me/ctfd-category-submit-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ab12e4b5a52c2059a7623aad87a7a2e1e566346c
ctfd-category-submit-plugin/__init__.py
Matthew Grove ab12e4b5a5 Rename template file
2026-01-05 21:43:29 +00:00

98 lines
4.6 KiB
Python
Raw Blame History

import time
from flask import Blueprint, request, jsonify, render_template
from CTFd.models import db, Challenges, Flags, Solves, Submissions
from CTFd.utils.user import get_current_user, get_current_team
from CTFd.utils.decorators import authed_only, admins_only, during_ctf_time_only
from CTFd.utils.decorators.visibility import check_challenge_visibility
from CTFd.plugins.flags import get_flag_class
from CTFd.utils import get_config, set_config
def load(app):
plugin_bp = Blueprint('category_submission', __name__,
template_folder='templates', static_folder='assets')
@plugin_bp.route('/admin/category_submission', methods=['GET', 'POST'])
@admins_only
def admin_settings():
if request.method == 'POST':
set_config('cat_sub_categories', request.form.get('categories'))
set_config('cat_sub_cooldown', request.form.get('cooldown'))
return render_template('category_settings.html', success=True,
categories=request.form.get('categories'),
cooldown=request.form.get('cooldown'))
return render_template('category_settings.html',
categories=get_config('cat_sub_categories') or "",
cooldown=get_config('cat_sub_cooldown') or "3"
)
@plugin_bp.route('/category_submit/config', methods=['GET'])
@check_challenge_visibility # Matches challenge page visibility settings
@during_ctf_time_only
def get_plugin_config():
return jsonify({
'categories': [c.strip() for c in (get_config('cat_sub_categories') or "").split(',') if c.strip()],
'cooldown': int(get_config('cat_sub_cooldown') or 3)
})
@plugin_bp.route('/category_submit', methods=['POST'])
@authed_only
@check_challenge_visibility
@during_ctf_time_only
def category_submit():
user = get_current_user()
team = get_current_team()
category = request.form.get('category')
provided_flag = request.form.get('submission', '').strip()
enabled_cats = [c.strip() for c in (get_config('cat_sub_categories') or "").split(',') if c.strip()]
cooldown = int(get_config('cat_sub_cooldown') or 3)
if category not in enabled_cats:
return jsonify({'success': False, 'message': 'Invalid category'})
# Rate Limiting
last_sub = Submissions.query.filter_by(user_id=user.id).order_by(Submissions.date.desc()).first()
if last_sub and (time.time() - last_sub.date.timestamp() < cooldown):
return jsonify({'success': False, 'message': f'Wait {cooldown}s between tries'})
# Optimized Solve Check (Unified User/Team Mode)
solve_filter = (Solves.team_id == team.id) if team else (Solves.user_id == user.id)
# Only query unsolved challenges in the specific category
challenges = Challenges.query.filter(
Challenges.category == category,
Challenges.state == 'visible',
~Challenges.id.in_(db.session.query(Solves.challenge_id).filter(solve_filter))
).all()
for chall in challenges:
for flag in Flags.query.filter_by(challenge_id=chall.id).all():
try:
# Supports Static, Regex, and Case-Insensitive flags via CTFd internal classes
if get_flag_class(flag.type).compare(flag, provided_flag):
solve = Solves(
user_id=user.id, team_id=team.id if team else None,
challenge_id=chall.id, ip=request.remote_addr, provided=provided_flag
)
db.session.add(solve)
db.session.add(Submissions(
user_id=user.id, team_id=team.id if team else None,
challenge_id=chall.id, ip=request.remote_addr, provided=provided_flag, type='correct'
))
db.session.commit()
return jsonify({'success': True, 'message': f'Correct: {chall.name}'})
except Exception: continue
# Record failed attempt for audit/brute-force detection
db.session.add(Submissions(
user_id=user.id, team_id=team.id if team else None,
challenge_id=None, ip=request.remote_addr, provided=provided_flag, type='incorrect'
))
db.session.commit()
return jsonify({'success': False, 'message': 'Incorrect Flag'})
app.register_blueprint(plugin_bp)
from CTFd.utils.plugins import register_script
register_script('/plugins/category_submission/assets/inject.js')
Reference in New Issue View Git Blame Copy Permalink