Regenerated yarn.lock

Author: chen-robert

.dockerignore

@@ -0,0 +1,23 @@
+# rDeploy files
+/.rdeploy
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+/node_modules
+
+/build
+/.env
+
+.DS_Store
+Thumbs.db
+ehthumbs.db
+Desktop.ini
+$RECYCLE.BIN
+
+*.swp
+
+# nyc test runner
+/.nyc_output
+/coverage

.env.example

@@ -1,2 +1,16 @@
-RCTF_TOKEN_KEY=LMyfS/PlmrRQNVQMPPT1acfJf+XWh4JRPH6VX+9vNVY=
+# rCTF config
+RCTF_TOKEN_KEY=32_byte_long_base64_encoded_value_for_token
+RCTF_NAME=rCTF
+RCTF_ORIGIN=http://127.0.0.1
 RCTF_DATABASE_URL=postgresql://user:[email protected]:5432/rctf
+RCTF_REDIS_URL=redis://:[email protected]:6379/0
+RCTF_SMTP_URL=smtp://user:[email protected]:587
+RCTF_EMAIL_FROM=[email protected]
+
+# deployment config
+RCTF_RCTF_CPU_LIMIT=1
+RCTF_RCTF_MEM_LIMIT=500M
+RCTF_REDIS_CPU_LIMIT=1
+RCTF_REDIS_MEM_LIMIT=500M
+RCTF_POSTGRES_CPU_LIMIT=1
+RCTF_POSTGRES_MEM_LIMIT=500M

.gitignore

@@ -1,5 +1,5 @@
 # rDeploy files
-.rdeploy
+/.rdeploy
 
 npm-debug.log*
 yarn-debug.log*
@@ -19,5 +19,5 @@ $RECYCLE.BIN
 *.swp
 
 # nyc test runner
-.nyc_output
-coverage
+/.nyc_output
+/coverage

Dockerfile

@@ -1,16 +1,19 @@
-FROM node:10
+FROM node:10-slim
 
-RUN mkdir /app
 WORKDIR /app
 
-COPY package.json ./
-COPY yarn.lock ./
+ARG rctf_name
+ENV RCTF_NAME=${rctf_name}
 
-ENV NODE_ENV production
+COPY package.json yarn.lock ./
 RUN yarn
-
 COPY . .
+RUN yarn build && rm -r node_modules
+
+ENV NODE_ENV production
+ENV PORT 8000
+RUN yarn
 
-USER node
+EXPOSE 8000
 
-CMD ["node", "index.js"]
+CMD ["node", "index.js"]

app.js

@@ -1,12 +1,13 @@
 const path = require('path')
 const express = require('express')
-const bodyParser = require('body-parser')
 
 const app = express()
 
-app.use(bodyParser.json())
+app.use(express.raw({
+  type: 'application/json'
+}))
 
-app.use('/api/v1', require(path.join(__dirname, '/server/api')))
+app.use('/api/v1', require('./server/api'))
 
 const staticPath = path.join(__dirname, '/build')
 app.use(express.static(staticPath, { extensions: ['html'] }))

client/build.sh

@@ -1,3 +1,4 @@
 preact build client/src --service-worker false --prerender false --template client/index.html
 rm -r build/ssr-build build/manifest.json build/polyfills* build/push-manifest.json build/sw.js build/assets/icon.png
+mv build/*.js* build/assets
 cp -r static/* build

client/index.html

@@ -2,12 +2,12 @@
 <html lang="en">
 	<head>
 		<meta charset="utf-8">
-		<title>rCTF</title>
+		<title><%= htmlWebpackPlugin.options.view.ctfName %></title>
 		<meta name="viewport" content="width=device-width,initial-scale=1">
 		<meta name="mobile-web-app-capable" content="yes">
 		<meta name="apple-mobile-web-app-capable" content="yes">
 	</head>
 	<body>
-    <script src="<%= htmlWebpackPlugin.files.chunks['bundle'].entry %>"></script>
+    <script src="<%= htmlWebpackPlugin.options.view.assetsPrefix %><%= htmlWebpackPlugin.files.chunks['bundle'].entry %>"></script>
 	</body>
 </html>

