Rating system + optimizations (#73)

* Adding Rating System (#69)

* Adding Rating System

* Improvements to admin views

* Bug fixes where cache invalidation was being done wrongly in admin/views.py

Co-authored-by: Eshaan Bansal <eshaan7bansal@gmail.com>

* Update README.md

* Update README.md

Co-authored-by: Kainaat Singh <kainaat.singh@gmail.com>

Author: eshaan7

README.md

@@ -68,7 +68,7 @@ Please see [INSTALLATION.md](INSTALLATION.md).
 
 The main purpose of this project is to serve as a scoring engine and CTF manager. One that is packed with features, can handle enterprise/global level traffic on a scalable yet free heroku's dyno.
 
-[CTFd](https://github.com/ctfd/ctfd) is one of the most popular CTF framework and we have used it for multiple engagements and will surely use it again. But at the same time, CTFd is heavy (~22.2 mb) (it gives poor performance even on a $49/mo heroku dyno) and not everybody has $$$ to spend on cloud, especially students (like us). So, that's where RTB-CTF-Framework (~100 KB) comes in. 
+[CTFd](https://github.com/ctfd/ctfd) is one of the most popular CTF framework and we have used it for multiple engagements and will surely use it again. But at the same time, CTFd is heavy (~22.2 mb) (it gives poor performance even on a $49/mo heroku dyno) and not everyone has $$$ to spend on cloud, especially students (like us). So, that's where RTB-CTF-Framework (~100 KB) comes in.
 
 ## Contributing
 
@@ -81,19 +81,12 @@ The main purpose of this project is to serve as a scoring engine and CTF manager
   </a>
 </p>
 
-##### 👨 Project Owner
 
-- Eshaan Bansal ([github](https://github.com/eshaan7), [linkedin](https://www.linkedin.com/in/eshaan7/))
+##### Join us on slack
 
-##### 👬  Mentors
+- [#rtb-ctf-framework on slack](https://rtb-ctf-framework.slack.com)
 
-- Sombuddha Chakravarty ([github](https://github.com/sammy1997), [linkedin](https://www.linkedin.com/in/sombuddha-chakravarty-9482b5131/))
-
-##### Slack Channel for GSSoC 2020
-
-- [#proj_root-the-box-ctf-framework](https://app.slack.com/client/TRN1H1V43/CUC71PDD2)
-
-For further guidelines, Please refer to [CONTRIBUTING.md](CONTRIBUTING.md)
+Please refer to [CONTRIBUTING.md](CONTRIBUTING.md)
 
 
 ## Live Demo

setup.cfg

@@ -1,3 +1,3 @@
 # content of setup.cfg (deprecated atm)
 [tool:pytest]
-flake8-ignore = W191
+flake8-ignore = W191, E231

src/FlaskRTBCTF/admin/views.py

@@ -7,10 +7,11 @@
 from flask_admin.contrib.sqla import ModelView
 
 from ..utils.cache import cache
-from ..utils.helpers import clear_points_cache
+from ..utils.helpers import clear_points_cache, clear_rating_cache
 
 
 class BaseModelView(ModelView):
+    can_view_details = True
     export_types = ("csv", "json")
     can_export = True
     form_base_class = SecureForm
@@ -36,7 +37,6 @@ def _handle_view(self, name, **kwargs):
 
 
 class UserAdminView(BaseModelView):
-    can_view_details = True
     column_exclude_list = ("password",)
     form_exclude_list = ("password",)
     column_searchable_list = ("username", "email")
@@ -54,9 +54,9 @@ def after_model_delete(model):
 
 
 class MachineAdminView(BaseModelView):
-    can_view_details = True
     column_exclude_list = ("user_hash", "root_hash", "updated_on")
     column_searchable_list = ("name", "ip")
+    column_filters = ("difficulty", "user_points", "root_points", "os")
 
