-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ECSC task parser #184
Merged
Merged
Add ECSC task parser #184
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Parses the JSON output of the /stats.json endpoint of the ECSC gameboard. The output doesn't contain actual categories, so we use the 'contract' name as the category.
XeR
approved these changes
Aug 28, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work !
I'll try to get some important person to test it on ENISA's beta environment. I'll merge it when I have their feedback
JJ-8
added a commit
to erdnaxe/CTFNote
that referenced
this pull request
Jul 14, 2024
The parser was introduced in TFNS#184 but I don't think anyone will be using this parser since the project is dead for years and ENISA is not using this gameboard in the last couple of years. Since it conflicts with the parsing of the other CTF formats, it is better to drop it and reintroduce it when necessary.
ISnackable
added a commit
to ISnackable/CTFNote
that referenced
this pull request
Aug 23, 2024
* Decreased task switcher density * Update filled textbox styling * Updated EditCtfDialog design * Updated ImportCtfDialog design * Updated InviteUserDialog design * Updated ResetPasswordDialog design * Updated SearchDialog design * Resolved Vue warnings * Updated TaskEditDialog design * Updated solve task dialog design * Update task and CTF deletion dialog design * Updated TaskExportDialog design * Formatted code * Add delay to tooltips * Formatted code * Reduced code duplication for TaskBtnGroup component * Force category tags to be in a row on TableDense layout * Updated TaskImportDialog design * Changed TableDense button group color scheme * Re-add category tag wrapping * Updated design of more dialogs * Small spacing changes * Added CTFTime icon to CTFTime URL/ID input fields * Made padding more consistent * Allow ctrl+k search dialog hotkey inside iframe Since the iframe is hosted on the same domain as the parent iframe, we can freely inject anything we want in the iframe. Therefore, we can control script execution and we use that to inject a specially crafted hotkeys-iframe.js file. This sounds like an exploit, but actually it is just the hotkeys-js library code together with a simple `ctrl+k, command+k` shortcut definition that posts a message to the parent frame that the search dialog should be shown. The parent will now act accordingly. Therefore, the search dialog shortcuts now also work on the Hedgedoc iframe pages. * Serve hotkeys-iframe.js from a path from Hedgedoc to circumvent CSP The Hedgedoc CSP is a good thing to have enabled. But it breaks the JS injection done by CTFNote. So now we just lie to the frontend that the file is hosted by Hedgedoc while it actually is hosted by CTFNote. This should circumvent the CSP and allow script execution inside the iframe, even when the CSP is enabled. * Swap order of import dialog columns to checkbox, title, tags * Align categories to the right in task import dialog * Add label to flag submission dialog input * Replaced q-form with div in task import dialog * Slightly increased density of task switcher menu * Solved wrapping in navigation bar caused by category tags * Hide tags in task switcher on small screens * Resolved UI compiler warnings for TaskImportDialog * Set indicator color of all tabs to secondary * Redesigned login page * Redesigned registration page * Redesigned password reset page * Set static width for all auth pages * Make auth pages centered * Hide CTFNote logo next to auth pages on smaller screens * Always show CTFNote text in navigation bar on login screen * Increase page padding on auth pages * Display admin settings page in a single column on small screens * Adjust padding of cards in registration settings * Style inputs in registration settings * Re-organize columns on registration settings to group registration and calendar settings separately * Hide inputs for registration and calendar passwords when disabled * Adjust padding of cards in profile settings * Add icon support to color picker button * Style inputs in profile settings * Moved Change password to left column in profile settings * Fix color picker button being too large in some cases * Adjust padding for theme settings * Update styling for registered users settings page * Removed borders from cards in settings pages * Added icons to notifications toggle * Added Discord logo to CTFNote token field * Undo auth page centering * Make color picker icon appear white in light mode * Merge tags list and condensed tags list into a single class * Changed condensed tags list hidden count color to accent * Updated task list toolbar design * Removed rounded corners from CTF pages * Made CTFTime link smaller * Disabled weight badge click animation * Adjusted spacing and layout on CTF info page * Force tags to be lowercase in the frontend during parsing The backend already enforces lowercase of the tags, but the frontend did not. This could result in double challenge imports if you parse again. Now after the custom parser, all tags are forced to be lower case and unique. This fixes JJ-8#89 * Merge CTF edit and delete buttons on info page on small screens * Remove separator between tabs and CTF pages * Enable contextMenu by default on CTF admin menu * Upgrade yarn and API dependencies Two breaking changes: 1. graphql-upload-ts import was changed. 