config/index.js

@@ -1,4 +1,16 @@
 module.exports = {
   rDeployDirectory: '.rdeploy',
-  tokenKey: process.env.RCTF_TOKEN_KEY
+  verifyEmail: true,
+  tokenKey: process.env.RCTF_TOKEN_KEY,
+  ctfName: process.env.RCTF_NAME,
+  origin: process.env.RCTF_ORIGIN,
+  databaseUrl: process.env.RCTF_DATABASE_URL,
+  redisUrl: process.env.RCTF_REDIS_URL,
+  smtpUrl: process.env.RCTF_SMTP_URL,
+  emailFrom: process.env.RCTF_EMAIL_FROM,
+  divisions: {
+    eligible: 0,
+    ineligible: 1
+  },
+  loginTimeout: 10 * 60 * 1000
 }

docker-compose.yml

@@ -1,11 +1,45 @@
-version: "3"
+version: '2.2'
 services:
-  example:
-    build: .
-    ports: 
-      - 3000:8000
-    environment: 
-      - PORT=8000
-    expose: 
-      - 8000
+  rctf:
+    user: 999:999
+    build:
+      context: .
+      args:
+        rctf_name: ${RCTF_NAME}
     restart: always
+    ports:
+      - '127.0.0.1:8000:8000'
+    networks:
+      - rctf
+    env_file:
+      - .env
+    volumes:
+      - /var/data/rctf-rdeploy:/app/.rdeploy
+    depends_on:
+      - redis
+      - postgres
+    cpus: ${RCTF_RCTF_CPU_LIMIT}
+    mem_limit: ${RCTF_RCTF_MEM_LIMIT}
+  redis:
+    user: 999:999
+    image: redis:5.0.7
+    restart: always
+    networks:
+      - rctf
+    volumes:
+      - /var/data/rctf-redis:/data
+    cpus: ${RCTF_REDIS_CPU_LIMIT}
+    mem_limit: ${RCTF_REDIS_MEM_LIMIT}
+  postgres:
+    user: '999:999'
+    image: postgres:9.6.17
+    restart: always
+    networks:
+      - rctf
+    volumes:
+      - /var/data/rctf-postgres:/var/lib/postgresql/data
+    cpus: ${RCTF_POSTGRES_CPU_LIMIT}
+    mem_limit: ${RCTF_POSTGRES_MEM_LIMIT}
+
+networks:
+  rctf: {}

index.js

@@ -1,4 +1,6 @@
-require('dotenv').config()
+try {
+  require('dotenv').config()
+} catch (e) {}
 
 const app = require('./app')
 

migrations/1581725957097_del-password.js

@@ -0,0 +1,9 @@
+exports.up = function (pgm) {
+  pgm.dropColumns('users', ['password'])
+}
+
+exports.down = function (pgm) {
+  pgm.addColumns('users', {
+    password: { type: 'string', notNull: true }
+  })
+}

package.json

@@ -11,7 +11,9 @@
     "build": "sh client/build.sh",
     "watch": "preact watch --src client/src --template client/index.html",
     "dev": "nodemon index.js",
-    "test": "nyc ava"
+    "test": "nyc ava",
+    "client:build": "sh client/build.sh",
+    "client:watch": "preact watch --src client/src --template client/index.html"
   },
   "husky": {
     "hooks": {
@@ -20,16 +22,19 @@
   },
   "dependencies": {
     "ajv": "^6.11.0",
-    "body-parser": "^1.19.0",
-    "dotenv": "^8.2.0",
+    "email-validator": "^2.0.4",
     "express": "^4.17.1",
+    "mustache": "^4.0.0",
     "node-pg-migrate": "^4.2.2",
+    "nodemailer": "^6.4.2",
     "pg": "^7.18.1",
+    "redis": "^3.0.2",
     "supertest": "^4.0.2",
     "uuid": "^3.4.0"
   },
   "devDependencies": {
     "ava": "^3.3.0",
+    "dotenv": "^8.2.0",
     "husky": "^4.2.1",
     "jss": "^10.0.4",
     "jss-camel-case": "^6.1.0",

