8 |
17 | );
18 | };
19 |
20 | export default Loading;
21 |
--------------------------------------------------------------------------------
/public/vercel.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/types/next-auth.d.ts:
--------------------------------------------------------------------------------
1 | import NextAuth, { DefaultUser, DefaultSession, DefaultJWT } from "next-auth";
2 |
3 | declare module "next-auth" {
4 | interface Session {
5 | user: {
6 | id: string;
7 | totalScore?: number;
8 | role?: string;
9 | } & DefaultSession["user"];
10 | }
11 |
12 | interface User extends DefaultUser {
13 | id: string;
14 | totalScore?: number;
15 | role?: string;
16 | }
17 |
18 | interface JWT extends DefaultJWT {
19 | id: string;
20 | totalScore?: number;
21 | role?: string;
22 | jti?: string;
23 | iat?: number;
24 | exp?: number;
25 | }
26 | }
--------------------------------------------------------------------------------
/models/badgeTemplateSchema.ts:
--------------------------------------------------------------------------------
1 | import mongoose, { Schema, model, models } from "mongoose";
2 |
3 | const badgeTemplateSchema = new Schema({
4 | name: { type: String, required: true, trim: true, unique: true },
5 | description: { type: String, required: true, trim: true },
6 | icon: { type: String, required: true },
7 | color: { type: String, default: "#8B5CF6" },
8 | isActive: { type: Boolean, default: true },
9 | createdBy: { type: String, required: true },
10 | }, {
11 | timestamps: true,
12 | });
13 |
14 | const BadgeTemplate = models.BadgeTemplate || model("BadgeTemplate", badgeTemplateSchema);
15 | export default BadgeTemplate;
16 |
--------------------------------------------------------------------------------
/public/.well-known/security.txt:
--------------------------------------------------------------------------------
1 | Contact: mailto:contact@flagforge.xyz
2 | Contact: https://github.com/flagforge/flagForge1/issues
3 | Expires: 2025-12-31T23:59:59.000Z
4 | Encryption: https://keys.openpgp.org/search?q=contact@flagforge.xyz
5 | Preferred-Languages: en
6 | Canonical: https://flagforge.aryan4.com.np/security.txt
7 | Policy: https://github.com/FlagForgeCTF/flagForge/blob/mainv2/SECURITY.md
8 | Hiring: https://github.com/FlagForgeCTF/flagForge/blob/mainv2/CONTRIBUTING.md
9 | Acknowledgments: https://github.com/FlagForgeCTF/flagForge#contributors
10 | Hall-of-Frame:https://github.com/FlagForgeCTF/flagForge/blob/mainv2/HALL-OF-FRAME.md
--------------------------------------------------------------------------------
/models/userQuestionSchema.ts:
--------------------------------------------------------------------------------
1 | import mongoose, { Schema, model } from "mongoose";
2 | import { UserQuestion } from "@/interfaces";
3 |
4 |
5 | const userQuestionSchema = new Schema
7 |
8 |
15 | );
16 | }
17 |
--------------------------------------------------------------------------------
/models/badgeTemplate.ts:
--------------------------------------------------------------------------------
1 | import mongoose from 'mongoose';
2 |
3 | const badgeTemplateSchema = new mongoose.Schema({
4 | name: {
5 | type: String,
6 | required: true,
7 | trim: true,
8 | unique: true
9 | },
10 | description: {
11 | type: String,
12 | required: true,
13 | trim: true
14 | },
15 | icon: {
16 | type: String,
17 | required: true,
18 | trim: true
19 | },
20 | color: {
21 | type: String,
22 | default: '#8B5CF6'
23 | },
24 | isActive: {
25 | type: Boolean,
26 | default: true
27 | },
28 | createdBy: {
29 | type: String,
30 | default: 'unknown'
31 | }
32 | }, {
33 | timestamps: true // This automatically adds createdAt and updatedAt
34 | });
35 |
36 | // Prevent re-compilation during development
37 | const BadgeTemplate = mongoose.models.BadgeTemplate || mongoose.model('BadgeTemplate', badgeTemplateSchema);
38 |
39 | export default BadgeTemplate;
--------------------------------------------------------------------------------
/tsconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "compilerOptions": {
3 | "lib": [
4 | "dom",
5 | "dom.iterable",
6 | "esnext"
7 | ],
8 | "allowJs": true,
9 | "skipLibCheck": true,
10 | "strict": true,
11 | "noEmit": true,
12 | "esModuleInterop": true,
13 | "module": "esnext",
14 | "moduleResolution": "bundler",
15 | "resolveJsonModule": true,
16 | "isolatedModules": true,
17 | "jsx": "react-jsx",
18 | "incremental": true,
19 | "plugins": [
20 | {
21 | "name": "next"
22 | }
23 | ],
24 | "paths": {
25 | "@/*": [
26 | "./*"
27 | ]
28 | },
29 | "target": "ES2017"
30 | },
31 | "include": [
32 | "next-env.d.ts",
33 | "**/*.ts",
34 | "**/*.tsx",
35 | ".next/types/**/*.ts",
36 | "components/ProfileHeroBanner.tsx",
37 | ".next/dev/types/**/*.ts"
38 | , "next-sitemap.config.js" ],
39 | "exclude": [
40 | "node_modules"
41 | ]
42 | }
43 |
--------------------------------------------------------------------------------
/app/error.tsx:
--------------------------------------------------------------------------------
1 | "use client";
2 | import { useEffect } from "react";
3 | import Image from "next/image";
4 | import image from "@/public/404.png";
5 |
6 |
7 | export default function Error({
8 | error,
9 | reset,
10 | }: {
11 | error: Error & { digest?: string };
12 | reset: () => void;
13 | }) {
14 | useEffect(() => {
15 | }, [error]);
16 |
17 | return (
18 | 9 | OOPS! Page Not Found!😥 10 |
11 |
12 |
14 |
19 |
20 |
21 |
22 |
30 | );
31 | }
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Thank you for suggesting a feature to improve **Flag Forge**! Please provide
4 | as much detail as possible to help us understand your idea.