2. ical-generator `serve` method does not exist anymore. Replaced with writing manually to response. * Update .prettierrc config for trailing comma Otherwise the API files will all be beautified with extra comma's. * Vertically stack CTF description and credentials on small screens * Upgrade frontend dependencies * Format frontend files * Fix frontend ESLint warnings * Update frontend yarn cache This makes sure that the frontend will live forever, even with npmjs.com downtime. * Upgrade NodeJS in API and front Docker container Otherwise it won't build. * Use alpine NodeJS docker versions * Fix Docker image format * Bump @babel/traverse from 7.22.19 to 7.24.1 in /front Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.19 to 7.24.1. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Update install-state.gz due to dependabot upgrade * Upgrade top most yarn files * Make start and end time text on CTF info page white on light mode * Increased width of auth screens to make UUID tokens fit * Made all table headers lowercase on admin user settings page * Moved role column in admin user settings to the left of the username column * Prepended # to pad URL in task iframe, fixes TFNS#96 * Remove newline from last paragraph in descriptions on CTF info page * Redesigned error page for unknown task IDs * Redesigned CTF guest settings page * Adjusted padding for CTF info badges * Removed description on error page for unknown task IDs * Focus input before opening animation finishes in global search dialog * Focus input before opening animation finishes in solve task popup * Moved edit and delete buttons next to CTF title on info page * Fixed spacing issues below description/credentials on CTF info page * Removed description from CTF guest settings * Increased Discord event link input width * Made full table rows clickable on past CTFs page * Removed padding from past CTFs card * Made past CTFs table dense * Increased rows per page options for past CTFs table * Made rows per page setting for past CTFs table persistent * Added custom shortcuts to HedgeDoc editor * Hide search dialog when pressing esc In the old implementation you can only dismiss the search dialog by stop focussing it and then pressing esc or clicking outside the dialog area. This is not keyboard friendly so we introduce a new shortcut that hides the search dialog by just pressing the esc-button. * Increased Nginx upload limit to 5MB * Only allow one solve task dialog to be opened at most * Set nginx upload max size in hosting instructions This corresponds to the outer-nginx and may also need to be set before the change will actually be effective. * Make max upload size a global in the inner-nginx config With this it will apply to all requests done, so also the /uploads endpoint and not only the endpoint for Hedgedoc. * Added shortcut for opening solve task dialog * Added component to preview key combinations for shortcuts * Replace modifier keys on macOS with symbols * Made search dialog use ShortcutPreview component * Made solve task dialog use custom component * Renamed ShortcutPreview to ShortcutHint * Added shortcut hint to solve task dialog when opened on task pages * Fixed flag not updating in task solve dialog when opened using shortcut * Insert iframe hotkey script on task page during iframe load instead of onMounted * Remove no-backdrop-dismiss from task solve dialog * Fix Discord event link hanging issue When a sync has been performed, the old implementation causes a release of the database PoolClient, causing any future database operation to fail. This is due to the event sync code being triggered from the context of GraphQL queries instead of a separate context when an incoming event from Discord is processed. The code has now been rewritten to take the context.pgClient database client which is the current GraphQL pgClient. This client is used in all database operations and not released so it can be used in the future. This will stop the hanging of the server when a Discord event link sync is done. This issue was only reliable reproducible with quite some members interested in an event. I tested this with 13 people interested. In the future we should rewrite this code to always take a pgClient in the database code and create a new