├── .env.example ├── .gitattributes ├── .gitignore ├── README.md ├── _ide_helper.php ├── app ├── Bulletin.php ├── Category.php ├── Challenge.php ├── Console │ └── Kernel.php ├── Exceptions │ └── Handler.php ├── Facades │ ├── APIReturnFacade.php │ └── LoggerFacade.php ├── Flag.php ├── Http │ ├── Controllers │ │ ├── BulletinController.php │ │ ├── CategoryController.php │ │ ├── ChallengeController.php │ │ ├── Controller.php │ │ ├── FlagController.php │ │ ├── IndexController.php │ │ ├── LevelController.php │ │ ├── SystemController.php │ │ ├── SystemLogController.php │ │ └── TeamController.php │ ├── Kernel.php │ └── Middleware │ │ ├── AdminCheck.php │ │ ├── BlockCheck.php │ │ ├── EncryptCookies.php │ │ ├── I18n.php │ │ ├── RedirectIfAuthenticated.php │ │ ├── ThrottleRequests.php │ │ ├── TimeCheck.php │ │ ├── TrimStrings.php │ │ ├── VerifyCsrfToken.php │ │ └── VerifyJWTToken.php ├── Level.php ├── Log.php ├── Providers │ ├── APIReturnServiceProvider.php │ ├── AppServiceProvider.php │ ├── AuthServiceProvider.php │ ├── BroadcastServiceProvider.php │ ├── EventServiceProvider.php │ ├── LoggerServiceProvider.php │ └── RouteServiceProvider.php ├── Services │ ├── APIReturnService.php │ ├── LoggerService.php │ ├── RuleValidator.php │ ├── Rules │ │ ├── BaseRule.php │ │ └── CategoryPassCount.php │ └── ScoreService.php ├── SystemLog.php └── Team.php ├── artisan ├── bootstrap ├── app.php ├── autoload.php └── cache │ └── .gitignore ├── composer.json ├── config ├── app.php ├── auth.php ├── broadcasting.php ├── cache.php ├── database.php ├── filesystems.php ├── jwt.php ├── mail.php ├── queue.php ├── services.php ├── session.php └── view.php ├── database ├── .gitignore ├── factories │ ├── LogFactory.php │ ├── ModelFactory.php │ └── TeamFactory.php ├── migrations │ ├── 2017_08_21_120744_create_team_table.php │ ├── 2017_09_02_122006_add_admin_column_to_team_table.php │ ├── 2017_09_04_030244_add_question_table.php │ ├── 2017_09_04_031726_add_flag_table.php │ ├── 2017_09_08_124811_rename_question_table_to_challenge.php │ ├── 2017_09_10_052157_add_category_table.php │ ├── 2017_09_10_052508_rename_some_columns.php │ ├── 2017_09_10_061818_add_level_table.php │ ├── 2017_09_10_062950_rename_categorys_to_categories.php │ ├── 2017_09_10_065919_add_level_column_to_challenge_table.php │ ├── 2017_09_10_074003_add_category_id_column_to_level_table.php │ ├── 2017_09_16_015423_add_columns_to_challenge_and_flag_table.php │ ├── 2017_09_16_125233_add_default_value_to_teamid_column_in_flag_table.php │ ├── 2017_09_18_064058_add_log_table.php │ ├── 2017_09_20_075514_add_cache_table.php │ ├── 2017_09_22_092011_add_system_log_table.php │ ├── 2017_09_24_042255_delete_score_column_in_team_table.php │ ├── 2017_09_25_142940_add_back_score_column_to_team_table.php │ ├── 2017_10_08_090551_add_token_column_to_team_table.php │ ├── 2017_10_11_104929_add_is_dynamic_flag_column_to_challenge_table.php │ ├── 2017_10_26_154016_add_config_table.php │ ├── 2017_11_08_134052_add_bulletin_table.php │ └── 2018_10_12_161641_add_index_for_log_table.php └── seeds │ ├── ConfigTableSeeder.php │ └── TeamTableSeeder.php ├── package.json ├── phpunit.xml ├── public ├── .htaccess ├── css │ └── app.css ├── favicon.ico ├── index.php ├── js │ └── app.js └── robots.txt ├── resources ├── assets │ ├── js │ │ ├── app.js │ │ ├── bootstrap.js │ │ └── components │ │ │ └── Example.vue │ └── sass │ │ ├── _variables.scss │ │ └── app.scss ├── lang │ ├── en.json │ └── en │ │ ├── auth.php │ │ ├── pagination.php │ │ ├── passwords.php │ │ └── validation.php └── views │ └── welcome.blade.php ├── routes ├── api.php ├── channels.php ├── console.php └── web.php ├── server.php ├── storage ├── app │ ├── .gitignore │ └── public │ │ └── .gitignore ├── framework │ ├── .gitignore │ ├── cache │ │ └── .gitignore │ ├── sessions │ │ └── .gitignore │ ├── testing │ │ └── .gitignore │ └── views │ │ └── .gitignore └── logs │ └── .gitignore ├── tests ├── CreatesApplication.php ├── Feature │ └── ExampleTest.php ├── TestCase.php └── Unit │ └── ExampleTest.php ├── webpack.mix.js └── yarn.lock /.env.example: -------------------------------------------------------------------------------- 1 | APP_NAME=Laravel 2 | APP_ENV=local 3 | APP_KEY= 4 | APP_DEBUG=true 5 | APP_LOG_LEVEL=debug 6 | APP_URL=http://localhost 7 | APP_SALT= 8 | 9 | DB_CONNECTION=mysql 10 | DB_HOST=127.0.0.1 11 | DB_PORT=3306 12 | DB_DATABASE=homestead 13 | DB_USERNAME=homestead 14 | DB_PASSWORD=secret 15 | 16 | BROADCAST_DRIVER=log 17 | CACHE_DRIVER=file 18 | SESSION_DRIVER=file 19 | QUEUE_DRIVER=sync 20 | 21 | REDIS_HOST=127.0.0.1 22 | REDIS_PASSWORD=null 23 | REDIS_PORT=6379 24 | 25 | MAIL_DRIVER=smtp 26 | MAIL_HOST=smtp.mailtrap.io 27 | MAIL_PORT=2525 28 | MAIL_USERNAME=null 29 | MAIL_PASSWORD=null 30 | MAIL_ENCRYPTION=null 31 | 32 | PUSHER_APP_ID= 33 | PUSHER_APP_KEY= 34 | PUSHER_APP_SECRET= 35 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto 2 | *.css linguist-vendored 3 | *.scss linguist-vendored 4 | *.js linguist-vendored 5 | CHANGELOG.md export-ignore 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules 2 | /public/hot 3 | /public/storage 4 | /storage/*.key 5 | /vendor 6 | /.idea 7 | /.vagrant 8 | Homestead.json 9 | Homestead.yaml 10 | npm-debug.log 11 | yarn-error.log 12 | .env 13 | package-lock.json 14 | composer.lock 15 | *~ 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # HCTF-Backend 2 | 3 | HCTF 2017 平台后端。 4 | 5 | 本仓库是平台的后端,需要和[前端](https://github.com/Last-Order/hctf_frontend)配合使用,关于前端的部署请参见前端仓库。在使用时,请使用`Nginx`或`Apache`等服务器将根目录指向前端(`/dist`目录),`/API`目录指向后端(`/public`目录)。 6 | 7 | 一份示例的`Apache Vhost`(生产环境)配置如下: 8 | ``` 9 | 10 | ServerName hctf.local 11 | 12 | DocumentRoot /var/www/hctf/hctf-frontend/dist 13 | Alias /API /var/www/hctf/hctf-backend/public 14 | 15 | ``` 16 | 17 | 开发环境下请使用反向代理将目录指向对应开发服务器。 18 | 19 | ## 平台简介 20 | 21 | HCTF 2017 采用自主开发的全新比赛平台,主要特色包括分层机制和反作弊机制。 22 | 23 | ### 分层机制 24 | #### 结构 25 | 26 | 本平台题目主要结构共有四层: 27 | 28 | 分类(Category)->层级(Level)->题目(Challenge)->Flag 29 | 30 | 逐级向下,每一道题目都需要分配到一个指定的层级中,每一个层级也需要自己所属的分类。因此,在创建新的题目时,首先应该新建分类,而后新建层级,最后把题目分配进去。 31 | 32 | #### 开层规则 33 | 34 | 平台的每一个层级(Level)和每一道题目(Challenge)都可以设定独立的开放时间,只有两者都满足时题目才会进入开放规则判定。 35 | 36 | 每一个层级可以设定自己的开放规则。开放规则目前仅支持根据已完成的题目数量进行设定,但在设计时已经留出扩展余地,添加新类型的规则应该不会太过困难。 37 | 38 | ![](http://ww1.sinaimg.cn/large/e985a6f7ly1foq6gjvxn6g211d0k57jl.gif) 39 | 40 | 如图所示,不同的规则可以通过逻辑运算符连接,目前不支持括号。 41 | 42 | ### 反作弊 43 | 44 | #### 题目最小完成时间 45 | 46 | 每一道题目可以设定最小的完成时间,从题目满足开放条件后第一次显示开始计算,小于设定时间的将会被自动封禁。 47 | 48 | #### 动态 Flag 49 | 50 | 在注册时,平台会给每一个队伍分配一个`Token`作为队伍的标识,该标识不应被泄露。在题目创建时,可以选择开启动态 Flag。 51 | 52 | 动态 Flag 意味着每个队伍的 Flag 将会根据用户的答题 Token 和题目答案计算。公式如下: 53 | 54 | `userFlag = "hctf{" + SHA256(userToken + flag) + "}"` 55 | 56 | 其中,`userFlag`指该用户的专属 Flag ,提交其他 Flag 将视为错误答案。`userToken`指该用户的答题`Token`,`flag`指在题目创建时填入的 Flag ,其作用相当于盐。 57 | 58 | 公式中的前缀后缀(`hctf{}`)可以在系统设置中修改。 59 | 60 | 动态 Flag 多用于 Pwn 题,在连上服务器后先要求用户输入`Token`,然后再进入其他流程,最终给出答案时根据题目本身的 Flag 和用户`Token`计算最终 Flag。 61 | 62 | #### 多 Flag 63 | 64 | 在动态计算 Flag 不便时,还可以使用多 Flag。 65 | 66 | 多 Flag 意味着需要为每一个队伍设定一个 Flag,具体输入格式请查看题创建页面。 67 | 68 | 多 Flag 机制多用于 Bin 题,这意味着需要事先编译好多于参赛队伍数量的二级制文件,并把每个队伍指向不同的文件下载地址。 69 | 70 | 在题目 URL 设置中可以使用`{teamId}`作为占位符,在展示给用户时该占位符将会被一段基于用户 ID 的哈希替代。 71 | 72 | 为了防止下载目录被遍历,该`{teamId}`的计算公式如下 73 | 74 | `teamId = SHA256(id + salt)` 75 | 76 | 其中`id`是队伍在数据库中的自增主键,`salt`为盐,**请务必更改**`.env`文件中的`APP_SALT`值。 77 | 78 | 提交其他队伍的 Flag 将会被自动封禁。 79 | 80 | #### 开放规则 81 | 82 | 如前文所述,每一个层级有自己开放规则。以下几种情况均会被自动封禁。 83 | 84 | 1. 提交未到开放时间的题目的正确 Flag。 85 | 2. 提交未满足开放规则的题目的正确 Flag。 86 | 87 | ## 多语言 88 | 89 | 平台前台部分提供了中文和英文两种语言,后台管理部分仅有中文。 90 | 91 | 前台部分可以通过修改`resources/lang`下的`json`文件进行扩展。 92 | 93 | 添加新的语言需要前端配合,请移步前端仓库。 94 | 95 | ## 动态分数 96 | 97 | 在 HCTF 2017 中我们采用了动态分数的设定,如不需要,可以修改`app\Services\ScoreService.php`。 98 | 99 | ## 后端部署指南 100 | 101 | 拉取代码、安装依赖 102 | 103 | ``` 104 | git clone https://github.com/Last-Order/hctf_backend 105 | cd ./hctf_backend 106 | composer install # 安装依赖 107 | ``` 108 | 109 | 依照`.env.example`创建 `.env`。记得添加一个`APP_SALT`。 110 | 111 | 生成 Laravel App Key 112 | 113 | `php artisan key:generate` 114 | 115 | 执行数据库迁移 116 | 117 | `php artisan migrate` 118 | 119 | 初始化数据库 120 | 121 | 编辑`database/seeds`下的两个文件,设定初始信息。 122 | 123 | ``` 124 | php artisan db:seed --class=ConfigTableSeeder 125 | php artisan db:seed --class=TeamTableSeeder 126 | ``` 127 | 128 | Enjoy it. -------------------------------------------------------------------------------- /app/Bulletin.php: -------------------------------------------------------------------------------- 1 | hasMany('App\Level', 'category_id', 'category_id'); 15 | } 16 | 17 | public function challenges() 18 | { 19 | return $this->hasManyThrough( 20 | 'App\Challenge', 21 | 'App\Level', 22 | 'category_id', 23 | 'level_id', 24 | 'category_id', 25 | 'level_id' 26 | ); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /app/Challenge.php: -------------------------------------------------------------------------------- 1 | 'array', 14 | 'is_dynamic_flag' => 'boolean' 15 | ]; 16 | 17 | public function getReleaseTimeAttribute($value){ 18 | return Carbon::parse($value, 'UTC')->toIso8601String(); 19 | } 20 | 21 | public function flags() 22 | { 23 | return $this->hasMany('App\Flag', 'challenge_id', 'challenge_id'); 24 | } 25 | 26 | public function logs() 27 | { 28 | return $this->hasMany('App\Log', 'challenge_id', 'challenge_id'); 29 | } 30 | 31 | public function level(){ 32 | return $this->belongsTo('App\Level', 'level_id', 'level_id'); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /app/Console/Kernel.php: -------------------------------------------------------------------------------- 1 | command('inspire') 28 | // ->hourly(); 29 | } 30 | 31 | /** 32 | * Register the Closure based commands for the application. 