5 | title: 'Feature Request: [Short Description]'
6 | labels: enhancement
7 | assignees: Chief-spartan-117
8 |
9 | ---
10 |
11 | ## Is your feature request related to a problem? Please describe.
12 | A clear and concise description of what the problem is.
13 | Example: *I'm always frustrated when [...]*
14 |
15 | ---
16 |
17 | ## Describe the solution you'd like
18 | A clear and concise description of what you want to happen.
19 |
20 | ---
21 |
22 | ## Describe alternatives you've considered
23 | A clear and concise description of any alternative solutions or features you've considered.
24 |
25 | ---
26 |
27 | ## Additional Context
28 | Add any other context about the feature request here. This could include:
29 | - Screenshots
30 | - Examples from other tools or projects
31 | - Reasons why this feature is important
32 |
--------------------------------------------------------------------------------
/models/tokenBlacklistSchema.ts:
--------------------------------------------------------------------------------
1 | import mongoose, { Document, Schema } from "mongoose";
2 |
3 | interface ITokenBlacklist extends Document {
4 | jti: string; // JWT ID
5 | userId?: string;
6 | expiresAt: Date;
7 | blacklistedAt: Date;
8 | }
9 |
10 | const TokenBlacklistSchema = new Schema23 | Something went wrong!!😥 24 |
25 | 26 |
27 |
29 |
7 |
25 | );
26 | };
27 |
28 | export default AuthError;
29 |
--------------------------------------------------------------------------------
/app/api/categories/route.ts:
--------------------------------------------------------------------------------
1 | import { NextResponse } from "next/server";
2 | import connect from "@/utils/db";
3 | import QuestionModel from "@/models/qustionsSchema";
4 |
5 | export const runtime = "nodejs";
6 |
7 | export async function GET() {
8 | try {
9 | await connect();
10 |
11 | // Get distinct categories from the database
12 | const categories = await QuestionModel.distinct("category");
13 |
14 | // Filter out null/undefined categories, trim whitespace, and remove duplicates
15 | const validCategories = [
16 | ...new Set(
17 | categories
18 | .filter(
19 | (category) =>
20 | category && typeof category === "string" && category.trim() !== ""
21 | )
22 | .map((category) => category.trim())
23 | .sort((a, b) =>
24 | a.localeCompare(b, undefined, { sensitivity: "base" })
25 | )
26 | ),
27 | ];
28 |
29 | const categoriesWithAll = ["All", ...validCategories];
30 |
31 | return NextResponse.json({
32 | categories: categoriesWithAll,
33 | });
34 | } catch (error) {
35 | console.error("Error fetching categories:", error);
36 | return NextResponse.json(
37 | { message: "Internal server error", categories: ["All"] },
38 | { status: 500 }
39 | );
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/public/next.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/models/badgeImage.ts:
--------------------------------------------------------------------------------
1 | // models/BadgeImage.ts
2 | import mongoose from 'mongoose';
3 | import { BadgeImageDocument } from '@/types/badgeImage';
4 |
5 | const badgeImageSchema = new mongoose.Schema
8 | {/* */}
9 |
10 |
24 |
11 |
19 |
20 | 12 | Access Denied! 13 |
14 |15 | Sign In To Enter This Page! 16 | 😥 17 |
18 |
21 |
23 |
7 |
39 | );
40 | }
41 |
--------------------------------------------------------------------------------
/app/api/leaderboard/route.ts:
--------------------------------------------------------------------------------
1 | import { NextResponse } from "next/server";
2 | import User from "@/models/userSchema";
3 | import UserQuestionModel from "@/models/userQuestionSchema";
4 | import connect from "@/utils/db";
5 | export const runtime = "nodejs";
6 |
7 | // GET /api/leaderboard
8 | export async function GET() {
9 | try {
10 | // Connect to the database
11 | await connect();
12 |
13 | // Fetch top 50 users sorted by totalScore in descending order
14 | const users = await User.find({})
15 | .sort({ totalScore: -1 })
16 | .limit(50) // Limit to top 50 users
17 | .select("name totalScore image _id");
18 |
19 | // Calculate roomsCompleted for each user
20 | const leaderboardPromises = users.map(async (user, index) => {
21 | // Count completed questions for this user
22 | // Remove the completion filter for now until we debug it properly
23 | const roomsCompleted = await UserQuestionModel.countDocuments({
24 | userId: user._id,
25 | });
26 |
27 | return {
28 | name: user.name,
29 | totalScore: user.totalScore,
30 | image: user.image,
31 | roomsCompleted,
32 | rank: index + 1, // Rank starts from 1
33 | };
34 | });
35 |
36 | // Wait for all promises to resolve
37 | const leaderboard = await Promise.all(leaderboardPromises);
38 |
39 | // Return the leaderboard as JSON
40 | return NextResponse.json(leaderboard);
41 | } catch (error) {
42 | console.error("Leaderboard API Error:", error);
43 | return NextResponse.json(
44 | { error: "Failed to fetch leaderboard" },
45 | { status: 500 }
46 | );
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/bug_report.md:
--------------------------------------------------------------------------------
1 | # Bug Report 🐞
2 |
3 | Thank you for taking the time to help improve **Flag Forge** by reporting a bug! Please provide as much detail as possible to help us address the issue efficiently.