pgClient at a higher level when not available and otherwise always use the context.pgClient. At lower levels we should not be caring about releasing or not because this can only cause issues. * Set docker-compose images back to upstream * Remove accidental paste in README * Add back manual workflow trigger This is useful for testing if a branch builds. * Update husky dependency * Update contribution guidelines and mention Discord server * Fix line endings * Drop Node 16 test * Fix `any` return type of discord.js ActionRowBuilder * Regenerate graphql bindings * yarn --frozen-lockfile is deprecated * Fix `any` usage partly The query results should be type checked properly in the future. * Run prettier on api * Upgrade used actions to use node 20 https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/ * Bump postcss from 8.4.29 to 8.4.38 in /front Bumps [postcss](https://github.com/postcss/postcss) from 8.4.29 to 8.4.38. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.29...8.4.38) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Create dependabot.yml Config was created by @peace-maker through Discord. It should revive the Dependabot. * Update install-state.gz for Dependabot This is what I get when I run yarn myself. Don't know why Dependabot does not commit this already. * Bump tar from 6.2.0 to 6.2.1 in /api Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump express from 4.19.1 to 4.19.2 in /api Bumps [express](https://github.com/expressjs/express) from 4.19.1 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.1...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump typescript from 5.4.3 to 5.4.5 in /api Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.4.3 to 5.4.5. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.4.3...v5.4.5) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump ip from 2.0.0 to 2.0.1 in /api Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1. - [Commits](indutny/node-ip@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: ip dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Rename ECSC parser to ECSC2021 * Add CINI parser (ECSC 2024) * Bump braces from 3.0.2 to 3.0.3 in /api Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @typescript-eslint/parser from 7.3.1 to 7.16.0 in /api Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 7.3.1 to 7.16.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.16.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Add base of the hitcon parser for ctfnote * import hitcon parser * Fix HITCON parser The isValid function has been updated to match the correct data and imports are fixed. * Fix formatting issues in hitcon.ts * Fix isValid of CINI parser * Drop ECSC2021/2022 parser The parser was introduced in TFNS#184 but I don't think anyone will be using this parser since the project is dead for years and ENISA is not using this gameboard in the last couple of years. Since it conflicts with the parsing of the other CTF formats, it is better to drop it and reintroduce it when necessary. * Bump braces from 3.0.2 to 3.0.3 in /front Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump tar from 6.2.0 to 6.2.1 in /front Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /front Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4. - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: webpack-dev-middleware dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Fixed .yarn exlusion rules inside of the .gitignore to make them compliant. Added rules to .gitattributes * Created .vscode folder with config to hide yarn from search * Add migration for the discord_integration_enabled field in ctfnote.settings * Add code to sync the discord use from the config to the database. * Make sure discord_integration_enabled is not null. * Maybe its a good idea to grant the correct user.... * Add checks to the pages with Discord * Run codegen for graphql schema. For some reason codegen deleted a lot of things, lets hope nothing bad happens * Spelling fixes. * Simplified v-if to v-else * GraphQL schema files fixed. * Fixes that user_admin could write to ctfnote.settings.discord_integration_enabled * Bump quasar from 2.15.1 to 2.16.6 in /front Bumps [quasar](https://github.com/quasarframework/quasar) from 2.15.1 to 2.16.6. - [Release notes](https://github.com/quasarframework/quasar/releases) - [Commits](quasarframework/quasar@quasar-v2.15.1...quasar-v2.16.6) --- updated-dependencies: - dependency-name: quasar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fix Quasar build issues "@quasar/app-webpack": "^3.13.2", This package had to be this version to fix the issue. * Create migration for account invitation with Discord link * Removes the unique constraint from discord_id in `ctfnote_private.invitation_link`. It is preferred we unique this column however whenever you