33 | * 34 | * @return void 35 | */ 36 | protected function commands() 37 | { 38 | require base_path('routes/console.php'); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /app/Exceptions/Handler.php: -------------------------------------------------------------------------------- 1 | expectsJson()) { 60 | return response()->json(['error' => 'Unauthenticated.'], 401); 61 | } 62 | 63 | return redirect()->guest(route('login')); 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /app/Facades/APIReturnFacade.php: -------------------------------------------------------------------------------- 1 | belongsTo('App\Level', 'level_id', 'level_id'); 16 | } 17 | 18 | public function challenge() 19 | { 20 | return $this->belongsTo('App\Challenge', 'challenge_id', 'challenge_id'); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /app/Http/Controllers/BulletinController.php: -------------------------------------------------------------------------------- 1 | 16 | */ 17 | public function list(Request $request) 18 | { 19 | try { 20 | return APIReturn::success(Bulletin::orderBy('bulletin_id', 'desc')->get()); 21 | } catch (\Exception $e) { 22 | return APIReturn::error("database_error", "数据库读写错误", 500); 23 | } 24 | } 25 | 26 | /** 27 | * 创建公告 28 | * @param Request $request 29 | * @return \Illuminate\Http\JsonResponse 30 | * @author Eridanus Sora 31 | */ 32 | public function create(Request $request) 33 | { 34 | $validator = \Validator::make($request->only(['title', 'content']), [ 35 | 'title' => 'required', 36 | 'content' => 'required' 37 | ], [ 38 | 'title.required' => '缺少标题字段', 39 | 'content.required' => '缺少内容字段' 40 | ]); 41 | 42 | if ($validator->fails()) { 43 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 44 | } 45 | 46 | try { 47 | $bulletin = new Bulletin(); 48 | $bulletin->title = $request->input('title'); 49 | $bulletin->content = $request->input('content'); 50 | $bulletin->save(); 51 | return APIReturn::success($bulletin); 52 | } catch (\Exception $e) { 53 | dump($e); 54 | return APIReturn::error("database_error", "数据库读写错误", 500); 55 | } 56 | } 57 | 58 | /** 59 | * 删除公告 60 | * @param Request $request 61 | * @return \Illuminate\Http\JsonResponse 62 | * @author Eridanus Sora 63 | */ 64 | public function delete(Request $request) 65 | { 66 | $validator = \Validator::make($request->only(['bulletinId']), [ 67 | 'bulletinId' => 'required' 68 | ], [ 69 | 'bulletinId.required' => '缺少公告ID字段' 70 | ]); 71 | 72 | if ($validator->fails()) { 73 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 74 | } 75 | 76 | try { 77 | $bulletin = Bulletin::find($request->input('bulletinId')); 78 | if (!$bulletin) { 79 | return APIReturn::error("bulletin_not_found", "该公告不存在", 404); 80 | } 81 | $bulletin->delete(); 82 | return APIReturn::success(); 83 | } catch (\Exception $e) { 84 | return APIReturn::error("database_error", "数据库读写错误", 500); 85 | } 86 | } 87 | 88 | /** 89 | * 修改公告 90 | * @param Request $request 91 | * @return \Illuminate\Http\JsonResponse 92 | * @author Eridanus Sora 93 | */ 94 | public function edit(Request $request) 95 | { 96 | $validator = \Validator::make($request->only(['bulletinId', 'title', 'content']), [ 97 | 'bulletinId' => 'required', 98 | 'title' => 'required', 99 | 'content' => 'required' 100 | ]); 101 | 102 | if ($validator->fails()) { 103 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 104 | } 105 | 106 | try { 107 | $bulletin = Bulletin::find($request->input('bulletinId')); 108 | if (!$bulletin) { 109 | return APIReturn::error("bulletin_not_found", "该公告不存在", 404); 110 | } 111 | $bulletin->title = $request->input('title'); 112 | $bulletin->content = $request->input('content'); 113 | $bulletin->save(); 114 | return APIReturn::success($bulletin); 115 | } catch (\Exception $e) { 116 | return APIReturn::error("database_error", "数据库读写错误", 500); 117 | } 118 | } 119 | } 120 | -------------------------------------------------------------------------------- /app/Http/Controllers/CategoryController.php: -------------------------------------------------------------------------------- 1 | 15 | */ 16 | public function list(Request $request) 17 | { 18 | try { 19 | $categories = Category::with(["levels", 'challenges'])->get(); 20 | return \APIReturn::success($categories); 21 | } catch (\Exception $e) { 22 | return \APIReturn::error("database_error", "数据库读写错误", 500); 23 | } 24 | } 25 | 26 | /** 27 | * 创建新分类 28 | * @param Request $request 29 | * @return \Illuminate\Http\JsonResponse 30 | * @author Eridanus Sora 31 | */ 32 | public function create(Request $request) 33 | { 34 | $validator = \Validator::make($request->all(), [ 35 | 'categoryName' => 'required' 36 | ], [ 37 | 'categoryName.required' => '缺少分类名字段' 38 | ]); 39 | 40 | if ($validator->fails()) { 41 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 42 | } 43 | 44 | try { 45 | $category = new Category(); 46 | $category->category_name = $request->input('categoryName'); 47 | $category->save(); 48 | \Logger::info("Category: " . $category->category_name . " 被创建"); 49 | return \APIReturn::success($category); 50 | } catch (\Exception $e) { 51 | return \APIReturn::error("database_error", "数据库读写错误", 500); 52 | } 53 | } 54 | 55 | /** 56 | * 删除 分类 57 | * @param Request $request 58 | * @return \Illuminate\Http\JsonResponse 59 | * @author Eridanus Sora 60 | */ 61 | public function deleteCategory(Request $request) 62 | { 63 | $validator = \Validator::make($request->only('categoryId'), [ 64 | 'categoryId' => 'required' 65 | ], [ 66 | 'categoryId.required' => '缺少 Category ID 字段' 67 | ]); 68 | 69 | if ($validator->fails()) { 70 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 71 | } 72 | 73 | try { 74 | $category = Category::find($request->input('categoryId')); 75 | if ($category->levels->count() > 0) { 76 | return \APIReturn::error("category_not_empty", "分类下仍有 Level"); 77 | } 78 | \Logger::info("Category: " . $category->category_name . " 被删除"); 79 | $category->delete(); 80 | return \APIReturn::success(); 81 | } catch (\Exception $e) { 82 | return \APIReturn::error("database_error", "数据库读写错误", 500); 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /app/Http/Controllers/ChallengeController.php: -------------------------------------------------------------------------------- 1 | 30 | */ 31 | public function create(Request $request) 32 | { 33 | $validator = Validator::make($request->all(), [ 34 | 'title' => 'required', 35 | 'description' => 'required', 36 | 'url' => 'required|url', 37 | 'score' => 'required|numeric', 38 | 'levelId' => 'required|integer', 39 | 'flag' => 'array', 40 | 'config' => 'required|json', 41 | 'releaseTime' => 'required|date' 42 | ], [ 43 | 'title.required' => '缺少标题字段', 44 | 'description.required' => '缺少说明字段', 45 | 'url.required' => '缺少 url 字段', 46 | 'url.url' => 'url 字段不合法', 47 | 'score.required' => '缺少基础分数字段', 48 | 'score.numeric' => '基础分数字段不合法', 49 | 'levelId.required' => '缺少 Level ID 字段', 50 | 'levelId.integer' => 'Level ID 字段不合法', 51 | 'flag.array' => 'Flag 字段不合法', 52 | 'config.required' => '缺少设置字段', 53 | 'config.json' => '设置字段不合法', 54 | 'releaseTime.required' => '缺少发布时间字段', 55 | 'releaseTime.date' => '发布时间字段不合法' 56 | ]); 57 | 58 | if ($validator->fails()) { 59 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 60 | } 61 | 62 | try { 63 | $newChallenge = new Challenge(); 64 | 65 | $newChallenge->title = $request->input('title'); 66 | $newChallenge->description = $request->input('description'); 67 | $newChallenge->url = $request->input('url'); 68 | $newChallenge->score = $request->input('score'); 69 | $newChallenge->level_id = $request->input('levelId'); 70 | $newChallenge->config = $request->input('config'); 71 | $newChallenge->release_time = Carbon::parse($request->input('releaseTime'))->setTimezone('UTC')->toDateTimeString(); 72 | $newChallenge->is_dynamic_flag = $request->input('isDynamicFlag'); 73 | 74 | $newChallenge->save(); 75 | $newChallenge->flags()->createMany($request->input('flag')); 76 | 77 | 78 | \Logger::info("一个新的 Challenge: " . $newChallenge->title . " 被创建"); 79 | 80 | return APIReturn::success([ 81 | "challenge" => $newChallenge 82 | ]); 83 | } catch (\Exception $e) { 84 | return APIReturn::error("database_error", "数据库读写错误", 500); 85 | } 86 | } 87 | 88 | /** 89 | * 查询指定ID Challenge 信息 90 | * @param Request $request 91 | * @return \Illuminate\Http\JsonResponse 92 | * @author Eridanus Sora 93 | */ 94 | public function info(Request $request) 95 | { 96 | $validator = Validator::make($request->all(), [ 97 | 'challengeId' => 'required|integer' 98 | ], [ 99 | 'challengeId.required' => '缺少Challenge ID字段', 100 | 'challengeId.integer' => 'Challenge ID不合法' 101 | ]); 102 | 103 | if ($validator->fails()) { 104 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 105 | } 106 | try { 107 | $challenge = Challenge::find($request->input('challengeId')); 108 | return APIReturn::success($challenge); 109 | } catch (\Exception $e) { 110 | return APIReturn::error("database_error", "数据库读写错误", 500); 111 | } 112 | } 113 | 114 | /** 115 | * 获得可用题目 116 | * @param Request $request 117 | * @author Eridanus Sora 118 | * @return \Illuminate\Http\JsonResponse 119 | */ 120 | public function list(Request $request) 121 | { 122 | $team = JWTAuth::parseToken()->toUser(); 123 | $team->load(['logs' => function ($query) { 124 | $query->where('status', 'correct'); 125 | }]); 126 | $categories = Category::with(["levels", 'challenges'])->get(); 127 | $validLevels = collect([]); 128 | $levelMaps = []; 129 | $result = collect([]); 130 | try{ 131 | $categories->each(function ($category) use ($validLevels, $team, &$levelMaps) { 132 | collect($category->levels)->each(function ($level) use ($validLevels, $team, &$levelMaps) { 133 | if ((new RuleValidator($team->team_id, $level->rules))->check($team->logs) && Carbon::now()->gt(Carbon::parse($level->release_time))) { 134 | $validLevels->push($level->level_id); 135 | $levelMaps[$level->level_id] = $level->level_name; 136 | } 137 | }); 138 | }); 139 | 140 | $categories->each(function ($category) use ($validLevels, $result, $levelMaps) { 141 | $result[$category->category_name] = $category->challenges->filter(function ($challenge) use ($validLevels) { 142 | $challenge->solvedCount = $challenge->logs->count(); 143 | $challenge->nowScore = ScoreService::calculate($challenge->solvedCount + 1, $challenge->score); 144 | $challenge->makeHidden('logs'); 145 | return $validLevels->contains($challenge->level_id) && Carbon::now()->gt(Carbon::parse($challenge->release_time)); 146 | })->groupBy(function($item) use ($levelMaps){ 147 | return $levelMaps[$item->level_id]; 148 | }); 149 | }); 150 | 151 | $placeholders = [ 152 | 'teamId' => hash('sha256', ((string)$team->team_id) . env('APP_SALT')) 153 | ]; 154 | } 155 | catch (\Exception $e){ 156 | return APIReturn::error("database_error", "数据库读写错误", 500); 157 | } 158 | 159 | return APIReturn::success([ 160 | 'placeholders' => $placeholders, 161 | 'challenges' => $result, 162 | 'solvedChallenges' => $team->logs 163 | ]); 164 | } 165 | 166 | /** 167 | * 重设基准分数 168 | * @param Request $request 169 | * @return \Illuminate\Http\JsonResponse 170 | * @author Eridanus Sora 171 | */ 172 | public function resetScore(Request $request) 173 | { 174 | $validator = Validator::make($request->only(['challengeId', 'score']), [ 175 | 'challengeId' => 'required|integer', 176 | 'score' => 'required|numeric' 177 | ], [ 178 | 'challengeId.required' => '缺少 Challenge ID 字段', 179 | 'challengeId.integer' => 'Challenge ID 字段不合法', 180 | 'score.required' => '缺少基准分数字段', 181 | 'score.numeric' => '基准分数字段不合法' 182 | ]); 183 | 184 | if ($validator->fails()) { 185 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 186 | } 187 | 188 | $score = $request->input('score'); 189 | 190 | try { 191 | // 重设所有队伍得分 192 | $count = Log::where('challenge_id', $request->input('challengeId'))->count(); 193 | $dynamicScore = ScoreService::calculate($count, $score); 194 | Log::where("challenge_id", $request->input('challengeId'))->update([ 195 | "score" => $dynamicScore 196 | ]); 197 | // 更新题目信息 198 | $challenge = Challenge::find($request->input('challengeId')); 199 | $challenge->score = $score ; 200 | $challenge->save(); 201 | return APIReturn::success(); 202 | } catch (\Exception $e) { 203 | return APIReturn::error("database_error", "数据库读写错误", 500); 204 | } 205 | } 206 | 207 | /** 208 | * 查询已经完成题目的队伍 209 | * @param Request $request 210 | * @return \Illuminate\Http\JsonResponse 211 | * @author Eridanus Sora 212 | */ 213 | public function getSolvedTeams(Request $request){ 214 | $validator = Validator::make($request->only(['challengeId']), [ 215 | 'challengeId' => 'required' 216 | ], [ 217 | 'challengeId.required' => __('缺少 题目ID 字段') 218 | ]); 219 | 220 | 221 | if ($validator->fails()) { 222 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 223 | } 224 | 225 | try{ 226 | $team = JWTAuth::parseToken()->toUser(); 227 | $team->load(['logs' => function ($query) { 228 | $query->where('status', 'correct'); 229 | }]); 230 | $challenge = Challenge::where('challenge_id',$request->input('challengeId'))->with("level")->first(); 231 | if (!$challenge){ 232 | return APIReturn::error("challenge_not_found", __("问题不存在"), 404); 233 | } 234 | $logs = Log::where([ 235 | ["challenge_id", '=', $request->input("challengeId")], 236 | ["status", "=", "correct"] 237 | ])->with(['team'])->orderBy("created_at")->get(); 238 | $ruleValidator = new RuleValidator($team->team_id, $challenge->level->rules); 239 | if (!$team->admin && !$ruleValidator->check($team->logs)){ 240 | // 题目未开放 241 | return APIReturn::error("challenge_not_found", __("问题不存在"), 404); 242 | } 243 | $result = []; 244 | 245 | $logs->each(function($log) use(&$result){ 246 | array_push($result, [ 247 | 'teamName' => $log->team->team_name, 248 | 'solvedAt' => Carbon::parse($log->created_at)->toIso8601String() 249 | ]); 250 | }); 251 | return APIReturn::success($result); 252 | } 253 | catch (\Exception $e){ 254 | return APIReturn::error("database_error", "数据库读写错误", 500); 255 | } 256 | } 257 | 258 | /** 259 | * 获得 Flags 详情 260 | * @param Request $request 261 | * @return \Illuminate\Http\JsonResponse 262 | * @author Eridanus Sora 263 | */ 264 | public function getFlagsInfo(Request $request) 265 | { 266 | $validator = Validator::make($request->only(['challengeId']), [ 267 | 'challengeId' => 'required|integer' 268 | ], [ 269 | 'challengeId.required' => '缺少 Challenge ID 字段', 270 | 'challengeId.integer' => 'Challenge ID 字段不合法' 271 | ]); 272 | 273 | if ($validator->fails()) { 274 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 275 | } 276 | 277 | try { 278 | $challenge = Challenge::where('challenge_id', $request->input('challengeId'))->with('flags')->first(); 279 | return APIReturn::success($challenge->flags); 280 | } catch (\Exception $e) { 281 | return APIReturn::error("database_error", "数据库读写错误", 500); 282 | } 283 | } 284 | 285 | /** 286 | * 修改 Challenge 基本信息 287 | * @param Request $request 288 | * @return \Illuminate\Http\JsonResponse 289 | * @author Eridanus Sora 290 | */ 291 | public function editChallenge(Request $request) 292 | { 293 | $validator = Validator::make($request->only(['challengeId', 'title', 'description', 'releaseTime', 'url']), [ 294 | 'challengeId' => 'required|integer', 295 | 'title' => 'required', 296 | 'description' => 'required', 297 | 'releaseTime' => 'required|date', 298 | 'url' => 'required' 299 | ], [ 300 | 'challengeId.required' => '缺少 Challenge ID 字段', 301 | 'challengeId.integer' => 'Challenge ID 字段不合法', 302 | 'title.required' => '缺少标题字段', 303 | 'description' => '缺少描述字段', 304 | 'releaseTime.required' => '缺少开放时间字段', 305 | 'releaseTime.date' => '开放时间字段不合法', 306 | 'url.required' => '缺少 URL 字段' 307 | ]); 308 | 309 | if ($validator->fails()) { 310 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 311 | } 312 | 313 | try { 314 | $challenge = Challenge::find($request->input('challengeId')); 315 | if (!$challenge) { 316 | return APIReturn::error('challenge_not_found', 'challenge_not_found', 404); 317 | } 318 | 319 | $challenge->title = $request->input('title'); 320 | $challenge->description = $request->input('description'); 321 | $challenge->release_time = Carbon::parse($request->input('releaseTime'))->setTimezone('UTC')->toDateTimeString(); 322 | $challenge->url = $request->input('url'); 323 | $challenge->save(); 324 | 325 | return APIReturn::success($challenge); 326 | } catch (\Exception $e) { 327 | return APIReturn::error("database_error", "数据库读写错误", 500); 328 | } 329 | } 330 | 331 | /** 332 | * 添加 Flag 333 | * @param Request $request 334 | * @return \Illuminate\Http\JsonResponse 335 | * @author Eridanus Sora 336 | */ 337 | public function addFlags(Request $request) 338 | { 339 | $validator = Validator::make($request->only(['challengeId', 'flag']), [ 340 | 'challengeId' => 'required|integer', 341 | 'flag' => 'required|array' 342 | ], [ 343 | 'challengeId.required' => '缺少 Challenge ID 字段', 344 | 'challengeId.integer' => 'Challenge ID 字段不合法', 345 | 'flag.required' => '缺少 Flag 字段', 346 | 'flag.array' => 'Flag 字段不合法' 347 | ]); 348 | 349 | if ($validator->fails()) { 350 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 351 | } 352 | 353 | try{ 354 | $challenge = Challenge::find($request->input('challengeId')); 355 | if (!$challenge){ 356 | return APIReturn::error('challenge_not_found', '不存在的问题', 404); 357 | } 358 | $challenge->flags()->createMany($request->input('flag')); 359 | return APIReturn::success($challenge->flags); 360 | } 361 | catch (\Exception $e){ 362 | return APIReturn::error("database_error", "数据库读写错误", 500); 363 | } 364 | } 365 | 366 | /** 367 | * 删除所有关联 Flag 368 | * @param Request $request 369 | * @return \Illuminate\Http\JsonResponse 370 | * @author Eridanus Sora 371 | */ 372 | public function deleteAllFlags(Request $request) 373 | { 374 | $validator = Validator::make($request->only(['challengeId']), [ 375 | 'challengeId' => 'required|integer' 376 | ], [ 377 | 'challengeId.required' => '缺少 Challenge ID 字段', 378 | 'challengeId.integer' => 'Challenge ID 字段不合法' 379 | ]); 380 | 381 | if ($validator->fails()) { 382 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 383 | } 384 | 385 | try { 386 | Flag::where('challenge_id', $request->input('challengeId'))->delete(); 387 | return APIReturn::success(); 388 | } catch (\Exception $e) { 389 | return APIReturn::error("database_error", "数据库读写错误", 500); 390 | } 391 | } 392 | 393 | /** 394 | * 删除 Challenge 395 | * @param Request $request 396 | * @return \Illuminate\Http\JsonResponse 397 | * @author Eridanus Sora 398 | */ 399 | public function deleteChallenge(Request $request) 400 | { 401 | $validator = Validator::make($request->only('challengeId'), [ 402 | 'challengeId' => 'required' 403 | ], [ 404 | 'challengeId.required' => '缺少 Challenge ID 字段' 405 | ]); 406 | 407 | if ($validator->fails()) { 408 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 409 | } 410 | 411 | try { 412 | // 删除关联的所有 Flag 413 | $challenge = Challenge::find($request->input('challengeId')); 414 | $challenge->flags()->delete(); 415 | $challenge->logs()->delete(); 416 | // 删除本体 417 | \Logger::info("Challenge " . $challenge->title . " 被删除"); 418 | $challenge->delete(); 419 | 420 | return APIReturn::success(); 421 | } catch (\Exception $e) { 422 | return APIReturn::error("database_error", "数据库读写错误", 500); 423 | } 424 | } 425 | 426 | /** 427 | * 提交 Flag 428 | * @param Request $request 429 | * @return \Illuminate\Http\JsonResponse 430 | * @author Eridanus Sora 431 | */ 432 | public function submitFlag(Request $request) 433 | { 434 | $validator = Validator::make($request->only('flag'), [ 435 | 'flag' => 'required' 436 | ], [ 437 | 'flag.required' => __('缺少 Flag 字段') 438 | ]); 439 | 440 | $team = JWTAuth::parseToken()->toUser(); 441 | $team->load(['logs' => function ($query) { 442 | $query->where('status', 'correct'); 443 | }]); 444 | 445 | 446 | if ($validator->fails()) { 447 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 448 | } 449 | try { 450 | $flag = Flag::where('flag', $request->input('flag'))->first(); 451 | $config = collect(\DB::table("config")->get())->pluck('value', 'key'); 452 | $flagPrefix = $config["flag_prefix"]; 453 | $flagSuffix = $config["flag_suffix"]; 454 | $isDynamicFlag = false; 455 | 456 | if (!