     @expose("/new/")
     def create_view(self):
@@ -69,9 +69,9 @@ def edit_view(self):
 
 
 class ChallengeAdminView(BaseModelView):
-    can_view_details = True
     column_exclude_list = ("description", "flag", "url")
-    column_searchable_list = ("title", "url")
+    column_searchable_list = ("title", "url", "flag")
+    column_filters = ("difficulty", "points", "category")
     form_choices = {
         "difficulty": [
             ("easy", "Easy"),
@@ -93,36 +93,39 @@ def after_model_delete(model):
 
 
 class UserChallengeAdminView(BaseModelView):
-    column_filters = ("completed",)
-    column_list = ("user_id", "challenge_id", "completed")
+    column_filters = ("completed", "user_id", "challenge_id")
+    column_list = ("user_id", "challenge_id", "completed", "rating")
+    form_choices = {
+        "rating": [("1", "1"), ("2", "2"), ("3", "3"), ("4", "4"), ("5", "5")]
+    }
 
     @staticmethod
     def after_model_change(form, model, is_created):
-        if form.completed != model.completed:
-            clear_points_cache(userId=model.user_id, mode="c")
+        clear_points_cache(userId=model.user_id, mode="c")
+        clear_rating_cache(user_id=model.user_id, ch_id=model.challenge_id)
         return
 
     @staticmethod
     def after_model_delete(model):
         clear_points_cache(userId=model.user_id, mode="c")
+        clear_rating_cache(user_id=model.user_id, ch_id=model.challenge_id)
         return
 
 
 class UserMachineAdminView(BaseModelView):
-    column_filters = ("owned_user", "owned_root")
-    column_list = ("user_id", "machine_id", "owned_user", "owned_root")
+    column_filters = ("user_id", "machine_id", "owned_user", "owned_root", "rating")
+    column_list = ("user_id", "machine_id", "owned_user", "owned_root", "rating")
 
     @staticmethod
     def after_model_change(form, model, is_created):
-        if (form.owned_user != model.owned_user) or (
-            form.owned_root != model.owned_root
-        ):
-            clear_points_cache(userId=model.user_id, mode="m")
+        clear_points_cache(userId=model.user_id, mode="m")
+        clear_rating_cache(user_id=model.user_id, machine_id=model.machine_id)
         return
 
     @staticmethod
     def after_model_delete(model):
         clear_points_cache(userId=model.user_id, mode="m")
+        clear_rating_cache(user_id=model.user_id, machine_id=model.machine_id)
         return
 
 

src/FlaskRTBCTF/config.py

@@ -7,7 +7,7 @@
 
 
 class Config:
-    DEBUG = False  # Turn DEBUG OFF before deployment
+    DEBUG = True  # Turn DEBUG OFF before deployment
     SECRET_KEY = handle_secret_key()
     SQLALCHEMY_DATABASE_URI = os.environ.get("DATABASE_URL") or "sqlite:///site.db"
     # For local use, one can simply use SQLlite with: 'sqlite:///site.db'

src/FlaskRTBCTF/ctf/forms.py

@@ -1,7 +1,15 @@
 from flask_wtf import FlaskForm
 from wtforms import StringField, SubmitField, HiddenField, RadioField
-from wtforms.validators import DataRequired, Length, ValidationError, IPAddress
+from wtforms.validators import (
+    DataRequired,
+    Length,
+    ValidationError,
+    IPAddress,
+    NumberRange,
+    AnyOf,
+)
 from wtforms.fields.html5 import IntegerField
+from wtforms.widgets import HiddenInput, SubmitInput
 from .models import Machine, Challenge
 