accidentally dismiss the discord bot and want to make a new token you cant. This is why we removed the unique constraint for now. * Update the GraphQL schema Graphql schema updated, hopefully this is right because windows/wsl version of `yarn run codegen` likes to break the schema sometimes. * Add base implementation of register command. This commit implements the base of some utils that are required and the base of the command itself. * Add checks to make sure user only has one token. This commit implements fixes for the issues talked about in comment: TFNS#301 (comment) Also changed the migration back to unique * Add ENV vars for configuring register command. Adds the Environment variables that are needed to configure the register command and some explanation for them. * Adds checks to register command and some cleanup Some general cleanup and fixes of todo's. Also implemented the required checks and used data from the environment variables. This command implements what showcased in issue message: TFNS#301 (comment) * Add role sync after `/register` command With a setTimeout we can run code after the request lifecycle. This is ugly, but it works. See also the comment in the code about this. Solves the problem for TFNS#301 (comment) * Refactor AllowedRoles to enum of strings * Rename variables and change signature of functions Variable renaming for consistency. The `getInvitationUrl` should return null in case of error instead of an empty string in order clarify error state. * Move the registerWithToken role sync to the after mutation hook It makes more sense to have it there. It was by accident placed in the before hook previously. * Improve Discord messages text * Add strict 'true' check for Discord registration * Small text improvements * Improve `/register` output even more * Add comments to sql migration file * Rename registration logic function to match command name * format fix * Autofocus username field on login and registration This makes it possible to have a login / registration flow easily by only keyboard. * Fix missing environment variables for Discord registration These were missing in the docker-compose.yml file. Without these it is not possible to configure the options for the `/register` command. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: markfijneman <48481393+markfijneman@users.noreply.github.com> Co-authored-by: JJ-8 <34778827+JJ-8@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Peace-Maker <peacemakerctf@gmail.com> Co-authored-by: Alexandre Iooss <erdnaxe@crans.org> Co-authored-by: Daan Breur <daanbreur@gmail.com> Co-authored-by: Daan Breur <git@daanbreur.systems>
ISnackable
added a commit
to ISnackable/CTFNote
that referenced
this pull request
Aug 23, 2024
* Decreased task switcher density * Update filled textbox styling * Updated EditCtfDialog design * Updated ImportCtfDialog design * Updated InviteUserDialog design * Updated ResetPasswordDialog design * Updated SearchDialog design * Resolved Vue warnings * Updated TaskEditDialog design * Updated solve task dialog design * Update task and CTF deletion dialog design * Updated TaskExportDialog design * Formatted code * Add delay to tooltips * Formatted code * Reduced code duplication for TaskBtnGroup component * Force category tags to be in a row on TableDense layout * Updated TaskImportDialog design * Changed TableDense button group color scheme * Re-add category tag wrapping * Updated design of more dialogs * Small spacing changes * Added CTFTime icon to CTFTime URL/ID input fields * Made padding more consistent * Allow ctrl+k search dialog hotkey inside iframe Since the iframe is hosted on the same domain as the parent iframe, we can freely inject anything we want in the iframe. Therefore, we can control script execution and we use that to inject a specially crafted hotkeys-iframe.js file. This sounds like an exploit, but actually it is just the hotkeys-js library code together with a simple `ctrl+k, command+k` shortcut definition that posts a message to the parent frame that the search dialog should be shown. The parent will now act accordingly. Therefore, the search dialog shortcuts now also work on the Hedgedoc iframe pages. * Serve hotkeys-iframe.js from a path from Hedgedoc to circumvent CSP The Hedgedoc CSP is a good thing to have enabled. But it breaks the JS injection done by CTFNote. So now we just lie to the frontend that the file is hosted by Hedgedoc while it actually is hosted by CTFNote. This should circumvent the CSP and allow script execution inside the iframe, even when the CSP is enabled. * Swap order of import dialog columns to checkbox, title, tags * Align categories to the right in task import dialog * Add label to flag submission dialog input * Replaced q-form with div in task import dialog * Slightly increased density of task switcher