$flag) { 457 | // Flag 不正确 458 | if (strlen($request->input('flag')) === 64 + strlen($flagPrefix) + strlen($flagSuffix)) { 459 | // SHA256 长度为 64 位 / 可能是动态 Flag 460 | $dynamicFlagChallenges = Challenge::with("flags")->where("is_dynamic_flag", "=", 1)->get(); 461 | foreach ($dynamicFlagChallenges as $c) { 462 | if ($c->flags->count() > 0) { 463 | if ($flagPrefix . hash("sha256", $team->token . $c->flags[0]->flag) . $flagSuffix === $request->input('flag')) { 464 | $isDynamicFlag = true; 465 | $flag = $c->flags[0]; 466 | } 467 | } 468 | } 469 | } 470 | if (!$flag) { 471 | \Logger::notice("队伍 " . $team->team_name . ' 提交 Flag: ' . $request->input('flag') . ' (错误)'); 472 | return APIReturn::error("wrong_flag", __("Flag 不正确"), 403); 473 | } 474 | } 475 | 476 | if (!$isDynamicFlag && $flag->flag !== $request->input('flag')){ 477 | \Logger::notice("队伍 " . $team->team_name . ' 提交 Flag: ' . $request->input('flag') . ' (错误)'); 478 | return APIReturn::error("wrong_flag", __("Flag 不正确"), 403); 479 | } 480 | 481 | $level = Level::find($flag->challenge->level_id); 482 | 483 | if (Log::where([ 484 | 'challenge_id' => $flag->challenge_id, 485 | 'team_id' => $team->team_id, 486 | 'status' => 'correct' 487 | ])->first()) { 488 | return APIReturn::error("duplicate_submit", __("Flag 已经提交过"), 403); 489 | } 490 | 491 | if ($flag->team_id != 0) { 492 | // Flag 是限定队伍的 493 | if ($flag->team_id != $team->team_id) { 494 | // 提交了其他队伍的 Flag 495 | $team->banned = true; 496 | $team->save(); 497 | \Logger::info("队伍 " . $team->team_name . ' 由于提交其他队伍 (ID:' . $flag->team_id .') 的 Flag 被系统自动封禁 (Challenge: ' . $flag->challenge->title . ')'); 498 | return APIReturn::error("banned", __("队伍已被封禁"), 403); 499 | } 500 | } 501 | 502 | $ruleValidator = new RuleValidator($team->team_id, $level->rules); 503 | if (!$ruleValidator->check($team->logs) || Carbon::now()->lt(Carbon::parse($flag->challenge->release_time)) || Carbon::now()->lt(Carbon::parse($level->release_time))) { 504 | // 该队伍提交了还未开放的问题的 flag 505 | $team->banned = true; 506 | $team->save(); 507 | \Logger::info("队伍 " . $team->team_name . ' 由于提交未开放任务的 Flag 被系统自动封禁 (Challenge: ' . $flag->challenge->title . ')'); 508 | return APIReturn::error("banned", __("队伍已被封禁"), 403); 509 | } 510 | 511 | // 题目完成时间与最小限制比对 512 | if (json_decode($flag->challenge->config)->minimumSolveTime !== 0) { 513 | if ($ruleValidator->secondsAfterOpen() < json_decode($flag->challenge->config)->minimumSolveTime) { 514 | // 做题时间太短 515 | $team->banned = true; 516 | $team->save(); 517 | \Logger::info("队伍 " . $team->team_name . ' 由于开放问题到提交正确 Flag 的时间间隔小于阈值被系统自动封禁 (Challenge: ' . $flag->challenge->title . ')'); 518 | return APIReturn::error("banned", __("队伍已被封禁"), 403); 519 | } 520 | } 521 | 522 | // 验证完毕 添加记录 523 | $successLog = new Log(); 524 | $successLog->team_id = $team->team_id; 525 | $successLog->challenge_id = $flag->challenge_id; 526 | $successLog->level_id = $flag->challenge->level_id; 527 | $successLog->category_id = $level->category_id; 528 | $successLog->status = "correct"; 529 | $successLog->flag = $request->input('flag'); 530 | $successLog->score = 0.0; 531 | $successLog->save(); 532 | // 动态分数应用 533 | $challengeLogs = Log::where([ 534 | "challenge_id" => $flag->challenge_id, 535 | 'status' => 'correct' 536 | ])->get(); 537 | if ($challengeLogs->count() == 1){ 538 | // FIRST BLOOD 539 | \Logger::alert("FIRST BLOOD! Challenge: " . $flag->challenge->title . " By ". $team->team_name); 540 | } 541 | $dynamicScore = ScoreService::calculate($challengeLogs->count(), $flag->challenge->score); 542 | Log::where("challenge_id", $flag->challenge_id)->update([ 543 | "score" => $dynamicScore 544 | ]); 545 | \Logger::info("队伍 " . $team->team_name . ' 提交问题 ' . $flag->challenge->title . ' Flag: ' . $request->input('flag') . ' (正确)'); 546 | return APIReturn::success([ 547 | "score" => $dynamicScore 548 | ]); 549 | } catch (\Exception $e) { 550 | return APIReturn::error("database_error", __("数据库读写错误"), 500); 551 | } 552 | } 553 | } 554 | -------------------------------------------------------------------------------- /app/Http/Controllers/Controller.php: -------------------------------------------------------------------------------- 1 | 16 | */ 17 | public function deleteFlag(Request $request) 18 | { 19 | $validator = \Validator::make($request->only(['flagId']), [ 20 | 'flagId' => 'required|integer' 21 | ], [ 22 | 'flagId.required' => '缺少 Flag ID 字段', 23 | 'flagId.integer' => 'Flag ID 字段不合法' 24 | ]); 25 | 26 | if ($validator->fails()) { 27 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 28 | } 29 | 30 | try { 31 | $flag = Flag::find($request->input('flagId')); 32 | $flag->delete(); 33 | return APIReturn::success(); 34 | } catch (\Exception $e) { 35 | return APIReturn::error("database_error", "数据库读写错误", 500); 36 | } 37 | } 38 | 39 | /** 40 | * 编辑 Flag 41 | * @param Request $request 42 | * @return \Illuminate\Http\JsonResponse 43 | * @author Eridanus Sora 44 | */ 45 | public function editFlag(Request $request) 46 | { 47 | $validator = \Validator::make($request->only(['flagId', 'flag', 'teamId']), [ 48 | 'flagId' => 'required|integer', 49 | 'flag' => 'required', 50 | 'teamId' => 'required' 51 | ], [ 52 | 'flagId.required' => '缺少 Flag ID 字段', 53 | 'flagId.integer' => 'Flag ID 字段不合法', 54 | 'flag.required' => '缺少 Flag 字段', 55 | 'teamId.required' => '缺少 Team ID 字段' 56 | ]); 57 | 58 | if ($validator->fails()) { 59 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 60 | } 61 | 62 | try { 63 | $flag = Flag::find($request->input('flagId')); 64 | 65 | if (!$flag) { 66 | return APIReturn::error('flag_not_found', 'Flag 不存在', 404); 67 | } 68 | 69 | $flag->flag = $request->input('flag'); 70 | $flag->team_id = $request->input('teamId'); 71 | $flag->save(); 72 | 73 | return APIReturn::success($flag); 74 | } catch (\Exception $e) { 75 | return APIReturn::error("database_error", "数据库读写错误", 500); 76 | } 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /app/Http/Controllers/IndexController.php: -------------------------------------------------------------------------------- 1 | "hctf" 21 | ]); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /app/Http/Controllers/LevelController.php: -------------------------------------------------------------------------------- 1 | only(['categoryId', 'levelName', 'releaseTime']), [ 18 | 'categoryId' => 'required|integer', 19 | 'levelName' => 'required', 20 | 'releaseTime' => 'required|date' 21 | ], [ 22 | 'categoryId.required' => '缺少分类ID字段', 23 | 'categoryId.integer' => '分类ID不合法', 24 | 'levelName.required' => '缺少 LevelName 字段', 25 | 'releaseTime.required' => '缺少开放时间字段', 26 | 'releaseTime.date' => '开放时间字段不合法' 27 | ]); 28 | 29 | if ($validator->fails()) { 30 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 31 | } 32 | 33 | try { 34 | $category = Category::find($request->input('categoryId')); 35 | if (!$category) { 36 | return APIReturn::error("category_not_found", "分类不存在", 404); 37 | } 38 | $newLevel = new Level(); 39 | $newLevel->level_name = $request->input('levelName'); 40 | $newLevel->release_time = Carbon::parse($request->input('releaseTime'))->setTimezone('UTC')->toDateTimeString(); 41 | $newLevel->rules = []; 42 | 43 | $category->levels()->save($newLevel); 44 | 45 | \Logger::info("分类 " . $category->category_name . " 下创建了一个新的 Level: " . $newLevel->level_name); 46 | return APIReturn::success($newLevel); 47 | } catch (\Exception $e) { 48 | return \APIReturn::error("database_error", "数据库读写错误", 500); 49 | } 50 | } 51 | 52 | /** 53 | * 查询 Level 信息 54 | * @param Request $request 55 | * @return \Illuminate\Http\JsonResponse 56 | * @author Eridanus Sora 57 | */ 58 | public function info(Request $request) 59 | { 60 | try { 61 | $levelInfo = Level::where('level_id', $request->input('levelId'))->with('challenges')->first(); 62 | //$levelInfo->challenges->load('logs'); 63 | return \APIReturn::success($levelInfo); 64 | } catch (\Exception $e) { 65 | dump($e); 66 | return \APIReturn::error("database_error", "数据库读写错误", 500); 67 | } 68 | } 69 | 70 | /** 71 | * 修改 Level 名 72 | * @param Request $request 73 | * @return \Illuminate\Http\JsonResponse 74 | * @author Eridanus Sora 75 | */ 76 | public function setName(Request $request) 77 | { 78 | $validator = Validator::make($request->only(['levelId', 'levelName']), [ 79 | 'levelId' => 'required|integer', 80 | 'levelName' => 'required' 81 | ], [ 82 | 'levelId.required' => '缺少 Level ID 字段', 83 | 'levelId.integer' => 'Level ID 字段不合法', 84 | 'levelName.required' => '缺少 Level名 字段' 85 | ]); 86 | 87 | if ($validator->fails()) { 88 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 89 | } 90 | 91 | try { 92 | $level = Level::find($request->input('levelId')); 93 | $level->level_name = $request->input('levelName'); 94 | $level->save(); 95 | \Logger::info("Level (ID:" . $level->level_id . ")的名称被修改为" . $level->level_name); 96 | return \APIReturn::success($level); 97 | } catch (\Exception $e) { 98 | return \APIReturn::error("database_error", "数据库读写错误", 500); 99 | } 100 | } 101 | 102 | /** 103 | * 修改发布时间 104 | * @param Request $request 105 | * @return \Illuminate\Http\JsonResponse 106 | * @author Eridanus Sora 107 | */ 108 | public function setReleaseTime(Request $request) 109 | { 110 | $validator = Validator::make($request->only(['levelId', 'releaseTime']), [ 111 | 'levelId' => 'required|integer', 112 | 'releaseTime' => 'required|date' 113 | ], [ 114 | 'levelId.required' => '缺少 Level ID 字段', 115 | 'levelId.integer' => 'Level ID 字段不合法', 116 | 'releaseTime.required' => '缺少 发布时间 字段', 117 | 'releaseTime.date' => '发布时间字段不合法' 118 | ]); 119 | 120 | if ($validator->fails()) { 121 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 122 | } 123 | 124 | try { 125 | $level = Level::find($request->input('levelId')); 126 | $level->release_time = Carbon::parse($request->input('releaseTime'))->setTimezone('UTC')->toDateTimeString(); 127 | $level->save(); 128 | \Logger::info("Level (ID:" . $level->level_id . ")的开放时间被修改为" . $level->release_time); 129 | return \APIReturn::success($level); 130 | } catch (\Exception $e) { 131 | return \APIReturn::error("database_error", "数据库读写错误", 500); 132 | } 133 | } 134 | 135 | /** 136 | * 修改开放规则 137 | * @param Request $request 138 | * @return \Illuminate\Http\JsonResponse 139 | * @author Eridanus Sora 140 | */ 141 | public function setRules(Request $request) 142 | { 143 | $validator = Validator::make($request->only(['levelId', 'rules']), [ 144 | 'levelId' => 'required|integer', 145 | 'rules' => 'required|json' 146 | ], [ 147 | 'levelId.required' => '缺少 Level ID 字段', 148 | 'levelId.integer' => 'Level ID 字段不合法', 149 | 'rules.required' => '缺少 Rules 字段', 150 | 'rules.json' => 'Rules 字段不合法' 151 | ]); 152 | 153 | if ($validator->fails()) { 154 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 155 | } 156 | 157 | try { 158 | $level = Level::find($request->input('levelId')); 159 | $level->rules = json_decode($request->input('rules'), true); 160 | $level->save(); 161 | \Logger::info("Level (ID:" . $level->level_id . ")的开放规则被修改"); 162 | return \APIReturn::success($level); 163 | } catch (\Exception $e) { 164 | return \APIReturn::error("database_error", "数据库读写错误", 500); 165 | } 166 | } 167 | 168 | /** 169 | * 删除 Level 170 | * @param Request $request 171 | * @return \Illuminate\Http\JsonResponse 172 | * @author Eridanus Sora 173 | */ 174 | public function deleteLevel(Request $request) 175 | { 176 | $validator = Validator::make($request->only('levelId'), [ 177 | 'levelId' => 'required', 178 | ], [ 179 | 'levelId.required' => '缺少 Level ID 字段' 180 | ]); 181 | 182 | if ($validator->fails()) { 183 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 184 | } 185 | 186 | try { 187 | $level = Level::find($request->input('levelId')); 188 | 189 | if (!$level) { 190 | return APIReturn::error("level_not_found", "Level 不存在", 404); 191 | } 192 | 193 | if ($level->challenges->count() > 0) { 194 | return APIReturn::error("level_not_empty", "Level 下仍有 Challenge", 403); 195 | } 196 | \Logger::info("Level (ID:" . $level->level_id . ") 被删除"); 197 | $level->delete(); 198 | return APIReturn::success(); 199 | } catch (\Exception $e) { 200 | return \APIReturn::error("database_error", "数据库读写错误", 500); 201 | } 202 | } 203 | } 204 | -------------------------------------------------------------------------------- /app/Http/Controllers/SystemController.php: -------------------------------------------------------------------------------- 1 | 16 | */ 17 | public function getMetaInfo(Request $request) 18 | { 19 | $config = collect(\DB::table("config")->get())->pluck('value', 'key'); 20 | return APIReturn::success([ 21 | 'startTime' => Carbon::parse($config['start_time'], 'UTC')->toIso8601String(), 22 | 'endTime' => Carbon::parse($config['end_time'], 'UTC')->toIso8601String(), 23 | 'flagPrefix' => $config['flag_prefix'], 24 | 'flagSuffix' => $config['flag_suffix'] 25 | ]); 26 | } 27 | 28 | /** 29 | * 编辑系统设置 30 | * @param Request $request 31 | * @return \Illuminate\Http\JsonResponse 32 | * @author Eridanus Sora 33 | */ 34 | public function editMetaInfo(Request $request){ 35 | $validator = \Validator::make($request->only(['startTime', 'endTime', 'flagPrefix', 'flagSuffix']), [ 36 | 'startTime' => 'required|date', 37 | 'endTime' => 'required|date', 38 | 'flagPrefix' => 'required', 39 | 'flagSuffix' => 'required' 40 | ]); 41 | 42 | if ($validator->fails()) { 43 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 44 | } 45 | 46 | try{ 47 | \DB::table("config")->where('key', '=', 'start_time')->update([ 48 | 'value' => Carbon::parse($request->input('startTime'))->setTimezone('UTC')->toDateTimeString() 49 | ]); 50 | \DB::table("config")->where('key', '=', 'end_time')->update([ 51 | 'value' => Carbon::parse($request->input('endTime'))->setTimezone('UTC')->toDateTimeString() 52 | ]); 53 | \DB::table("config")->where('key', '=', 'flag_prefix')->update([ 54 | 'value' => $request->input('flagPrefix') 55 | ]); 56 | \DB::table("config")->where('key', '=', 'flag_suffix')->update([ 57 | 'value' => $request->input('flagSuffix') 58 | ]); 59 | } 60 | catch (\Exception $e){ 61 | return \APIReturn::error("database_error", "数据库读写错误", 500); 62 | } 63 | 64 | return APIReturn::success(); 65 | } 66 | } -------------------------------------------------------------------------------- /app/Http/Controllers/SystemLogController.php: -------------------------------------------------------------------------------- 1 | 15 | */ 16 | public function list(Request $request) 17 | { 18 | if (!$request->input("startId")) { 19 | return \APIReturn::success(SystemLog::orderBy('id', 'desc')->take(50)->get()); 20 | } else { 21 | return \APIReturn::success(SystemLog::where('id', '>', $request->input('startId'))->orderBy('id', 'desc')->get()); 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /app/Http/Controllers/TeamController.php: -------------------------------------------------------------------------------- 1 | team = $team; 23 | } 24 | 25 | /** 26 | * 登陆 27 | * @param Request $request 28 | * @return \Illuminate\Http\JsonResponse 29 | * @author Aklis 30 | */ 31 | public function login(Request $request) 32 | { 33 | $credentials = $request->only('email', 'password'); 34 | 35 | $validator = \Validator::make($credentials, [ 36 | 'email' => 'required|email', 37 | 'password' => 'required|size:64' 38 | ], [ 39 | 'email.required' => __('缺少 Email 字段'), 40 | 'email.email' => __('Email 字段不合法'), 41 | 'password.required' => __('缺少密码字段'), 42 | 'password.size' => __('密码字段不合法') 43 | ]); 44 | 45 | if ($validator->fails()) { 46 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 47 | } 48 | 49 | $access_token = null; 50 | try { 51 | if (Auth::once($credentials)) { 52 | $team = Auth::getUser(); 53 | } else { 54 | return APIReturn::error("invalid_email_or_password", __("Email 与密码不匹配"), 401); 55 | } 56 | 57 | if (!$team) { 58 | return APIReturn::error("invalid_email_or_password", __("Email 与密码不匹配"), 401); 59 | } else { 60 | $access_token = JWTAuth::fromUser($team, [ 61 | 'is_admin' => $team->admin 62 | ]); 63 | } 64 | } catch (\Exception $e) { 65 | return APIReturn::error("database_error", "数据库读写错误", 500); 66 | } 67 | 68 | return APIReturn::success(['access_token' => $access_token]); 69 | } 70 | 71 | /** 72 | * 注册 73 | * @param Request $request 74 | * @return \Illuminate\Http\JsonResponse 75 | * @author Aklis 76 | */ 77 | public function register(Request $request) 78 | { 79 | $input = $request->only('teamName', 'email', 'password'); 80 | 81 | $validator = \Validator::make($input, [ 82 | 'teamName' => 'required|max:30', 83 | 'email' => 'required|email|max:32', 84 | 'password' => 'required|size:64' 85 | ], [ 86 | 'teamName.required' => __('缺少队伍名字段'), 87 | 'teamName.max' => __('队伍名过长'), 88 | 'email.require' => __('缺少 Email 字段'), 89 | 'email.email' => __('Email 字段不合法'), 90 | 'email.max' => __('Email 过长'), 91 | 'password.required' => __('缺少密码字段'), 92 | 'password.size' => __('密码字段不合法') 93 | ]); 94 | 95 | if ($validator->fails()) { 96 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 97 | } 98 | 99 | try { 100 | $team = $this->team->create([ 101 | 'team_name' => $input['teamName'], 102 | 'email' => $input['email'], 103 | 'password' => bcrypt($input['password']), 104 | 'signUpTime' => Carbon::now('Asia/Shanghai'), 105 | 'lastLoginTime' => Carbon::now('Asia/Shanghai'), 106 | 'token' => str_random("32"), 107 | ]); 108 | 109 | } catch (\Exception $err) { 110 | return APIReturn::error("email_or_team_already_exist", __("队伍或Email已经存在"), 500); 111 | } 112 | 113 | return APIReturn::success([ 114 | 'msg' => 'Welcome to HCTF 2017!', 115 | ]); 116 | } 117 | 118 | public function getAuthInfo(Request $request) 119 | { 120 | $team = JWTAuth::parseToken()->toUser(); 121 | $team->load('logs'); 122 | $team->lastLoginTime = Carbon::now('Asia/Shanghai'); 123 | $team->save(); 124 | $ranking = Team::orderByScore()->get()->search(function ($t) use ($team) { 125 | return $t->team_id == $team->team_id; 126 | }); 127 | if ($ranking === false) { 128 | $team->ranking = -1; 129 | } else { 130 | $team->ranking = $ranking + 1; 131 | } 132 | return APIReturn::success($team); 133 | } 134 | 135 | 136 | /** 137 | * 列出所有队伍 138 | * @param Request $request 139 | * @return \Illuminate\Http\JsonResponse 140 | * @author Eridanus Sora 141 | */ 142 | public function listTeams(Request $request) 143 | { 144 | $page = $request->input('page') ?? '1'; 145 | try { 146 | $teams = Team::with('logs')->skip(($page - 1) * 20)->take(20)->get(); 147 | $counts = Team::count(); 148 | return APIReturn::success([ 149 | "total" => $counts, 150 | "teams" => $teams 151 | ]); 152 | } catch (\Exception $e) { 153 | return APIReturn::error("database_error", "数据库读写错误", 500); 154 | } 155 | } 156 | 157 | /** 158 | * 批量查询用户信息 * 公开方法 159 | * @param Request $request 160 | * @return \Illuminate\Http\JsonResponse 161 | * @author Eridanus Sora 162 | */ 163 | public function publicListTeams(Request $request) 164 | { 165 | $validator = \Validator::make($request->only("teamId"), [ 166 | 'teamId' => 'required|array|between:0,21', 167 | ], [ 168 | 'teamId.required' => '缺少 teamId 字段', 169 | 'teamId.array' => 'teamId 字段只能为数组', 170 | 'teamId.between' => 'teamId 超过数量限制' 171 | ]); 172 | 173 | if ($validator->fails()) { 174 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 175 | } 176 | 177 | try { 178 | $result = Team::with(["logs" => function ($query) { 179 | $query->where("status", "correct")->orderBy("created_at", "asc"); 180 | }])->whereIn("team_id", $request->input('teamId'))->get(); 181 | $result->makeHidden(['email', 'admin', 'banned', 'created_at', 'updated_at', 'lastLoginTime', 'signUpTime', 'token']); 182 | // 隐藏提交的 Flag 内容 183 | $result->each(function ($team) { 184 | $team->logs->each(function ($log) { 185 | $log->makeHidden('flag'); 186 | }); 187 | }); 188 | return APIReturn::success($result); 189 | } catch (\Exception $e) { 190 | return APIReturn::error("database_error", "数据库读写错误", 500); 191 | } 192 | } 193 | 194 | public function search(Request $request) 195 | { 196 | $validator = \Validator::make($request->only('keyword'), [ 197 | 'keyword' => 'required' 198 | ], [ 199 | 'keyword.required' => '缺少关键词字段' 200 | ]); 201 | 202 | if ($validator->fails()) { 203 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 204 | } 205 | 206 | try { 207 | $keyword = $request->input('keyword'); 208 | $teams = Team::where('team_name', 'like', "%$keyword%")->get(); 209 | return APIReturn::success($teams); 210 | } catch (\Exception $e) { 