext) throws IOException
+    {
+        String fullPath = path;
+        String query = ((ContainerRequest)containerRequestContext).getRequestUri().getQuery();
+        if(query != null) {
+            fullPath += query;
+        }
+        Map<String, String> headers = extractProxiedHeaders(containerRequestContext.getHeaders());//todo: inline
+        TaskRequestContext taskRequestContext = new TaskRequestContext()
+                .withHttpMethod("POST")
+                .withUser(user)
+                .withPath(fullPath)
+                .withHeaders(headers);
+
+        TaskResponse taskResponse = getTaskResponse(taskLevel, taskRequestContext);
+
+
+        Response.ResponseBuilder responseBuilder = Response.ok()
+                .entity(taskResponse.getText());
+
+        taskResponse.getHeaders().entrySet()
+                .stream()
+                .forEach(headerEntry -> responseBuilder.header(headerEntry.getKey(), headerEntry.getValue()));
+        return responseBuilder.build();
+    }
+
+    @Path("{task_level}/{path: .*}")
+    @POST
+    public Response getTaskPost(@Auth User user,
                            final @PathParam("task_level") int taskLevel,
                            final @PathParam("path") String path,
                            @Context ContainerRequestContext containerRequestContext) throws IOException
    {
-        Task task = tasksRepository.getByLevel(taskLevel);
-        //todo: refactor, path not necessary in textTasks
-        ContainerRequest context = (ContainerRequest) containerRequestContext;
-        String query = context.getRequestUri().getQuery();
-
        String fullPath = path;
-        if(query != null) { //todo: refactor
-            fullPath = fullPath + "?" + query;
-        }
-        TaskResponse taskResponse = task.getTaskResponse(user, fullPath, containerRequestContext);
-        Response.ResponseBuilder responseBuilder = Response.ok();
-        responseBuilder.entity(taskResponse.getText());
-        String kynHeaderValue = taskResponse.getKynHeader();
-        if(kynHeaderValue != null) {
-            responseBuilder.header(KYN_HEADER_NAME, kynHeaderValue);
+        String query = ((ContainerRequest)containerRequestContext).getRequestUri().getQuery();
+        if(query != null) {
+            fullPath += query;
        }
+        String body = StreamUtils.readStream(containerRequestContext.getEntityStream());
+        //todo: TaskContextFrom
+
+        Map<String, String> headers = extractProxiedHeaders(containerRequestContext.getHeaders());//todo: inline
+
+        TaskRequestContext taskRequestContext = new TaskRequestContext()
+                .withHttpMethod("POST")
+                .withUser(user)
+                .withPath(fullPath)
+                .withBody(body)
+                .withHeaders(headers);
+
+        TaskResponse taskResponse = getTaskResponse(taskLevel, taskRequestContext);
+
+        Response.ResponseBuilder responseBuilder = Response.ok()
+                .entity(taskResponse.getText());
+
+        taskResponse.getHeaders().entrySet()
+                .stream()
+                .forEach(headerEntry -> responseBuilder.header(headerEntry.getKey(), headerEntry.getValue()));
+
        return responseBuilder.build();
    }
 }