menu * Solved wrapping in navigation bar caused by category tags * Hide tags in task switcher on small screens * Resolved UI compiler warnings for TaskImportDialog * Set indicator color of all tabs to secondary * Redesigned login page * Redesigned registration page * Redesigned password reset page * Set static width for all auth pages * Make auth pages centered * Hide CTFNote logo next to auth pages on smaller screens * Always show CTFNote text in navigation bar on login screen * Increase page padding on auth pages * Display admin settings page in a single column on small screens * Adjust padding of cards in registration settings * Style inputs in registration settings * Re-organize columns on registration settings to group registration and calendar settings separately * Hide inputs for registration and calendar passwords when disabled * Adjust padding of cards in profile settings * Add icon support to color picker button * Style inputs in profile settings * Moved Change password to left column in profile settings * Fix color picker button being too large in some cases * Adjust padding for theme settings * Update styling for registered users settings page * Removed borders from cards in settings pages * Added icons to notifications toggle * Added Discord logo to CTFNote token field * Undo auth page centering * Make color picker icon appear white in light mode * Merge tags list and condensed tags list into a single class * Changed condensed tags list hidden count color to accent * Updated task list toolbar design * Removed rounded corners from CTF pages * Made CTFTime link smaller * Disabled weight badge click animation * Adjusted spacing and layout on CTF info page * Force tags to be lowercase in the frontend during parsing The backend already enforces lowercase of the tags, but the frontend did not. This could result in double challenge imports if you parse again. Now after the custom parser, all tags are forced to be lower case and unique. This fixes JJ-8#89 * Merge CTF edit and delete buttons on info page on small screens * Remove separator between tabs and CTF pages * Enable contextMenu by default on CTF admin menu * Upgrade yarn and API dependencies Two breaking changes: 1. graphql-upload-ts import was changed. 2. ical-generator `serve` method does not exist anymore. Replaced with writing manually to response. * Update .prettierrc config for trailing comma Otherwise the API files will all be beautified with extra comma's. * Vertically stack CTF description and credentials on small screens * Upgrade frontend dependencies * Format frontend files * Fix frontend ESLint warnings * Update frontend yarn cache This makes sure that the frontend will live forever, even with npmjs.com downtime. * Upgrade NodeJS in API and front Docker container Otherwise it won't build. * Use alpine NodeJS docker versions * Fix Docker image format * Bump @babel/traverse from 7.22.19 to 7.24.1 in /front Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.19 to 7.24.1. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Update install-state.gz due to dependabot upgrade * Upgrade top most yarn files * Make start and end time text on CTF info page white on light mode * Increased width of auth screens to make UUID tokens fit * Made all table headers lowercase on admin user settings page * Moved role column in admin user settings to the left of the username column * Prepended # to pad URL in task iframe, fixes TFNS#96 * Remove newline from last paragraph in descriptions on CTF info page * Redesigned error page for unknown task IDs * Redesigned CTF guest settings page * Adjusted padding for CTF info badges * Removed description on error page for unknown task IDs * Focus input before opening animation finishes in global search dialog * Focus input before opening animation finishes in solve task popup * Moved edit and delete buttons next to CTF title on info page * Fixed spacing issues below description/credentials on CTF info page * Removed description from CTF guest settings * Increased Discord event link input width * Made full table rows clickable on past CTFs page * Removed padding from past CTFs card * Made past CTFs table dense * Increased rows per page options for past CTFs table * Made rows per page setting for past CTFs table persistent * Added custom shortcuts to HedgeDoc editor * Hide search dialog when pressing esc In the old implementation you can only dismiss the search dialog by stop focussing it and then pressing esc or clicking outside the dialog area. This is not keyboard friendly so we introduce a new shortcut that hides the search dialog by just pressing the esc-button. * Increased Nginx upload limit to 5MB * Only allow one solve task dialog to be opened at most * Set nginx upload max size in hosting instructions This corresponds to the outer-nginx and may