4 |
5 | ---
6 |
7 | ## Describe the Bug
8 | A clear and concise description of what the bug is.
9 |
10 | ---
11 |
12 | ## To Reproduce
13 | Steps to reproduce the behavior:
14 | 1. Go to '...'
15 | 2. Click on '...'
16 | 3. Scroll down to '...'
17 | 4. See error
18 |
19 | ---
20 |
21 | ## Expected Behavior
22 | A clear and concise description of what you expected to happen.
23 |
24 | ---
25 |
26 | ## Screenshots
27 | If applicable, add screenshots to help explain your problem.
28 |
29 | ---
30 |
31 | ## Desktop (please complete the following information):
32 | - **OS**: [e.g., Windows, macOS, Linux]
33 | - **Browser**: [e.g., Chrome, Firefox, Safari]
34 | - **Version**: [e.g., 22]
35 |
36 | ---
37 |
38 | ## Smartphone (please complete the following information):
39 | - **Device**: [e.g., iPhone X, Samsung Galaxy S10]
40 | - **OS**: [e.g., iOS 15, Android 11]
41 | - **Browser**: [e.g., Safari, Chrome]
42 | - **Version**: [e.g., 22]
43 |
44 | ---
45 |
46 | ## Additional Context
47 | Add any other context about the problem here. This could include:
48 | - Error logs
49 | - Relevant links
50 | - Steps attempted to fix the issue
51 |
52 | ---
53 |
54 | ## Optional Additional Items
55 | - **Default Issue Title**: `Bug: [Short Description]`
56 | - **Assignees**: (To be assigned by maintainers)
57 | - **Labels**: `bug`, `needs-triage`, or relevant categories
58 |
59 | ---
60 |
61 | Thank you for helping us improve **Flag Forge**! Your report is greatly appreciated. 🚀
62 |
--------------------------------------------------------------------------------
/utils/discordNotifier.ts:
--------------------------------------------------------------------------------
1 | const DISCORD_WEBHOOK_URL = process.env.DISCORD_WEBHOOK_URL;
2 |
3 | const COLORS = {
4 | NEW_CHALLENGE: 0x2ecc71, // green
5 | };
6 |
7 | export async function sendDiscordNotification(
8 | title: string,
9 | description: string,
10 | type: "NEW_CHALLENGE" = "NEW_CHALLENGE",
11 | points?: number,
12 | category?: string,
13 | link?: string
14 | ) {
15 | if (!DISCORD_WEBHOOK_URL) {
16 | console.error("❌ DISCORD_WEBHOOK_URL not set");
17 | return;
18 | }
19 |
20 | const payload = {
21 | embeds: [
22 | {
23 | title,
24 | description,
25 | color: COLORS[type],
26 | timestamp: new Date().toISOString(),
27 | footer: { text: "FlagForge System" },
28 | fields: [
29 | ...(category
30 | ? [{ name: "Category", value: category, inline: true }]
31 | : []),
32 | ...(points !== undefined
33 | ? [{ name: "Points", value: points.toString(), inline: true }]
34 | : []),
35 | ...(link
36 | ? [
37 | {
38 | name: "Challenge Link",
39 | value: `[Click here](${link})`,
40 | inline: false,
41 | },
42 | ]
43 | : []),
44 | ],
45 | },
46 | ],
47 | };
48 |
49 | try {
50 | const res = await fetch(DISCORD_WEBHOOK_URL, {
51 | method: "POST",
52 | headers: { "Content-Type": "application/json" },
53 | body: JSON.stringify(payload),
54 | });
55 |
56 | if (!res.ok)
57 | console.error(`❌ Failed to send Discord message: ${res.statusText}`);
58 | } catch (err) {
59 | console.error("⚠️ Error sending Discord message:", err);
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/models/qustionsSchema.ts:
--------------------------------------------------------------------------------
1 | import mongoose, { Schema, model } from "mongoose";
2 | import { Questions } from "@/interfaces";
3 |
4 | const hintSchema = new Schema({
5 | text: {
6 | type: String,
7 | required: true,
8 | },
9 | pointsDeduction: {
10 | type: Number,
11 | required: true,
12 | min: 0,
13 | }
14 | }, { _id: true });
15 |
16 | const questionSchema = new Schema
8 |
13 |
14 |
38 |
15 |
37 | 16 | Topics 17 |
18 |-
19 | {[
20 | "All",
21 | "Web Exploitation",
22 | "Cryptography",
23 | "Reverse Engineering",
24 | "Forensics",
25 | "General Skills",
26 | "Binary Exploitation",
27 | ].map((topic) => (
28 |
- 32 | {topic} 33 | 34 | ))} 35 |
19 |
37 | );
38 | };
39 |
40 | export default AuthPage;
41 |
--------------------------------------------------------------------------------
/app/api/auth/revoke-token/route.ts:
--------------------------------------------------------------------------------
1 | import { NextRequest, NextResponse } from 'next/server';
2 | import { getServerSession } from 'next-auth';
3 | import { authOptions } from '@/lib/authOptions';
4 | import { TokenBlacklistService } from '@/lib/tokenBlacklist';
5 |
6 | export async function POST(request: NextRequest) {
7 | try {
8 | const session = await getServerSession(authOptions);
9 |
10 | if (!session) {
11 | return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
12 | }
13 |
14 | const { token, expiresAt } = await request.json();
15 |
16 | if (!token) {
17 | return NextResponse.json({ error: 'Token required' }, { status: 400 });
18 | }
19 |
20 | // Parse expiration date or use default (1 hour from now)