211 | return APIReturn::error("database_error", "数据库读写错误", 500); 212 | } 213 | } 214 | 215 | /** 216 | * 封禁队伍 217 | * @param Request $request 218 | * @return \Illuminate\Http\JsonResponse 219 | * @author Eridanus Sora 220 | */ 221 | public function banTeam(Request $request) 222 | { 223 | $validator = \Validator::make($request->all(), [ 224 | 'teamId' => 'required|array' 225 | ], [ 226 | 'teamId.required' => '缺少队伍ID字段', 227 | 'teamId.array' => '队伍ID必须为数组' 228 | ]); 229 | 230 | if ($validator->fails()) { 231 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 232 | } 233 | 234 | try { 235 | Team::where('team_id', $request->input('teamId'))->update([ 236 | 'banned' => true 237 | ]); 238 | return APIReturn::success(); 239 | } catch (\Exception $e) { 240 | return APIReturn::error("database_error", "数据库读写错误", 500); 241 | } 242 | } 243 | 244 | /** 245 | * 解除封禁 246 | * @param Request $request 247 | * @return \Illuminate\Http\JsonResponse 248 | * @author Eridanus Sora 249 | */ 250 | public function unbanTeam(Request $request) 251 | { 252 | $validator = \Validator::make($request->all(), [ 253 | 'teamId' => 'required|array' 254 | ], [ 255 | 'teamId.required' => '缺少队伍ID字段', 256 | 'teamId.array' => '队伍ID必须为数组' 257 | ]); 258 | 259 | if ($validator->fails()) { 260 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 261 | } 262 | try { 263 | Team::where('team_id', $request->input('teamId'))->update([ 264 | 'banned' => false 265 | ]); 266 | return APIReturn::success(); 267 | } catch (\Exception $e) { 268 | return APIReturn::error("database_error", "数据库读写错误", 500); 269 | } 270 | } 271 | 272 | /** 273 | * 设定为管理员 274 | * @param Request $request 275 | * @return \Illuminate\Http\JsonResponse 276 | * @author Eridanus Sora 277 | */ 278 | public function setAdmin(Request $request) 279 | { 280 | $validator = \Validator::make($request->all(), [ 281 | 'teamId' => 'required|array' 282 | ], [ 283 | 'teamId.required' => '缺少队伍ID字段', 284 | 'teamId.array' => '队伍ID必须为数组' 285 | ]); 286 | 287 | if ($validator->fails()) { 288 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 289 | } 290 | try { 291 | Team::where('team_id', $request->input('teamId'))->update([ 292 | 'admin' => true 293 | ]); 294 | return APIReturn::success(); 295 | } catch (\Exception $e) { 296 | return APIReturn::error("database_error", "数据库读写错误", 500); 297 | } 298 | } 299 | 300 | /** 301 | * 强制重设密码 302 | * @param Request $request 303 | * @return \Illuminate\Http\JsonResponse 304 | * @author Eridanus Sora 305 | */ 306 | public function forceResetPassword(Request $request) 307 | { 308 | $validator = \Validator::make($request->all(), [ 309 | 'teamId' => 'required|integer' 310 | ], [ 311 | 'teamId.required' => '缺少队伍ID字段', 312 | 'teamId.integer' => '队伍ID必须为整数' 313 | ]); 314 | 315 | if ($validator->fails()) { 316 | return APIReturn::error('invalid_parameters', $validator->errors()->all(), 400); 317 | } 318 | 319 | try { 320 | $newPassword = str_random("32"); 321 | $team = Team::find($request->input('teamId')); 322 | $team->password = bcrypt(hash('sha256', $newPassword)); 323 | $team->save(); 324 | return APIReturn::success([ 325 | 'newPassword' => $newPassword 326 | ]); 327 | } catch (\Exception $e) { 328 | return APIReturn::error("database_error", "数据库读写错误", 500); 329 | } 330 | } 331 | 332 | /** 333 | * 获得排行 334 | * @param Request $request 335 | * @return \Illuminate\Http\JsonResponse 336 | * @author Eridanus Sora 337 | */ 338 | public function getRanking(Request $request) 339 | { 340 | $page = $request->input('page') ?? '1'; 341 | $withCount = $request->input('withCount') ?? false; 342 | try { 343 | $result = Team::where([ 344 | ['admin', '=', '0'], 345 | ['banned', '=', '0'] 346 | ])->orderByScore()->skip(($page - 1) * 20)->take(20)->get(); 347 | 348 | $result->makeHidden([ 349 | 'email', 'admin', 'banned', 'created_at', 'updated_at', 'lastLoginTime', 'signUpTime', 'flag', 'category_id', 'level_id', 'challenge_id', 'log_id', 'score', 'token' 350 | ]); 351 | 352 | // $result = $result->filter(function ($team) { 353 | // return $team->dynamic_total_score != 0; 354 | // }); 355 | // $groupByScore = $result->groupBy(function ($l){ 356 | // return (string)$l->dynamic_total_score; 357 | // }); 358 | // $groupByScore->map(function($g){ 359 | // return $g->sortBy('created_at'); 360 | // }); 361 | // $result = $groupByScore->flatten(); 362 | 363 | if (!$withCount) { 364 | return APIReturn::success([ 365 | "ranking" => $result 366 | ]); 367 | } else { 368 | $total = Team::count(); 369 | return APIReturn::success([ 370 | "ranking" => $result, 371 | "total" => $total 372 | ]); 373 | } 374 | } catch (\Exception $e) { 375 | dump($e); 376 | return APIReturn::error("database_error", "数据库读写错误", 500); 377 | } 378 | } 379 | 380 | public function tokenVerify(Request $request) 381 | { 382 | $token = $request->route('token'); 383 | try { 384 | $team = Team::where('token', $token)->firstOrFail(); 385 | return APIReturn::success($team->team_name); 386 | } catch (\Exception $e) { 387 | return APIReturn::error("", "", 404); 388 | } 389 | } 390 | } -------------------------------------------------------------------------------- /app/Http/Kernel.php: -------------------------------------------------------------------------------- 1 | [ 37 | \App\Http\Middleware\EncryptCookies::class, 38 | \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, 39 | \Illuminate\Session\Middleware\StartSession::class, 40 | // \Illuminate\Session\Middleware\AuthenticateSession::class, 41 | \Illuminate\View\Middleware\ShareErrorsFromSession::class, 42 | //\App\Http\Middleware\VerifyCsrfToken::class, 43 | \Illuminate\Routing\Middleware\SubstituteBindings::class, 44 | ], 45 | 46 | 'api' => [ 47 | // 'throttle:60,1', 48 | 'bindings', 49 | ], 50 | ]; 51 | 52 | /** 53 | * The application's route middleware. 54 | * 55 | * These middleware may be assigned to groups or used individually. 56 | * 57 | * @var array 58 | */ 59 | protected $routeMiddleware = [ 60 | 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 61 | 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 62 | 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 63 | 'can' => \Illuminate\Auth\Middleware\Authorize::class, 64 | 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 65 | 'throttle' => ThrottleRequests::class, 66 | 'jwt.auth' => GetUserFromToken::class, 67 | 'jwt.refresh' => \Tymon\JWTAuth\Middleware\RefreshToken::class, 68 | 'jwt.auth.mod' => \App\Http\Middleware\VerifyJWTToken::class, 69 | 'AdminCheck' => AdminCheck::class, // 管理员权限检查 70 | 'BlockCheck' => BlockCheck::class, 71 | 'TimeCheck' => TimeCheck::class 72 | ]; 73 | } 74 | -------------------------------------------------------------------------------- /app/Http/Middleware/AdminCheck.php: -------------------------------------------------------------------------------- 1 | 14 | */ 15 | class AdminCheck extends BaseMiddleware 16 | { 17 | /** 18 | * Handle an incoming request. 19 | * 20 | * @param \Illuminate\Http\Request $request 21 | * @param \Closure $next 22 | * @return mixed 23 | */ 24 | public function handle($request, Closure $next) 25 | { 26 | $token = $this->auth->setRequest($request)->getToken(); 27 | $user = $this->auth->authenticate($token); 28 | if ($user->admin) { 29 | return $next($request); 30 | } 31 | return \APIReturn::error("permission_denied", "本操作需要管理员权限", 403); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /app/Http/Middleware/BlockCheck.php: -------------------------------------------------------------------------------- 1 | auth->setRequest($request)->getToken(); 20 | $user = $this->auth->authenticate($token); 21 | if (!$user->banned) { 22 | return $next($request); 23 | } 24 | return \APIReturn::error("banned", "您已经被封禁", 403); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /app/Http/Middleware/EncryptCookies.php: -------------------------------------------------------------------------------- 1 | has('language')){ 13 | \App::setLocale($request->input('language')); 14 | } 15 | return $next($request); 16 | } 17 | } -------------------------------------------------------------------------------- /app/Http/Middleware/RedirectIfAuthenticated.php: -------------------------------------------------------------------------------- 1 | check()) { 21 | return redirect('/home'); 22 | } 23 | 24 | return $next($request); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /app/Http/Middleware/ThrottleRequests.php: -------------------------------------------------------------------------------- 1 | resolveRequestSignature($request); 29 | 30 | $maxAttempts = $this->resolveMaxAttempts($request, $maxAttempts); 31 | 32 | if ($this->limiter->tooManyAttempts($key, $maxAttempts, $decayMinutes)) { 33 | return APIReturn::error("too_many_requests", __("操作过于频繁"), 429); 34 | } 35 | 36 | $this->limiter->hit($key, $decayMinutes); 37 | 38 | $response = $next($request); 39 | 40 | return $this->addHeaders( 41 | $response, $maxAttempts, 42 | $this->calculateRemainingAttempts($key, $maxAttempts) 43 | ); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /app/Http/Middleware/TimeCheck.php: -------------------------------------------------------------------------------- 1 | 12 | */ 13 | class TimeCheck { 14 | public function handle($request, Closure $next){ 15 | $config = collect(\DB::table("config")->get())->pluck('value', 'key'); 16 | $start = Carbon::parse($config["start_time"], 'UTC'); 17 | $end = Carbon::parse($config["end_time"], 'UTC'); 18 | $now = Carbon::now("Asia/Shanghai"); 19 | if ($now->lt($start) || $now->gt($end)){ 20 | return \APIReturn::error("under_maintenance", [ 21 | $start->toIso8601String(), 22 | $end->toIso8601String() 23 | ]); 24 | } 25 | else{ 26 | return $next($request); 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /app/Http/Middleware/TrimStrings.php: -------------------------------------------------------------------------------- 1 | auth->setRequest($request)->getToken()) { 26 | return \APIReturn::error('tymon.jwt.absent', 'token_not_provided', 400); 27 | } 28 | 29 | try { 30 | $user = $this->auth->authenticate($token); 31 | } catch (TokenExpiredException $e) { 32 | return \APIReturn::error('tymon.jwt.expired', 'token_expired', $e->getStatusCode()); 33 | } catch (JWTException $e) { 34 | return \APIReturn::error('tymon.jwt.invalid', 'token_invalid', $e->getStatusCode()); 35 | } 36 | 37 | if (!