also need to be set before the change will actually be effective. * Make max upload size a global in the inner-nginx config With this it will apply to all requests done, so also the /uploads endpoint and not only the endpoint for Hedgedoc. * Added shortcut for opening solve task dialog * Added component to preview key combinations for shortcuts * Replace modifier keys on macOS with symbols * Made search dialog use ShortcutPreview component * Made solve task dialog use custom component * Renamed ShortcutPreview to ShortcutHint * Added shortcut hint to solve task dialog when opened on task pages * Fixed flag not updating in task solve dialog when opened using shortcut * Insert iframe hotkey script on task page during iframe load instead of onMounted * Remove no-backdrop-dismiss from task solve dialog * Fix Discord event link hanging issue When a sync has been performed, the old implementation causes a release of the database PoolClient, causing any future database operation to fail. This is due to the event sync code being triggered from the context of GraphQL queries instead of a separate context when an incoming event from Discord is processed. The code has now been rewritten to take the context.pgClient database client which is the current GraphQL pgClient. This client is used in all database operations and not released so it can be used in the future. This will stop the hanging of the server when a Discord event link sync is done. This issue was only reliable reproducible with quite some members interested in an event. I tested this with 13 people interested. In the future we should rewrite this code to always take a pgClient in the database code and create a new pgClient at a higher level when not available and otherwise always use the context.pgClient. At lower levels we should not be caring about releasing or not because this can only cause issues. * Set docker-compose images back to upstream * Remove accidental paste in README * Add back manual workflow trigger This is useful for testing if a branch builds. * Update husky dependency * Update contribution guidelines and mention Discord server * Fix line endings * Drop Node 16 test * Fix `any` return type of discord.js ActionRowBuilder * Regenerate graphql bindings * yarn --frozen-lockfile is deprecated * Fix `any` usage partly The query results should be type checked properly in the future. * Run prettier on api * Upgrade used actions to use node 20 https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/ * Bump postcss from 8.4.29 to 8.4.38 in /front Bumps [postcss](https://github.com/postcss/postcss) from 8.4.29 to 8.4.38. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.29...8.4.38) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Create dependabot.yml Config was created by @peace-maker through Discord. It should revive the Dependabot. * Update install-state.gz for Dependabot This is what I get when I run yarn myself. Don't know why Dependabot does not commit this already. * Bump tar from 6.2.0 to 6.2.1 in /api Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump express from 4.19.1 to 4.19.2 in /api Bumps [express](https://github.com/expressjs/express) from 4.19.1 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.1...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Bump typescript from 5.4.3 to 5.4.5 in /api Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.4.3 to 5.4.5. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.4.3...v5.4.5) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump ip from 2.0.0 to 2.0.1 in /api Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1. - [Commits](indutny/node-ip@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: ip dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Rename ECSC parser to ECSC2021 * Add CINI parser (ECSC 2024) * Bump braces from 3.0.2 to 3.0.3 in /api Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @typescript-eslint/parser from 7.3.1 to 7.16.0 in /api Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 7.3.1 to 7.16.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.16.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Add base of the hitcon parser for ctfnote * import hitcon parser * Fix HITCON parser The isValid function has been updated to match the correct data and imports are fixed. * Fix formatting issues in hitcon.ts * Fix isValid of CINI parser * Drop ECSC2021/2022 parser The parser was introduced in TFNS#184 but I don't think anyone will be using this parser since the project is dead for years and ENISA is not using this gameboard in the last couple of years. Since it conflicts with the parsing of the other CTF formats, it is better to drop it and reintroduce it when necessary. * Bump braces from 3.0.2 to 3.0.3 in /front Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump tar