21 | const expiration = expiresAt
22 | ? new Date(expiresAt)
23 | : new Date(Date.now() + 60 * 60 * 1000);
24 |
25 | // Add to blacklist with proper arguments
26 | await TokenBlacklistService.addToBlacklist(
27 | token,
28 | expiration,
29 | session.user.id // userId from session
30 | );
31 |
32 | console.log('✅ Token revoked:', {
33 | userId: session.user.id,
34 | expiresAt: expiration.toISOString(),
35 | });
36 |
37 | return NextResponse.json({
38 | success: true,
39 | message: 'Token revoked successfully'
40 | });
41 | } catch (error) {
42 | console.error('❌ Token revocation error:', error);
43 |
44 | let message = 'Failed to revoke token';
45 | if (error instanceof Error) {
46 | message = error.message;
47 | }
48 |
49 | return NextResponse.json(
50 | {
51 | success: false,
52 | error: 'Failed to revoke token',
53 | details: message
54 | },
55 | { status: 500 }
56 | );
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/models/AssignedBadge.ts:
--------------------------------------------------------------------------------
1 | // models/AssignedBadge.ts
2 | import mongoose from 'mongoose';
3 | import { AssignedBadgeDocument } from '@/types/assignBadge';
4 |
5 | const assignedBadgeSchema = new mongoose.Schema20 | Fly into{" "} 21 | 22 | {" "} 23 | FlagForge 24 | 25 | , where Challenges take Wings!🪽 26 |
27 | 36 |
28 |
42 | 29 | {title} 30 |
31 |
32 |
41 | 33 | Points : {points} 34 |
35 |
36 |
37 | {category}
38 |
39 |
40 | 43 | {description}...{" "} 44 | more 45 |
46 | 47 | ); 48 | }; 49 | 50 | export default QuestionCards; 51 | -------------------------------------------------------------------------------- /components/ui/accordion.tsx: -------------------------------------------------------------------------------- 1 | "use client" 2 | 3 | import * as React from "react" 4 | import * as AccordionPrimitive from "@radix-ui/react-accordion" 5 | import { ChevronDown } from "lucide-react" 6 | 7 | import { cn } from "@/lib/utils" 8 | 9 | const Accordion = AccordionPrimitive.Root 10 | 11 | const AccordionItem = React.forwardRef< 12 | React.ElementRef{children}
53 |
16 |
65 | );
66 | }
--------------------------------------------------------------------------------
/tailwind.config.ts:
--------------------------------------------------------------------------------
1 | import type { Config } from "tailwindcss";
2 |
3 | const config: Config = {
4 | darkMode: ["class"], // enable class-based dark mode
5 | content: [
6 | "./pages/**/*.{js,ts,jsx,tsx,mdx}",
7 | "./components/**/*.{js,ts,jsx,tsx,mdx}",
8 | "./app/**/*.{js,ts,jsx,tsx,mdx}",
9 | ],
10 | theme: {
11 | extend: {
12 | backgroundImage: {
13 | "gradient-radial": "radial-gradient(var(--tw-gradient-stops))",
14 | "gradient-conic":
15 | "conic-gradient(from 180deg at 50% 50%, var(--tw-gradient-stops))",
16 | },
17 | borderRadius: {
18 | lg: "var(--radius)",
19 | md: "calc(var(--radius) - 2px)",
20 | sm: "calc(var(--radius) - 4px)",
21 | },
22 | colors: {
23 | background: "hsl(var(--background))",
24 | foreground: "hsl(var(--foreground))",
25 | card: {
26 | DEFAULT: "hsl(var(--card))",
27 | foreground: "hsl(var(--card-foreground))",
28 | },
29 | popover: {
30 | DEFAULT: "hsl(var(--popover))",
31 | foreground: "hsl(var(--popover-foreground))",
32 | },
33 | primary: {
34 | DEFAULT: "hsl(var(--primary))",
35 | foreground: "hsl(var(--primary-foreground))",
36 | },
37 | secondary: {
38 | DEFAULT: "hsl(var(--secondary))",
39 | foreground: "hsl(var(--secondary-foreground))",
40 | },
41 | muted: {
42 | DEFAULT: "hsl(var(--muted))",
43 | foreground: "hsl(var(--muted-foreground))",
44 | },
45 | accent: {
46 | DEFAULT: "hsl(var(--accent))",
47 | foreground: "hsl(var(--accent-foreground))",
48 | },
49 | destructive: {
50 | DEFAULT: "hsl(var(--destructive))",
51 | foreground: "hsl(var(--destructive-foreground))",
52 | },
53 | border: "hsl(var(--border))",
54 | input: "hsl(var(--input))",
55 | ring: "hsl(var(--ring))",
56 | chart: {
57 | "1": "hsl(var(--chart-1))",
58 | "2": "hsl(var(--chart-2))",
59 | "3": "hsl(var(--chart-3))",
60 | "4": "hsl(var(--chart-4))",
61 | "5": "hsl(var(--chart-5))",
62 | },
63 | },
64 | keyframes: {
65 | "accordion-down": {
66 | from: { height: "0" },
67 | to: { height: "var(--radix-accordion-content-height)" },
68 | },
69 | "accordion-up": {
70 | from: { height: "var(--radix-accordion-content-height)" },
71 | to: { height: "0" },
72 | },
73 | },
74 | animation: {
75 | "accordion-down": "accordion-down 0.2s ease-out",
76 | "accordion-up": "accordion-up 0.2s ease-out",
77 | },
78 | },
79 | },
80 | plugins: [require("tailwindcss-animate")],
81 | };
82 |
83 | export default config;
84 |
--------------------------------------------------------------------------------
/app/api/admin/badge-templates/update/route.ts:
