tinyctf-platform icon indicating copy to clipboard operation
tinyctf-platform copied to clipboard
verified publisher icon balidani

Implemented some features

Open gehaxelt opened this issue 9 years ago • 5 comments

Hi, I've implemented some featuers:

  • CSRF protection
  • JSON Scoreboard
  • before_end and after_start annotations which restrict some actions before/during/after the CTF
  • Added start/end time to footer
  • Added `username_regex`` to validate usernames

That are more or less the changes I made for our CTF.

All the best, gehaxelt

gehaxelt avatar Feb 23 '16 22:02 gehaxelt

PS: Closes #9 #8 #6

gehaxelt avatar Feb 23 '16 23:02 gehaxelt

In my opinion, CSRF protection is not needed, and in your CTF it was inconvenient for my team. Normally in a CTF, you open the challenges page, click on some challenges to open them in new tabs, then open each tab, solve the challenge and submit the flag. With your CSRF protection, once you open the second tab, you could not submit the flag for the challenge in the first tab, because the CSRF token has been changed and is no longer valid.

yeuchimse avatar Feb 24 '16 03:02 yeuchimse

Hi @yeuchimse Thanks for the feedback! I've pushed a fix for this by providing a enable_csrf_protection configuration option :)

gehaxelt avatar Feb 24 '16 11:02 gehaxelt

Nice fix :D I though you would remove that protection, but giving an option to disable it seems better for all people :D

yeuchimse avatar Feb 25 '16 04:02 yeuchimse

Hi all,

I'm still here, but a bit busy at the moment. I'll get back to these PRs later, and hopefully merge them. Thanks for your interest in the project.

balidani avatar Feb 25 '16 04:02 balidani