from 6.2.0 to 6.2.1 in /front Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /front Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4. - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: webpack-dev-middleware dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Fixed .yarn exlusion rules inside of the .gitignore to make them compliant. Added rules to .gitattributes * Created .vscode folder with config to hide yarn from search * Add migration for the discord_integration_enabled field in ctfnote.settings * Add code to sync the discord use from the config to the database. * Make sure discord_integration_enabled is not null. * Maybe its a good idea to grant the correct user.... * Add checks to the pages with Discord * Run codegen for graphql schema. For some reason codegen deleted a lot of things, lets hope nothing bad happens * Spelling fixes. * Simplified v-if to v-else * GraphQL schema files fixed. * Fixes that user_admin could write to ctfnote.settings.discord_integration_enabled * Bump quasar from 2.15.1 to 2.16.6 in /front Bumps [quasar](https://github.com/quasarframework/quasar) from 2.15.1 to 2.16.6. - [Release notes](https://github.com/quasarframework/quasar/releases) - [Commits](quasarframework/quasar@quasar-v2.15.1...quasar-v2.16.6) --- updated-dependencies: - dependency-name: quasar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fix Quasar build issues "@quasar/app-webpack": "^3.13.2", This package had to be this version to fix the issue. * Create migration for account invitation with Discord link * Removes the unique constraint from discord_id in `ctfnote_private.invitation_link`. It is preferred we unique this column however whenever you accidentally dismiss the discord bot and want to make a new token you cant. This is why we removed the unique constraint for now. * Update the GraphQL schema Graphql schema updated, hopefully this is right because windows/wsl version of `yarn run codegen` likes to break the schema sometimes. * Add base implementation of register command. This commit implements the base of some utils that are required and the base of the command itself. * Add checks to make sure user only has one token. This commit implements fixes for the issues talked about in comment: TFNS#301 (comment) Also changed the migration back to unique * Add ENV vars for configuring register command. Adds the Environment variables that are needed to configure the register command and some explanation for them. * Adds checks to register command and some cleanup Some general cleanup and fixes of todo's. Also implemented the required checks and used data from the environment variables. This command implements what showcased in issue message: TFNS#301 (comment) * Add role sync after `/register` command With a setTimeout we can run code after the request lifecycle. This is ugly, but it works. See also the comment in the code about this. Solves the problem for TFNS#301 (comment) * Refactor AllowedRoles to enum of strings * Rename variables and change signature of functions Variable renaming for consistency. The `getInvitationUrl` should return null in case of error instead of an empty string in order clarify error state. * Move the registerWithToken role sync to the after mutation hook It makes more sense to have it there. It was by accident placed in the before hook previously. * Improve Discord messages text * Add strict 'true' check for Discord registration * Small text improvements * Improve `/register` output even more * Add comments to sql migration file * Rename registration logic function to match command name * format fix * Autofocus username field on login and registration This makes it possible to have a login / registration flow easily by only keyboard. * Fix missing environment variables for Discord registration These were missing in the docker-compose.yml file. Without these it is not possible to configure the options for the `/register` command. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: markfijneman <48481393+markfijneman@users.noreply.github.com> Co-authored-by: JJ-8 <34778827+JJ-8@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Peace-Maker <peacemakerctf@gmail.com> Co-authored-by: Alexandre Iooss <erdnaxe@crans.org> Co-authored-by: Daan Breur <daanbreur@gmail.com> Co-authored-by: Daan Breur <git@daanbreur.systems>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With the upcoming ECSC competition, it is useful to have a special ECSC task parser since some teams will use CTFNote as their note management software, and importing all the tasks yourself is just painful.
This parser parses the JSON output of the
/stats.json
endpoint of the ECSC gameboard. The output doesn't contain actual categories, so we use the 'contract' name as the category.Example JSON output of
/stats.json
to test the parser: