Add some CTFd plugin features

theKidOfArcrania · theKidOfArcrania · commit 32c3c698a133 · 2020-11-30T00:49:09.000-06:00
* Better dynamic scoring formula (copied from watevrctf)
 * Add a GCP file uploader option which uploads files to GCP
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+__pycache__
+*.sw?
diff --git a/__init__.py b/__init__.py
@@ -1,3 +1,6 @@
+import glob
+import importlib
+import os.path
 from flask import send_file, jsonify
 from flask.helpers import safe_join
 from CTFd.models import Challenges, Solves, Pages, db
@@ -10,15 +13,27 @@
 from sqlalchemy.sql import and_
 
 def load(app):
+    # Load all the subcomponents (which resides in this directory)
+    this_dir = os.path.abspath(os.path.dirname(__file__))
+    modules = sorted(glob.glob(this_dir + '/*.py'))
+    blacklist = {'__pycache__', '__init__.py'}
+    for mod in modules:
+        mod = os.path.basename(mod)
+        if mod in blacklist: continue
+        mod = '.' + mod[:-3]
+        mod = importlib.import_module(mod, package=__package__)
+        mod.load(app)
+        print(' * pbctf: Loaded subcomponent, %s' % mod)
+
     def nonce():
         from flask import session
         return session.get('nonce')
     app.jinja_env.globals.update(nonce=nonce)
 
-    @app.route("/OneSignalSDKWorker.js", methods=["GET"])
-    def worker():
-        filename = safe_join(app.root_path, 'themes', 'tsgctf', 'static', 'OneSignalSDKWorker.js')
-        return send_file(filename)
+    #@app.route("/OneSignalSDKWorker.js", methods=["GET"])
+    #def worker():
+    #    filename = safe_join(app.root_path, 'themes', 'tsgctf', 'static', 'OneSignalSDKWorker.js')
+    #    return send_file(filename)
 
     @app.route("/api/v1/dates", methods=["GET"])
     def dates():
diff --git a/dynamic.py b/dynamic.py
@@ -0,0 +1,43 @@
+import math
+
+from CTFd.utils.modes import get_model
+from CTFd.models import Solves, db
+from CTFd.plugins.dynamic_challenges import DynamicValueChallenge
+
+@classmethod
+def calculate_value(cls, challenge):
+    Model = get_model()
+
+    solve_count = (
+        Solves.query.join(Model, Solves.account_id == Model.id)
+        .filter(
+            Solves.challenge_id == challenge.id,
+            Model.hidden == False,
+            Model.banned == False,
+        )
+        .count()
+    )
+
+    # If the solve count is 0 we shouldn't manipulate the solve count to
+    # let the math update back to normal
+    if solve_count != 0:
+        # We subtract -1 to allow the first solver to get max point value
+        solve_count -= 1
+
+    # It is important that this calculation takes into account floats.
+    # Hence this file uses from __future__ import division
+    # Changed in favor of a better decay formula
+    value = ((challenge.initial - challenge.minimum) / 
+            (1 + solve_count / challenge.decay)) + challenge.minimum
+
+    value = math.ceil(value)
+
+    if value < challenge.minimum:
+        value = challenge.minimum
+
+    challenge.value = value
+    db.session.commit()
+    return challenge
+
+def load(app):
+    DynamicValueChallenge.calculate_value = calculate_value
diff --git a/gcpuploader.py b/gcpuploader.py
@@ -0,0 +1,78 @@
+import os
+import os.path
+import string
+import sys
+
+from flask import current_app, redirect
+from google.oauth2 import service_account
+from google.cloud import storage
+from werkzeug.utils import secure_filename
+
+from CTFd.utils import get_app_config
+from CTFd.utils.uploads import UPLOADERS
+from CTFd.utils.uploads.uploaders import BaseUploader
+from CTFd.utils.encoding import hexencode
+
+# Requires setting GCP_STORE_CRED and GCP_STORE_BUCKET vars
+# and GCP_STORE_CRED should be a json file for our private key creds
+#
+# Should also modify the requirements.in and requiremnts.txt file to have
+# google-cloud-storage==1.33.0 dependency
+
+class GCPUploader(BaseUploader):
+    def __init__(self):
+        super(BaseUploader, self).__init__()
+        self.gcp = storage.Client.from_service_account_json(
+                get_app_config('GCP_STORE_CRED'))
+        self.bucket = self.gcp.get_bucket(get_app_config("GCP_STORE_BUCKET"))
+
+
+    def _clean_filename(self, c):
+        if c in string.ascii_letters + string.digits + "-" + "_" + ".":
+            return True
+
+    def store(self, fileobj, filename):
+        blob = self.bucket.blob(filename)
+        blob.upload_from_file(fileobj)
+        blob.make_public()
+        return filename
+
+    def upload(self, file_obj, filename):
+        filename = filter(
+            self._clean_filename, secure_filename(filename).replace(" ", "_")
+        )
+        filename = "".join(filename)
+        if len(filename) <= 0:
+            return False
+
+        md5hash = hexencode(os.urandom(16))
+
+        dst = md5hash + "/" + filename
+        return self.store(file_obj, dst)
+
+    def download(self, filename):
+        blob = self.bucket.blob(filename)
+        return redirect(blob.public_url)
+
+    def delete(self, filename):
+        try:
+            # Might have an error if it's not there
+            blob = self.bucket.blob(filename)
+            blob.delete()
+        except:
+            import traceback
+            traceback.print_exc(file=sys.stdout)
+
+    def sync(self):
+        local_folder = current_app.config.get("UPLOAD_FOLDER")
+        for blob in self.bucket.list_blobs():
+            if blob.name.endswith("/") is False:
+                local_path = os.path.join(local_folder, blob.name)
+                directory = os.path.dirname(local_path)
+                if not os.path.exists(directory):
+                    os.makedirs(directory)
+
+                blob.download_to_file(local_path)
+
+def load(app):
+    UPLOADERS['gcp'] = GCPUploader