 
@@ -92,3 +100,18 @@ def validate_flag(self, flag):
             raise ValidationError("No challenge with that ID exists")
         elif ch.flag != str(flag.data):
             raise ValidationError("Incorrect flag.")
+
+
+class RatingForm(FlaskForm):
+    machine_challenge_id = IntegerField(
+        label="ID", widget=HiddenInput(), validators=[DataRequired()]
+    )
+    rating_for = HiddenField(
+        label="Machine or Challenge?",
+        validators=[DataRequired(), AnyOf(("machine", "challenge"))],
+    )
+    rating_value = IntegerField(
+        label="Rating",
+        widget=SubmitInput(),
+        validators=[DataRequired(), NumberRange(min=1, max=5)],
+    )

src/FlaskRTBCTF/ctf/models.py

@@ -1,4 +1,5 @@
 from sqlalchemy.orm import joinedload
+from sqlalchemy.sql import func
 
 from FlaskRTBCTF.utils.models import db, TimeMixin, ReprMixin
 from FlaskRTBCTF.utils.cache import cache
@@ -21,6 +22,16 @@ class Machine(TimeMixin, ReprMixin, db.Model):
     ip = db.Column(db.String(64), nullable=False)
     difficulty = db.Column(db.String, nullable=False, default="Easy")
 
+    @staticmethod
+    @cache.memoize(timeout=3600)
+    def avg_rating(id):
+        avg_rating = (
+            UserMachine.query.with_entities(func.avg(UserMachine.rating))
+            .filter(UserMachine.machine_id == id, UserMachine.rating != 0)
+            .scalar()
+        )
+        return round(avg_rating, 1) if avg_rating else 0
+
     @staticmethod
     @cache.cached(timeout=3600 * 3, key_prefix="machines")
     def get_all():
@@ -46,6 +57,7 @@ class UserMachine(TimeMixin, db.Model):
     )
     owned_user = db.Column(db.Boolean, nullable=False, default=False)
     owned_root = db.Column(db.Boolean, nullable=False, default=False)
+    rating = db.Column(db.Integer, nullable=False, default=0)
 
     @classmethod
     @cache.memoize(timeout=3600 * 3)
@@ -65,6 +77,17 @@ def completed_machines(cls, user_id):
         completed["root"] = [int(id[0]) for id in _ids2]
         return completed
 
+    @classmethod
+    @cache.memoize(timeout=3600 * 3)
+    def rated_machines(cls, user_id):
+        _ids = (
+            cls.query.with_entities(cls.machine_id)
+            .filter(cls.user_id == user_id, cls.rating != 0)
+            .all()
+        )
+        _ids = [int(id[0]) for id in _ids]
+        return _ids
+
 
 # Tag Model
 class Tag(ReprMixin, db.Model):
@@ -107,6 +130,16 @@ class Challenge(TimeMixin, ReprMixin, db.Model):
         backref=db.backref("challenges", lazy="noload"),
     )
 
+    @staticmethod
+    @cache.memoize(timeout=3600)
+    def avg_rating(id):
+        avg_rating = (
+            UserChallenge.query.with_entities(func.avg(UserChallenge.rating))
+            .filter(UserChallenge.challenge_id == id, UserChallenge.rating != 0)
+            .scalar()
+        )
+        return round(avg_rating, 1) if avg_rating else 0
+
 
 # UserChallenge: N to N relationship
 class UserChallenge(TimeMixin, db.Model):
@@ -126,6 +159,7 @@ class UserChallenge(TimeMixin, db.Model):
         index=True,
     )
     completed = db.Column(db.Boolean, nullable=False, default=False)
+    rating = db.Column(db.Integer, nullable=False, default=0)
 
     @classmethod
     @cache.memoize(timeout=3600 * 3)
@@ -138,6 +172,17 @@ def completed_challenges(cls, user_id):
         _ids = [int(id[0]) for id in _ids]
         return _ids
 
+    @classmethod
+    @cache.memoize(timeout=3600 * 3)
+    def rated_challenges(cls, user_id):
+        _ids = (
+            cls.query.with_entities(cls.challenge_id)
+            .filter(cls.user_id == user_id, cls.rating != 0)
+            .all()
+        )
+        _ids = [int(id[0]) for id in _ids]
+        return _ids
+
 
 # Category Model
 class Category(ReprMixin, db.Model):