$user) { 38 | return \APIReturn::error('tymon.jwt.user_not_found', 'user_not_found', 404); 39 | } 40 | 41 | $this->events->fire('tymon.jwt.valid', $user); 42 | 43 | return $next($request); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /app/Level.php: -------------------------------------------------------------------------------- 1 | 'array' 18 | ]; 19 | 20 | public function getReleaseTimeAttribute($value){ 21 | return Carbon::parse($value, 'UTC')->toIso8601String(); 22 | } 23 | 24 | public function category() 25 | { 26 | return $this->belongsTo('App\Category', 'category_id', 'category_id'); 27 | } 28 | 29 | public function challenges() 30 | { 31 | return $this->hasMany('App\Challenge', 'level_id', 'level_id'); 32 | } 33 | 34 | public function logs() 35 | { 36 | return $this->hasMany('App\Log', "level_id", "level_id"); 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /app/Log.php: -------------------------------------------------------------------------------- 1 | belongsTo('App\Level', 'level_id', 'level_id'); 15 | } 16 | 17 | public function team(){ 18 | return $this->belongsTo('App\Team', 'team_id', 'team_id'); 19 | } 20 | 21 | public function challenge(){ 22 | return $this->belongsTo('App\Challenge', 'challenge_id', 'challenge_id'); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /app/Providers/APIReturnServiceProvider.php: -------------------------------------------------------------------------------- 1 | app->singleton('APIReturnService', function () { 28 | return new APIReturnService(); 29 | }); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /app/Providers/AppServiceProvider.php: -------------------------------------------------------------------------------- 1 | 'App\Policies\ModelPolicy', 17 | ]; 18 | 19 | /** 20 | * Register any authentication / authorization services. 21 | * 22 | * @return void 23 | */ 24 | public function boot() 25 | { 26 | $this->registerPolicies(); 27 | 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /app/Providers/BroadcastServiceProvider.php: -------------------------------------------------------------------------------- 1 | [ 17 | 'App\Listeners\EventListener', 18 | ], 19 | ]; 20 | 21 | /** 22 | * Register any events for your application. 23 | * 24 | * @return void 25 | */ 26 | public function boot() 27 | { 28 | parent::boot(); 29 | 30 | // 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /app/Providers/LoggerServiceProvider.php: -------------------------------------------------------------------------------- 1 | app->singleton('LoggerService', function () { 28 | return new LoggerService(); 29 | }); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /app/Providers/RouteServiceProvider.php: -------------------------------------------------------------------------------- 1 | mapApiRoutes(); 39 | 40 | $this->mapWebRoutes(); 41 | 42 | // 43 | } 44 | 45 | /** 46 | * Define the "web" routes for the application. 47 | * 48 | * These routes all receive session state, CSRF protection, etc. 49 | * 50 | * @return void 51 | */ 52 | protected function mapWebRoutes() 53 | { 54 | Route::middleware('web') 55 | ->namespace($this->namespace) 56 | ->group(base_path('routes/web.php')); 57 | } 58 | 59 | /** 60 | * Define the "api" routes for the application. 61 | * 62 | * These routes are typically stateless. 63 | * 64 | * @return void 65 | */ 66 | protected function mapApiRoutes() 67 | { 68 | Route::prefix('api') 69 | ->middleware('api') 70 | ->namespace($this->namespace) 71 | ->group(base_path('routes/api.php')); 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /app/Services/APIReturnService.php: -------------------------------------------------------------------------------- 1 | 9 | * @package App\Services 10 | */ 11 | class APIReturnService 12 | { 13 | /** 14 | * @param $status 15 | * @param $data 16 | * @param $httpCode 17 | * @param null $redirect 18 | * @return \Illuminate\Http\JsonResponse 19 | * @author Eridanus Sora 20 | */ 21 | protected function APIReturn($status, $data, $httpCode, $redirect = null) 22 | { 23 | $body = [ 24 | "status" => $status, 25 | "data" => $data 26 | ]; 27 | if ($redirect) { 28 | $body["redirect"] = $redirect; 29 | } 30 | return response()->json($body, $httpCode); 31 | } 32 | 33 | /** 34 | * @param array $data 返回数据 35 | * @param null $redirect 重定向 36 | * @return \Illuminate\Http\JsonResponse 37 | */ 38 | public function success($data = [], $redirect = null) 39 | { 40 | return $this->APIReturn('success', $data, 200, $redirect); 41 | } 42 | 43 | /** 44 | * @param string $code 错误代码 45 | * @param mixed $message 错误信息 46 | * @param int $httpCode 47 | * @param null $redirect 重定向 48 | * @return \Illuminate\Http\JsonResponse 49 | */ 50 | public function error($code, $message, $httpCode = 500, $redirect = null) 51 | { 52 | return $this->APIReturn('fail', [ 53 | 'error' => [ 54 | "code" => $code, 55 | "message" => $message 56 | ] 57 | ], $httpCode, $redirect); 58 | } 59 | } -------------------------------------------------------------------------------- /app/Services/LoggerService.php: -------------------------------------------------------------------------------- 1 | $level, 12 | "message" => $message 13 | ]); 14 | $newLog->save(); 15 | } catch (\Exception $e) { 16 | 17 | } 18 | } 19 | 20 | public function debug($message = "") 21 | { 22 | $this->create("DEBUG", $message); 23 | } 24 | 25 | public function info($message = "") 26 | { 27 | $this->create("INFO", $message); 28 | } 29 | 30 | public function notice($message = "") 31 | { 32 | $this->create("NOTICE", $message); 33 | } 34 | 35 | public function error($message = "") 36 | { 37 | $this->create("ERROR", $message); 38 | } 39 | 40 | public function critical($message = "") 41 | { 42 | $this->create("CRITICAL", $message); 43 | } 44 | 45 | public function alert($message = "") 46 | { 47 | $this->create("ALERT", $message); 48 | } 49 | 50 | public function emergency($message = "") 51 | { 52 | $this->create("EMERGENCY", $message); 53 | } 54 | 55 | } -------------------------------------------------------------------------------- /app/Services/RuleValidator.php: -------------------------------------------------------------------------------- 1 | 13 | */ 14 | class RuleValidator 15 | { 16 | private $teamId; 17 | private $rules; 18 | private $rulesHash; 19 | 20 | public function __construct($teamId, $rules) 21 | { 22 | $this->teamId = $teamId; 23 | $this->rules = collect($rules); 24 | $this->rulesHash = md5($this->rules->toJson()); 25 | 26 | // 实例化规则 27 | $this->rules = $this->rules->map(function ($rule) { 28 | if ($rule["type"] === "category") { 29 | $rule["compare"] = new CategoryPassCount($rule["compare"]["targetId"], $rule["compare"]["compareOperator"], $rule["compare"]["compareTo"]); 30 | } else { 31 | // TODO 32 | } 33 | return $rule; 34 | }); 35 | 36 | } 37 | 38 | /** 39 | * 检查是否通过验证 40 | * @param $logs 41 | * @return bool 42 | * @author Eridanus Sora 43 | */ 44 | public function check($logs) 45 | { 46 | $result = true; 47 | $this->rules->each(function ($rule) use (&$result, $logs) { 48 | if (array_key_exists("logicOperator", $rule)) { 49 | if ($rule["logicOperator"] === "and") { 50 | $result = $result && $rule["compare"]->check($logs); 51 | } else if ($rule["logicOperator"] === "or") { 52 | $result = $result || $rule["compare"]->check($logs); 53 | } else { 54 | // TODO: Invalid Logic Operator 55 | } 56 | } else { 57 | $result = $rule["compare"]->check($logs); 58 | } 59 | }); 60 | // 记录开放时间 61 | if ($result === true) { 62 | if (!Cache::has($this->teamId . '-' . $this->rulesHash)) { 63 | Cache::forever($this->teamId . '-' . $this->rulesHash, Carbon::now()->toIso8601String()); 64 | } 65 | } 66 | return $result; 67 | } 68 | 69 | /** 70 | * 开放至今的时间 单位秒 71 | * @return int 72 | * @author Eridanus Sora 73 | */ 74 | public function secondsAfterOpen() 75 | { 76 | if (!Cache::has($this->teamId . '-' . $this->rulesHash)) { 77 | return 0; 78 | } else { 79 | return Carbon::parse(Cache::get($this->teamId . '-' . $this->rulesHash))->diffInSeconds(Carbon::now()); 80 | } 81 | } 82 | } -------------------------------------------------------------------------------- /app/Services/Rules/BaseRule.php: -------------------------------------------------------------------------------- 1 | categoryId = $categoryId; 14 | $this->compareOperator = $compareOperator; 15 | $this->compareTo = $compareTo; 16 | } 17 | 18 | public function check($logs) 19 | { 20 | $passCount = collect($logs)->filter(function ($log) { 21 | return $log->category_id === $this->categoryId; 22 | })->count(); 23 | if ($this->compareOperator === "gt") { 24 | return $passCount > $this->compareTo; 25 | } else if ($this->compareOperator === "lt") { 26 | return $passCount < $this->compareTo; 27 | } else { 28 | return $passCount === $this->compareTo; 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /app/Services/ScoreService.php: -------------------------------------------------------------------------------- 1 | | auto_increment | 17 | * | team_name | varchar(255) | NO | | | | 18 | * | email | varchar(255) | YES | UNI | | | 19 | * | password | varchar(255) | NO | | | | 20 | * | signUpTime | datetime | NO | | | | 21 | * | lastLoginTime | datetime | NO | | | | 22 | * | score | decimal(8,2) | NO | | 0.00 | | 23 | * | banned | tinyint(1) | NO | | 0 | | 24 | * | remember_token | varchar(100) | YES | | | | 25 | * 26 | */ 27 | protected $fillable = [ 28 | 'team_name', 'email', 'password', 'signUpTime', 'lastLoginTime', 'token' 29 | ]; 30 | 31 | /** 32 | * The attributes that should be hidden for arrays. 