--------------------------------------------------------------------------------
1 | import { NextRequest, NextResponse } from "next/server";
2 | import connect from "@/utils/db";
3 | import BadgeTemplate from "@/models/badgeTemplateSchema";
4 | import mongoose from "mongoose";
5 |
6 | export const runtime = "nodejs";
7 |
8 | export async function PUT(request: NextRequest) {
9 | try {
10 | await connect();
11 |
12 | const body = await request.json();
13 | const { templateId, name, description, icon, color, isActive } = body;
14 |
15 | // 1️⃣ Validate templateId
16 | if (!templateId) {
17 | return NextResponse.json(
18 | { error: "Template ID is required" },
19 | { status: 400 }
20 | );
21 | }
22 |
23 | if (!mongoose.Types.ObjectId.isValid(templateId)) {
24 | return NextResponse.json(
25 | { error: "Invalid template ID format" },
26 | { status: 400 }
27 | );
28 | }
29 |
30 | // 2️⃣ Validate required fields
31 | if (!name || !name.trim()) {
32 | return NextResponse.json(
33 | { error: "Badge name is required" },
34 | { status: 400 }
35 | );
36 | }
37 |
38 | if (!description || !description.trim()) {
39 | return NextResponse.json(
40 | { error: "Badge description is required" },
41 | { status: 400 }
42 | );
43 | }
44 |
45 | if (!icon || !icon.trim()) {
46 | return NextResponse.json(
47 | { error: "Badge icon is required" },
48 | { status: 400 }
49 | );
50 | }
51 |
52 | // 3️⃣ Find the template
53 | const template = await BadgeTemplate.findById(templateId);
54 | if (!template) {
55 | return NextResponse.json(
56 | { error: "Badge template not found" },
57 | { status: 404 }
58 | );
59 | }
60 |
61 | // 4️⃣ Check for duplicate name (excluding current template)
62 | const duplicate = await BadgeTemplate.findOne({
63 | name: name.trim(),
64 | _id: { $ne: templateId },
65 | });
66 | if (duplicate) {
67 | return NextResponse.json(
68 | { error: "A badge template with this name already exists" },
69 | { status: 400 }
70 | );
71 | }
72 |
73 | // 5️⃣ Update the template
74 | template.name = name.trim();
75 | template.description = description.trim();
76 | template.icon = icon.trim();
77 | template.color = color || "#8B5CF6";
78 | template.isActive = isActive !== undefined ? isActive : true;
79 | template.updatedAt = new Date();
80 |
81 | await template.save();
82 |
83 | console.log(`✅ Badge template updated: ${name}`);
84 |
85 | return NextResponse.json({
86 | success: true,
87 | template,
88 | message: "Badge template updated successfully",
89 | });
90 | } catch (error) {
91 | console.error("❌ Badge template update error:", error);
92 | return NextResponse.json(
93 | { error: "Failed to update badge template" },
94 | { status: 500 }
95 | );
96 | }
97 | }
98 |
--------------------------------------------------------------------------------
/app/api/user/recent-solved/route.ts:
--------------------------------------------------------------------------------
1 | import { NextRequest, NextResponse } from "next/server";
2 | import connect from "@/utils/db";
3 | import { getServerSession } from "next-auth";
4 | import { authOptions } from "@/lib/authOptions";
5 | import userSchema from "@/models/userSchema";
6 | import UserQuestionModel from "@/models/userQuestionSchema";
7 | import QuestionModel from "@/models/qustionsSchema";
8 | import { HttpStatusCode } from "axios";
9 |
10 | export const runtime = "nodejs";
11 |
12 | export async function GET(req: NextRequest) {
13 | try {
14 | await connect();
15 |
16 | const session = await getServerSession(authOptions);
17 | if (!session) {
18 | return new Response("Unauthorized", { status: 401 });
19 | }
20 |
21 | const user = await userSchema.findOne({ email: session?.user?.email });
22 | if (!user) {
23 | return NextResponse.json(
24 | { success: false, message: "User not found" },
25 | { status: HttpStatusCode.NotFound }
26 | );
27 | }
28 |
29 | // Get user's solved questions
30 | const userQuestions = await UserQuestionModel.find({
31 | userId: user.id,
32 | }).limit(10); // Limit to last 10 solved questions
33 |
34 | if (userQuestions.length === 0) {
35 | return NextResponse.json([]);
36 | }
37 |
38 | // Get the question details for each solved question
39 | const questionIds = userQuestions.map((uq) => uq.questionId);
40 | const questions = await QuestionModel.find({ _id: { $in: questionIds } })
41 | .select("title category points description createdAt") // Don't include flag
42 | .sort({ createdAt: -1 }); // Sort by when questions were created (most recent first)
43 |
44 | // Create a map for quick lookup of user question data
45 | const userQuestionMap = new Map();
46 | userQuestions.forEach((uq) => {
47 | userQuestionMap.set(uq.questionId.toString(), uq);
48 | });
49 |
50 | // Transform the data to match the expected format
51 | const recentSolved = questions
52 | .map((question) => {
53 | const userQuestion = userQuestionMap.get(question._id.toString());
