Merge pull request #60 from abs0lut3pwn4g3/gssoc20-dev

**Release v1.0**

New features:
- [x] Multiple boxes support (closes issue #17)
- [x] Challenges page (closes issue #56). Along with tag and category models for organization.
- [x] CTF settings and websites are now stored in database and can easily be changed from the new `/setup` view. (Closes issue #55)
- [x] WTForm class for Machine for editing/creating new machines.
- [x] Implemented thorough and efficient caching with use of "Flask-Caching" and "Redis".
- [x] Now uses flask factory app method so the various flask extensions can be well-managed.

Changes:
- [x] Define redis service in `docker-compose.yml`
- [x] Redis add-on has been added to `app.json`.
- [x] `ADMIN_EMAIL`, and mail related env variables added in `app.json`.
- [x] Flag submission is now in a modal.
- [x] DB models are now in their respective folders in `models.py`
- [x] Optimized scoreboard's detail fetching
- [x] Features such as searching and exporting and new dark theme for `Admin Controls` (closes issues #1, #16, #36 )
- [x] Some utility functions such as `@admin_only` decorator.
- [x] macros have been defined in templates for reusability.

Author: eshaan7

.travis.yml

@@ -19,9 +19,9 @@ before_install:
 
 install: 
   - "pip install -r src/requirements.txt"
-  - "python src/create_db.py"
+  - "python src/create_db.test.py"
 
 before_script:
   - black . --check
 script:
-  - flake8 . --count --max-line-length=88 --show-source --statistics
+  - flake8 . --count --max-line-length=88 --show-source --statistics

CONTRIBUTING.md

@@ -24,9 +24,10 @@
 
 ## This project makes use of the following Flask libraries
 
-* Flask-blueprints for modularity and clean codebase,
+* Blueprints for modularity and clean codebase,
 * Flask-admin for Admin views and easy realtime management,
-* Flask-SQLAlchemy for SQL models, 
+* Flask-SQLAlchemy for SQL models,
+* Flask-Caching with redis for efficient caching,
 * Flask-login for session handling,
 * Flask-wtf for responsive forms,
 * Flask-mail for mail service,
@@ -43,7 +44,7 @@ $ black .
 ```
 