preact.config.js

@@ -0,0 +1,13 @@
+require('dotenv').config()
+const config = require('./config')
+
+export default (webpackConfig, env, helpers) => {
+  if (env.ssr) {
+    return
+  }
+  const { plugin } = helpers.getPluginsByName(webpackConfig, 'HtmlWebpackPlugin')[0]
+  plugin.options.view = {
+    assetsPrefix: env.production ? '/assets' : '',
+    ctfName: config.ctfName
+  }
+}

server/api/auth-login.js

@@ -1,26 +1,34 @@
+const database = require('../database')
+const auth = require('../auth')
 const { responses } = require('../responses')
 
 module.exports = {
   method: 'post',
   path: '/auth/login',
-  requireAuth: true,
+  requireAuth: false,
   schema: {
     body: {
       type: 'object',
       properties: {
-        email: {
-          type: 'string'
-        },
-        password: {
+        teamToken: {
           type: 'string'
         }
       },
-      required: ['email', 'password']
+      required: ['teamToken']
     }
   },
-  handler: async ({ req, uuid }) => {
+  handler: async ({ req }) => {
+    const uuid = await auth.token.getData(auth.token.tokenKinds.team, req.body.teamToken)
+    if (uuid === null) {
+      return responses.badToken
+    }
+    const user = await database.auth.getUserById({ id: uuid })
+    if (user === undefined) {
+      return responses.badUnknownUser
+    }
+    const authToken = await auth.token.getToken(auth.token.tokenKinds.auth, uuid)
     return [responses.goodLogin, {
-      uuid
+      authToken
     }]
   }
 }

server/api/auth-submit.js

@@ -0,0 +1,69 @@
+const uuidv4 = require('uuid/v4')
+const emailValidator = require('email-validator')
+const cache = require('../cache')
+const database = require('../database')
+const util = require('../util')
+const auth = require('../auth')
+const verifyEndpoint = require('./auth-verify')
+const config = require('../../config')
+const { responses } = require('../responses')
+
+module.exports = {
+  method: 'post',
+  path: '/auth/submit',
+  requireAuth: false,
+  schema: {
+    body: {
+      type: 'object',
+      properties: {
+        email: {
+          type: 'string'
+        },
+        name: {
+          type: 'string'
+        },
+        division: {
+          type: 'number',
+          enum: Object.values(config.divisions)
+        },
+        register: {
+          type: 'boolean'
+        }
+      },
+      required: ['email', 'name', 'division', 'register']
+    }
+  },
+  handler: async ({ req }) => {
+    const email = req.body.email.trim().toLowerCase()
+    if (!emailValidator.validate(email)) {
+      return responses.badEmail
+    }
+    const user = await database.auth.getUserByEmail({ email })
+    if (user === undefined && !req.body.register) {
+      return responses.badUnknownEmail
+    }
+    if (user !== undefined && req.body.register) {
+      return responses.badKnownEmail
+    }
+    const uuid = uuidv4()
+    await cache.login.makeLogin({ id: uuid })
+    const verifyToken = await auth.token.getToken(auth.token.tokenKinds.verify, {
+      id: uuid,
+      email,
+      name: req.body.name,
+      division: req.body.division,
+      register: req.body.register
+    })
+
+    if (config.verifyEmail) {
+      await util.email.sendVerification({
+        email,
+        token: verifyToken
+      })
+      return responses.goodVerifySent
+    } else {
+      // Pretend user sent token to verify endpoint
+      return verifyEndpoint.handleToken(verifyToken)
+    }
+  }
+}

server/api/auth-test.js

@@ -0,0 +1,10 @@
+const { responses } = require('../responses')
+
+module.exports = {
+  method: 'get',
+  path: '/auth/test',
+  requireAuth: true,
+  handler: async () => {
+    return responses.validToken
+  }
+}