54 | if (!userQuestion) return null;
55 |
56 | return {
57 | _id: question._id,
58 | title: question.title,
59 | category: question.category,
60 | points: question.points,
61 | description: question.description,
62 | solvedAt: userQuestion.createdAt, // When the user solved it
63 | questionCreatedAt: question.createdAt, // When the question was created
64 | };
65 | })
66 | .filter((item) => item !== null); // Remove null entries
67 |
68 | return NextResponse.json(recentSolved);
69 | } catch (error) {
70 | console.error("Error fetching recent solved questions:", error);
71 | return NextResponse.json(
72 | { success: false, message: "Failed to fetch recent solved questions" },
73 | { status: HttpStatusCode.InternalServerError }
74 | );
75 | }
76 | }
77 |
--------------------------------------------------------------------------------
/app/api/user/[username]/route.ts:
--------------------------------------------------------------------------------
1 | import { NextRequest, NextResponse } from "next/server";
2 | import connect from "@/utils/db";
3 | import UserSchema from "@/models/userSchema";
4 | import UserQuestionModel from "@/models/userQuestionSchema";
5 |
6 | export const runtime = "nodejs";
7 |
8 | // GET /api/user/[username] - Public user profile endpoint
9 | export async function GET(
10 | request: NextRequest,
11 | { params }: { params: Promise<{ username: string }> }
12 | ) {
13 | try {
14 | await connect();
15 |
16 | // Await the params since it's now a Promise in newer Next.js versions
17 | const { username: rawUsername } = await params;
18 | const username = decodeURIComponent(rawUsername);
19 |
20 | const user = await UserSchema.findOne({
21 | name: { $regex: new RegExp(`^${username}$`, "i") },
22 | }).select("name image totalScore customBadges createdAt role");
23 |
24 | if (!user) {
25 | return NextResponse.json({ error: "User not found" }, { status: 404 });
26 | }
27 |
28 | // Get completion stats
29 | const completedQuestions = await UserQuestionModel.countDocuments({
30 | userId: user._id,
31 | });
32 |
33 | // Calculate rank
34 | const allUsers = await UserSchema.find({})
35 | .sort({ totalScore: -1 })
36 | .select("_id totalScore");
37 | const userRank =
38 | allUsers.findIndex((u) => u._id.toString() === user._id.toString()) + 1;
39 |
40 | // Calculate level
41 | const getLevel = (score: number): string => {
42 | if (score < 200) return "[0x1][Newbie]";
43 | if (score < 500) return "[0x2][Scout]";
44 | if (score < 1000) return "[0x3][Codebreaker]";
45 | if (score < 1500) return "[0x4][Hacker]";
46 | if (score < 2000) return "[0x5][Cipher Hunter]";
47 | if (score < 3000) return "[0x6][Forger]";
48 | return "[0x7][Flag Conqueror]";
49 | };
50 |
51 | // Calculate system badges
52 | const getBadges = (completed: number): number => {
53 | let badges = 0;
54 | if (completed >= 1) badges++;
55 | if (completed >= 5) badges++;
56 | if (completed >= 10) badges++;
57 | if (completed >= 25) badges++;
58 | if (completed >= 50) badges++;
59 | if (completed >= 100) badges++;
60 | return badges;
61 | };
62 |
63 | const profileData = {
64 | name: user.name,
65 | image: user.image,
66 | totalScore: user.totalScore || 0,
67 | rank: userRank,
68 | level: getLevel(user.totalScore || 0),
69 | completedQuestions,
70 | badges: getBadges(completedQuestions),
71 | customBadges: user.customBadges || [],
72 | createdAt: user.createdAt,
73 | memberSince: new Date(user.createdAt).getFullYear(),
74 | };
75 |
76 | return NextResponse.json({
77 | success: true,
78 | user: profileData,
79 | });
80 | } catch (error) {
81 | console.error("Public profile API error:", error);
82 | return NextResponse.json(
83 | { error: "Internal server error" },
84 | { status: 500 }
85 | );
86 | }
87 | }
88 |
--------------------------------------------------------------------------------
/app/api/auth/check-admin/route.ts:
--------------------------------------------------------------------------------
1 | import { NextRequest, NextResponse } from "next/server";
2 | import { getServerSession } from "next-auth";
3 | import connect from "@/utils/db";
4 | import User from "@/models/userSchema";
5 |
6 | export const runtime = "nodejs";
7 |
8 | interface SessionUser {
9 | id?: string;
10 | email?: string;
11 | name?: string;
12 | image?: string;
13 | }
14 |
15 | interface CheckAdminResponse {
16 | isAdmin: boolean;
17 | user?: {
18 | id: string;
19 | email: string;
20 | name?: string;
21 | role?: string;
22 | };
23 | message?: string;
24 | }
25 |
26 | export async function GET(request: NextRequest): Promise
17 |
64 |
18 |
40 |
41 |
19 |
32 |
33 | 34 | Access Denied 35 |
36 |37 | You don't have permission to access this page. 38 |
39 |
42 |
47 |
48 |
43 | Admin privileges required.
44 | Contact your system administrator to request access.