 ```bash
-$ flake8 src/ flake8 . ---max-line-length=88 --show-source --statistics
+$ flake8 src/ --max-line-length=88 --show-source --statistics
 ```
 
 if flake8 shows any errors or warnings, please fix the changes in a new commit and squash all the commits into one before submitting the PR.

Dockerfile

@@ -1,10 +1,28 @@
-FROM python:3
+FROM python:3.8.2-alpine3.11
 
+MAINTAINER eshaan7bansal@gmail.com
+
+# Env
+RUN export DATABASE_URL="postgres://${DB_USER}:${DB_PASSWORD}@postgres:${DB_PORT}/${DB_NAME}" \
+    && export REDIS_URL="redis://redis:6379/0"
+
+# update and install packages
+RUN apk update \
+    && apk add libpq postgresql-dev \
+    && apk add build-base \
+    && apk add --no-cache git libssl1.1 g++ make libffi-dev
+
+# Add a new low-privileged user
+RUN adduser --shell /sbin/login www-data -DH
+
+# Install RTB-CTF-Framework
 WORKDIR /usr/src/app
 COPY src ./
-RUN pip install --no-cache-dir -r requirements.txt
-EXPOSE 8080
-RUN chown -R 1001:1001 .
-USER 1001
+RUN pip install --no-cache-dir -r requirements.txt \
+    && chown -R www-data ./
+
+USER www-data
+
+EXPOSE 8000
 RUN chmod +x /usr/src/app/docker-entrypoint.sh
 ENTRYPOINT [ "/usr/src/app/docker-entrypoint.sh" ]

README.md

@@ -10,9 +10,9 @@
   <a href="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework" target="_blank">
     <img alt="Build Status" src="https://travis-ci.com/abs0lut3pwn4g3/RTB-CTF-Framework.svg?branch=gssoc20-dev"/>
   </a>
-  <!-- <a href="https://lgtm.com/projects/g/abs0lut3pwn4g3/RTB-CTF-Framework/context:python">
+  <a href="https://lgtm.com/projects/g/abs0lut3pwn4g3/RTB-CTF-Framework/context:python">
   	<img alt="Language grade: Python" src="https://img.shields.io/lgtm/grade/python/g/abs0lut3pwn4g3/RTB-CTF-Framework.svg?logo=lgtm&logoWidth=18"/>
-  </a> -->
+  </a>
   <a href="https://github.com/psf/black" target="_blank">
     <img alt="Code style: black" src="https://img.shields.io/badge/code%20style-black-000000.svg"/>
   </a>
@@ -30,50 +30,34 @@ The main purpose of this project is to serve as a scoring engine and CTF manager
 
 ## Features
 
-##### For CTF hosters
-* A page to show relevant details about the machine such as name, IP, OS, points and difficulty level. 
+* Machines listing with fields: name, IP, OS, points and difficulty level.
+* Challenges listing with fields: title, description, URL, points.
+* Totally configurable settings such running time, organization details, CTF name.
 * Automatic strong password for administrator
 * Well implemented controls for administrators providing features such as issuing notifications, database CRUD operations, full fledged logging,
 * Simple User Registration/login process, account management, Forgot password functionalities,
 * Flag submission (currently 2 flags: user and root),
 * Real time scoreboard tracking,
-* Easily deployable on Heroku. 
-
-##### For Developers & Contributors
-* Flask-blueprints for modularity and clean codebase,
-* Flask-admin for Admin views and easy realtime management,
-* Flask-SQLAlchemy for SQL models, 
-* Flask-login for session handling,
-* Flask-wtf for responsive forms,
-* Flask-mail for mail service,
-* Flask-bcrypt for password hashing and security,
+* Efficient caching so it's fast
+* Easily deployable on Heroku.
 
 ## Build locally
 
 Please see [INSTALLATION.md](INSTALLATION.md).
 
-## Host Your Own CTF In 5 minutes with Heroku
-
-Using this is as simple as anything.
-
-1. Fork the `master` branch and clone your fork,
-
-```bash
-$ git clone https://github.com/<your_github_username>/RTB-CTF-Framework
-$ cd RTB-CTF-Framework/
-```
-
-2. Configure your CTF settings (such as name, running time) in [`config.py`](https://github.com/abs0lut3pwn4g3/RTB-CTF-Framework/blob/master/src/FlaskRTBCTF/config.py).
+## Host Your Own CTF in a minute with Heroku
 
-3. In the `app.json`, change the `repository` key's value to match your fork's URL.
+1. Sign up on [Heroku](https://heroku.com), if you haven't already and click on the below "Deploy to Heroku" button.
 
-4. Push these changes to the remote of your fork.
+    [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
 
-5. Visit your Fork's GitHub URL in the browser and click on the following **Deploy to Heroku** button.
+2. Give your application an awesome name and _optionally_ specify mail environment variables.
 
     > Note: A psuedo-random password for the **admin** user would be created and set in the config variable `ADMIN_PASS`. On Heroku, you can reveal this password from your application's dashboard settings. Same for the Flask application's `SECRET_KEY`.
 
-    [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
+3. Open your newly deployed application in the browser, you'll be redirected to login as the `admin` user and do so.
+
+4. Finally, you'll want to `/setup` the CTF Settings and,
 
 #### Yay! Now you have a customized instance of the RTB-CTF-Framework live on Heroku. 🎉
 
@@ -104,11 +88,6 @@ $ cd RTB-CTF-Framework/
 
 For further guidelines, Please refer to [CONTRIBUTING.md](CONTRIBUTING.md)
 
-## Screenshots
-
-> Why look at static pictures, when you can use a demo ? Visit: <https://rtblivedemo.herokuapp.com/>.
-
-<img src="screenshots/home_ss.png" width=400 />
-<img src="screenshots/scoreboard_ss.png" width=400 />
-<img src="screenshots/machine_ss.png" width=400 />
+## Live Demo
 
+**Live Demo:** <https://rtblivedemo.herokuapp.com/> (login with `admin:admin`)

app.json

@@ -5,6 +5,9 @@
   "addons": [
     {
       "plan": "heroku-postgresql"
+    },
+    {
+      "plan": "heroku-redis"
     }
   ],
   "buildpacks": [
@@ -20,6 +23,17 @@
     "ADMIN_PASS": {
       "description": "Administrator password",
       "generator": "secret"
+    },
+    "ADMIN_EMAIL": {
+      "description": "Administrator email"
+    },
+    "MAIL_USER": {
+      "description": "Username for mail service",
+      "required": false
+    },
+    "MAIL_PASS": {
+      "description": "Password for mail service",
+      "required": false
     }
   },
   "scripts": {

docker-compose.yml

@@ -1,8 +1,53 @@
 version: "3"
 
 services:
-  rtbd:
+  rtbctf:
     build: .
+    container_name: rtb_gunicorn
+    restart: unless-stopped
+    expose:
+      - "8000"
+    environment:
+      - DEBUG=False
+      - SECRET_KEY=changeme
+      - DB_USER=eshaan
+      - DB_PASSWORD=eshaan
+      - DB_NAME=rtbctf
+      - DB_PORT=5432
+      - WORKERS=8
+      - ADMIN_PASS=admin
+    depends_on:
+      - postgres
+      - redis
+
+  postgres:
+    image: library/postgres:12.1-alpine
+    container_name: rtb_postgres
+    restart: unless-stopped
+    expose:
+      - "5432"
+    environment:
+      - POSTGRES_USER=eshaan
+      - POSTGRES_PASSWORD=eshaan
+      - POSTGRES_DB=rtbctf
+
+  redis:
+    image: redis:6.0-rc4-alpine
+    container_name: rtb_redis
+    restart: unless-stopped
+    expose:
+      - "6379"
+
+  
+  nginx:
+    image: library/nginx:1.16.1-alpine
+    container_name: rtb_nginx
+    restart: unless-stopped
+    hostname: nginx
+    volumes:
+      - ./rtb_nginx_http:/etc/nginx/conf.d/default.conf
     ports:
-      - 80:8080
-    restart: unless-stopped
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - rtbctf

rtb_nginx_http

@@ -0,0 +1,19 @@
+# the upstream component nginx needs to connect to
+upstream flask {
+    server rtbctf:8000 fail_timeout=60s;
+}
+
+
+server {
+    listen 80;
+
+    server_name rtbctf.com;
+
+    location / {
+        proxy_pass http://flask;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $host;
+        proxy_redirect off;
+   }
+
+}