45 |
49 |
55 |
56 |
62 |
63 |
89 | {children}
91 |
94 |
4 | 
6 | Celebrating the ethical hackers who help keep Flag Forge secure 🛡️
7 |
20 |
30 |
31 | ---
32 |
33 | ## 📊 Platform Security Stats
34 |
35 | | **Metric** | **Count** |
36 | | ------------------------------ | --------- |
37 | | Total Bug Hunters | 4 |
38 | | Total Vulnerabilities Reported | 7 |
39 | | Critical | 2 |
40 | | High | 4 |
41 | | Medium | 1 |
42 | | Low | 0 |
43 |
44 | ---
45 |
46 | ## 🎖️ Recognition Badges
47 |
48 | | Badge | Criteria |
49 | | --------------- | -------------------------------------------- |
50 | | 🥉 **Bronze** | Discovered a Medium severity vulnerability |
51 | | 🥈 **Silver** | Discovered a High severity vulnerability |
52 | | 🥇 **Gold** | Discovered a Critical severity vulnerability |
53 | | 🏅 **Platinum** | 5+ valid vulnerabilities across categories |
54 |
55 | ---
56 |
57 | ## 🎖️ Digital Badges
58 |
59 | | Badge | Image | Criteria |
60 | | ------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
61 | | Bug Hunter | 2025 Contributors
21 | 22 | | Researcher | Handle | Bugs | Severity (per bug) | Badge | Profile | CVE IDs | 23 | | ------------------- | ------------ | ---- | ------------------------------- | --------- | ---------------------------------------- | ---------------------------------------------- | 24 | | **Aryan Shrestha** | @aryan4859 | 3 | 🔴 Critical, 🔴 High, 🟠 Medium | 🥇 Gold | [GitHub](https://github.com/aryan4859) | CVE-2025-59826, CVE-2025-59833, CVE-2025-59841 | 25 | | **Rijan Poudel** | @At0mXploit | 2 | 🔴 High, 🟠 Medium | 🥈 Silver | [GitHub](https://github.com/At0mXploit) | CVE-2025-59843, CVE-2025-59932 | 26 | | **Sarthak KC** | @sarthakkc36 | 1 | 🔴 High | 🥈 Silver | [GitHub](https://github.com/sarthakkc36) | CVE-2025-59827 | 27 | | **Sarams Rauniyar** | @0x0w1z | 1 | 🔴 Critical | 🥇 Gold | [GitHub](https://github.com/0x0w1z) | CVE-2025-61777 | 28 | 29 |
| Awarded for submitting **1 valid bug** |
62 | | Security Researcher | 
| Awarded for submitting **3 or more valid bugs** |
63 |
64 | ---
65 |
66 |
67 | 💡 Want to be featured here?
68 |
69 | Report vulnerabilities responsibly in the GitHub Issues section to earn recognition and badges!
70 |
Flagforge
2 | 3 |
6 | 
31 | 
32 | 
33 | 
34 | 
🛠️ Installation Steps:
39 | 40 |1. Clone Repo from github
41 | 42 | ``` 43 | git clone https://github.com/FlagForgeCTF/flagForge 44 | ``` 45 | 46 |2. Change directory
47 | 48 | ``` 49 | cd flagforge 50 | ``` 51 | 52 |3. Install required dependencies
53 | 54 | ``` 55 | npm install 56 | ``` 57 | 58 |4. Configure .env
59 | 60 | ``` 61 | NEXT_PUBLIC_STATSIG_CLIENT_KEY= 62 | NEXT_PUBLIC_STATSIG_CLIENT_KEY= 63 | NEXT_PUBLIC_ADMIN_EMAIL= 64 | NEXT_PUBLIC_ADMIN_PASSWORD= 65 | NOTION_API_KEY= 66 | NOTION_DATABASE_ID= 67 | GOOGLE_CLIENT_SECRET= 68 | GOOGLE_CLIENT_ID= 69 | NEXTAUTH_URL= 70 | MONGO_URL= 71 | NEXTAUTH_SECRET= 72 | ``` 73 | 74 |5. Run locally
75 | 76 | ``` 77 | npm run dev 78 | ``` 79 | 80 | --- 81 | 82 | ## Contributors 83 | 84 | 85 |
48 |
52 | {category}
53 |
54 |
55 | );
56 |
57 | const ResourceDescription: React.FC<{ description: string }> = ({ description }) => (
58 |
59 |
63 | );
64 |
65 | const ResourceFooter: React.FC<{ createdAt?: string; uploadedBy?: string }> = ({
66 | createdAt,
67 | uploadedBy
68 | }) => (
69 | 60 | {description} 61 |
62 |
70 |
83 | );
84 |
85 | const ResourceCard: React.FC
71 |
82 |
72 |
73 | {formatDate(createdAt)}
74 |
75 | {uploadedBy && (
76 |
77 |
78 | {uploadedBy}
79 |
80 | )}
81 |
124 | {/* Header */}
125 |
143 | );
144 | };
145 |
146 | export default ResourceCard;
--------------------------------------------------------------------------------
/app/api/problems/route.ts:
--------------------------------------------------------------------------------
1 | import connect from "@/utils/db";
2 | import { NextRequest, NextResponse } from "next/server";
3 | import QuestionModel from "@/models/qustionsSchema";
4 | import { Questions } from "@/interfaces";
5 | import { HttpStatusCode } from "axios";
6 | import userSchema from "@/models/userSchema";
7 | import { getServerSession } from "next-auth";
8 | import { authOptions } from "@/lib/authOptions";
9 | import UserQuestionModel from "@/models/userQuestionSchema";
10 | import { sendDiscordNotification } from "@/utils/discordNotifier";
11 | export const runtime = "nodejs";
12 |
13 | export async function POST(req: NextRequest) {
14 | try {
15 | await connect();
16 |
17 | //admin check
18 | const session = await getServerSession(authOptions);
19 | if (!session) {
20 | return NextResponse.json(
21 | { message: "You are not authorized to add a question" },
22 | { status: HttpStatusCode.Unauthorized }
23 | );
24 | }
25 |
26 | const user = await userSchema.findOne({ email: session?.user?.email });
27 | if (!user || user.role !== "Admin") {
28 | return NextResponse.json(
29 | { message: "You are not authorized to add a question" },
30 | { status: HttpStatusCode.Unauthorized }
31 | );
32 | }
33 |
34 | //add question
35 | const body: Questions = await req.json();
36 | if (
37 | body.title &&
38 | body.points &&
39 | body.category &&
40 | body.flag &&
41 | body.description
42 | ) {
43 | const product = await QuestionModel.create(body);
44 | await product.save();
45 | const challengeLink = `https://flagforge.xyz/problems/${product._id}`;
46 |
47 | // Send Discord notification
48 | await sendDiscordNotification(
49 | "🧩 New Challenge Released!",
50 | body.description,
51 | "NEW_CHALLENGE",
52 | body.points,
53 | body.category,
54 | challengeLink
55 | );
56 |
57 | return NextResponse.json(
58 | { success: true, message: "Your qustion has been created" },
59 | { status: HttpStatusCode.Created }
60 | );
61 | }
62 | return NextResponse.json(
63 | { message: "Something is missing!" },
64 | { status: HttpStatusCode.BadRequest }
65 | );
66 | } catch (error: any) {
67 | return NextResponse.json(
68 | { message: error?.message },
69 | { status: HttpStatusCode.BadRequest }
70 | );
71 | }
72 | }
73 |
74 | export async function GET(request: NextRequest) {
75 | const searchParams = request.nextUrl.searchParams;
76 | const qpage = parseInt(searchParams.get("page") ?? "1", 10);
77 | const page: number = qpage;
78 |
79 | // Allow custom limit from query params, default to 8 for normal pagination
80 | const requestedLimit = searchParams.get("limit");
81 | const limit = requestedLimit ? parseInt(requestedLimit, 10) : 8;
82 |
83 | // Get category filter from query params
84 | const category = searchParams.get("category");
85 |
86 | const startIndex = (page - 1) * limit;
87 | const session = await getServerSession(authOptions);
88 |
89 | if (!session) {
90 | return new Response("Unauthorized", { status: 401 });
91 | }
92 |
93 | try {
94 | await connect();
95 |
96 | // Build the base query - exclude flag
97 | let baseQuery = {};
98 |
99 | // Add category filter if provided and not "All"
100 | if (category && category !== "All") {
101 | baseQuery = { category: category };
102 | }
103 |
104 | // Build the query with category filter
105 | let query = QuestionModel.find(baseQuery).select("-flag");
106 |
107 | // Add sorting - newest first by default
108 | query = query.sort({ createdAt: -1 });
109 |
110 | // Apply pagination only if limit is reasonable (not trying to get all)
111 | if (limit <= 1000) {
112 | query = query.skip(startIndex).limit(limit);
113 | }
114 |
115 | const questions = await query.exec();
116 |
117 | const user = await userSchema.findOne({ email: session?.user?.email });
118 | if (!user) {
119 | return NextResponse.json(
120 | { success: false, message: "User not found" },
121 | { status: HttpStatusCode.NotFound }
122 | );
123 | }
124 |
125 | const userQuestion = await UserQuestionModel.find({ userId: user.id });
126 |
127 | // Get total count for pagination info (with category filter applied)
128 | const totalQuestions = await QuestionModel.countDocuments(baseQuery);
129 |
130 | // Process questions to add expiry information
131 | const now = new Date();
132 | const processedQuestions = questions.map((question) => {
133 | const questionObj = question.toObject();
134 |
135 | // Check if question has expired
136 | if (questionObj.expiryDate) {
137 | const expiryDate = new Date(questionObj.expiryDate);
138 | questionObj.expired = expiryDate < now;
139 | questionObj.timeRemaining = Math.max(
140 | 0,
141 | expiryDate.getTime() - now.getTime()
142 | );
143 | } else {
144 | questionObj.expired = false;
145 | questionObj.timeRemaining = null;
146 | }
147 |
148 | return questionObj;
149 | });
150 |
151 | return NextResponse.json({
152 | data: processedQuestions,
153 | totalScore: user.totalScore,
154 | questionDone: userQuestion,
155 | pagination: {
156 | page,
157 | limit,
158 | total: totalQuestions,
159 | totalPages: Math.ceil(totalQuestions / limit),
160 | hasNext: page < Math.ceil(totalQuestions / limit),
161 | hasPrev: page > 1,
162 | },
163 | });
164 | } catch (error) {
165 | return NextResponse.json({ error });
166 | }
167 | }
168 |
--------------------------------------------------------------------------------
/app/api/admin/badge-templates/route.ts:
--------------------------------------------------------------------------------
1 | import { NextRequest, NextResponse } from "next/server";
2 | import connect from "@/utils/db";
3 | import BadgeTemplate from "@/models/badgeTemplate";
4 | import { getServerSession } from "next-auth/next";
5 | import UserSchema from "@/models/userSchema";
6 |
7 | export const runtime = "nodejs";
8 |
9 | async function requireAdmin(request: NextRequest) {
10 | const session = await getServerSession();
11 | if (!session || !session.user || !session.user.email) {
12 | return NextResponse.json(
13 | { success: false as false, error: "Not authenticated" },
14 | { status: 401 }
15 | );
16 | }
17 | await connect();
18 | const user = await UserSchema.findOne({ email: session.user.email });
19 | if (!user || user.role !== "Admin") {
20 | return NextResponse.json(
21 | { success: false as false, error: "Admin privileges required" },
22 | { status: 403 }
23 | );
24 | }
25 | return null; // Means admin check passed
26 | }
27 |
28 | // Type definitions
29 | interface BadgeTemplateRequest {
30 | name: string;
31 | description: string;
32 | icon: string;
33 | color?: string;
34 | isActive?: boolean;
35 | createdBy?: string;
36 | }
37 |
38 | interface MongooseError extends Error {
39 | name: string;
40 | errors?: { [key: string]: { message: string } };
41 | code?: number;
42 | }
43 |
44 | // GET - Fetch all badge templates
45 | export async function GET(request: NextRequest): Promise
126 |
136 |
137 |
127 |
131 |
135 |