33 | * 34 | * @var array 35 | */ 36 | protected $hidden = [ 37 | 'password', 'remember_token' 38 | ]; 39 | 40 | protected $primaryKey = "team_id"; 41 | 42 | protected $casts = [ 43 | 'admin' => 'boolean', 44 | 'banned' => 'boolean', 45 | 'dynamic_total_score' => 'float' 46 | ]; 47 | 48 | public $timestamps = false; 49 | 50 | public function logs() 51 | { 52 | return $this->hasMany("App\Log", "team_id", "team_id"); 53 | } 54 | 55 | /** 56 | * 分数和 57 | * @return float 58 | * @author Eridanus Sora 59 | */ 60 | public function getScoreAttribute() 61 | { 62 | return floatval($this->logs()->sum('score')); 63 | } 64 | 65 | /** 66 | * 按分数排行 67 | * @param $query 68 | * @param string $order 69 | * @return mixed 70 | * @author Eridanus Sora 71 | */ 72 | public function scopeOrderByScore($query, $order = "desc") 73 | { 74 | return $query->leftJoin('logs', function ($join) { 75 | $join->on('logs.team_id', '=', 'teams.team_id')->where('status', '=', 'correct'); 76 | }) 77 | ->groupBy(['teams.team_id']) 78 | ->addSelect(['*', \DB::raw('sum(logs.score) as dynamic_total_score')]) 79 | ->orderBy('dynamic_total_score', $order); 80 | } 81 | } -------------------------------------------------------------------------------- /artisan: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env php 2 | make(Illuminate\Contracts\Console\Kernel::class); 32 | 33 | $status = $kernel->handle( 34 | $input = new Symfony\Component\Console\Input\ArgvInput, 35 | new Symfony\Component\Console\Output\ConsoleOutput 36 | ); 37 | 38 | /* 39 | |-------------------------------------------------------------------------- 40 | | Shutdown The Application 41 | |-------------------------------------------------------------------------- 42 | | 43 | | Once Artisan has finished running, we will fire off the shutdown events 44 | | so that any final work may be done by the application before we shut 45 | | down the process. This is the last thing to happen to the request. 46 | | 47 | */ 48 | 49 | $kernel->terminate($input, $status); 50 | 51 | exit($status); 52 | -------------------------------------------------------------------------------- /bootstrap/app.php: -------------------------------------------------------------------------------- 1 | singleton( 30 | Illuminate\Contracts\Http\Kernel::class, 31 | App\Http\Kernel::class 32 | ); 33 | 34 | $app->singleton( 35 | Illuminate\Contracts\Console\Kernel::class, 36 | App\Console\Kernel::class 37 | ); 38 | 39 | $app->singleton( 40 | Illuminate\Contracts\Debug\ExceptionHandler::class, 41 | App\Exceptions\Handler::class 42 | ); 43 | 44 | /* 45 | |-------------------------------------------------------------------------- 46 | | Return The Application 47 | |-------------------------------------------------------------------------- 48 | | 49 | | This script returns the application instance. The instance is given to 50 | | the calling script so we can separate the building of the instances 51 | | from the actual running of the application and sending responses. 52 | | 53 | */ 54 | 55 | return $app; 56 | -------------------------------------------------------------------------------- /bootstrap/autoload.php: -------------------------------------------------------------------------------- 1 | =7.0", 9 | "ext-json": "*", 10 | "barryvdh/laravel-cors": "^0.9.2", 11 | "barryvdh/laravel-ide-helper": "^2.4", 12 | "doctrine/dbal": "^2.6", 13 | "laravel/framework": "5.5.*", 14 | "laravel/passport": "^3.0", 15 | "laravel/tinker": "~1.0", 16 | "tymon/jwt-auth": "^0.5.12" 17 | }, 18 | "require-dev": { 19 | "fzaninotto/faker": "~1.4", 20 | "mockery/mockery": "0.9.*", 21 | "phpunit/phpunit": "~6.0" 22 | }, 23 | "autoload": { 24 | "classmap": [ 25 | "database/seeds", 26 | "database/factories" 27 | ], 28 | "psr-4": { 29 | "App\\": "app/" 30 | } 31 | }, 32 | "autoload-dev": { 33 | "psr-4": { 34 | "Tests\\": "tests/" 35 | } 36 | }, 37 | "scripts": { 38 | "post-root-package-install": [ 39 | "php -r \"file_exists('.env') || copy('.env.example', '.env');\"" 40 | ], 41 | "post-create-project-cmd": [ 42 | "php artisan key:generate" 43 | ], 44 | "post-install-cmd": [ 45 | "Illuminate\\Foundation\\ComposerScripts::postInstall", 46 | "php artisan optimize" 47 | ], 48 | "post-update-cmd": [ 49 | "Illuminate\\Foundation\\ComposerScripts::postUpdate", 50 | "php artisan optimize" 51 | ] 52 | }, 53 | "config": { 54 | "preferred-install": "dist", 55 | "sort-packages": true, 56 | "optimize-autoloader": true, 57 | "platform": { 58 | "php": "7.1.7" 59 | } 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /config/app.php: -------------------------------------------------------------------------------- 1 | env('APP_NAME', 'Laravel'), 16 | 17 | /* 18 | |-------------------------------------------------------------------------- 19 | | Application Environment 20 | |-------------------------------------------------------------------------- 21 | | 22 | | This value determines the "environment" your application is currently 23 | | running in. This may determine how you prefer to configure various 24 | | services your application utilizes. Set this in your ".env" file. 25 | | 26 | */ 27 | 28 | 'env' => env('APP_ENV', 'production'), 29 | 30 | /* 31 | |-------------------------------------------------------------------------- 32 | | Application Debug Mode 33 | |-------------------------------------------------------------------------- 34 | | 35 | | When your application is in debug mode, detailed error messages with 36 | | stack traces will be shown on every error that occurs within your 37 | | application. If disabled, a simple generic error page is shown. 38 | | 39 | */ 40 | 41 | 'debug' => env('APP_DEBUG', false), 42 | 43 | /* 44 | |-------------------------------------------------------------------------- 45 | | Application URL 46 | |-------------------------------------------------------------------------- 47 | | 48 | | This URL is used by the console to properly generate URLs when using 49 | | the Artisan command line tool. You should set this to the root of 50 | | your application so that it is used when running Artisan tasks. 51 | | 52 | */ 53 | 54 | 'url' => env('APP_URL', 'http://localhost'), 55 | 56 | /* 57 | |-------------------------------------------------------------------------- 58 | | Application Timezone 59 | |-------------------------------------------------------------------------- 60 | | 61 | | Here you may specify the default timezone for your application, which 62 | | will be used by the PHP date and date-time functions. We have gone 63 | | ahead and set this to a sensible default for you out of the box. 64 | | 65 | */ 66 | 67 | 'timezone' => 'Asia/Shanghai', 68 | 69 | /* 70 | |-------------------------------------------------------------------------- 71 | | Application Locale Configuration 72 | |-------------------------------------------------------------------------- 73 | | 74 | | The application locale determines the default locale that will be used 75 | | by the translation service provider. You are free to set this value 76 | | to any of the locales which will be supported by the application. 77 | | 78 | */ 79 | 80 | 'locale' => 'en', 81 | 82 | /* 83 | |-------------------------------------------------------------------------- 84 | | Application Fallback Locale 85 | |-------------------------------------------------------------------------- 86 | | 87 | | The fallback locale determines the locale to use when the current one 88 | | is not available. You may change the value to correspond to any of 89 | | the language folders that are provided through your application. 90 | | 91 | */ 92 | 93 | 'fallback_locale' => 'en', 94 | 95 | /* 96 | |-------------------------------------------------------------------------- 97 | | Encryption Key 98 | |-------------------------------------------------------------------------- 99 | | 100 | | This key is used by the Illuminate encrypter service and should be set 101 | | to a random, 32 character string, otherwise these encrypted strings 102 | | will not be safe. Please do this before deploying an application! 103 | | 104 | */ 105 | 106 | 'key' => env('APP_KEY'), 107 | 108 | 'cipher' => 'AES-256-CBC', 109 | 110 | /* 111 | |-------------------------------------------------------------------------- 112 | | Logging Configuration 113 | |-------------------------------------------------------------------------- 114 | | 115 | | Here you may configure the log settings for your application. Out of 116 | | the box, Laravel uses the Monolog PHP logging library. This gives 117 | | you a variety of powerful log handlers / formatters to utilize. 118 | | 119 | | Available Settings: "single", "daily", "syslog", "errorlog" 120 | | 121 | */ 122 | 123 | 'log' => env('APP_LOG', 'single'), 124 | 125 | 'log_level' => env('APP_LOG_LEVEL', 'debug'), 126 | 127 | /* 128 | |-------------------------------------------------------------------------- 129 | | Autoloaded Service Providers 130 | |-------------------------------------------------------------------------- 131 | | 132 | | The service providers listed here will be automatically loaded on the 133 | | request to your application. Feel free to add your own services to 134 | | this array to grant expanded functionality to your applications. 135 | | 136 | */ 137 | 138 | 'providers' => [ 139 | 140 | /* 141 | * Laravel Framework Service Providers... 142 | */ 143 | Illuminate\Auth\AuthServiceProvider::class, 144 | //Illuminate\Broadcasting\BroadcastServiceProvider::class, 145 | Illuminate\Bus\BusServiceProvider::class, 146 | Illuminate\Cache\CacheServiceProvider::class, 147 | Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class, 148 | Illuminate\Cookie\CookieServiceProvider::class, 149 | Illuminate\Database\DatabaseServiceProvider::class, 150 | Illuminate\Encryption\EncryptionServiceProvider::class, 151 | Illuminate\Filesystem\FilesystemServiceProvider::class, 152 | Illuminate\Foundation\Providers\FoundationServiceProvider::class, 153 | Illuminate\Hashing\HashServiceProvider::class, 154 | //Illuminate\Mail\MailServiceProvider::class, 155 | //Illuminate\Notifications\NotificationServiceProvider::class, 156 | //Illuminate\Pagination\PaginationServiceProvider::class, 157 | Illuminate\Pipeline\PipelineServiceProvider::class, 158 | Illuminate\Queue\QueueServiceProvider::class, 159 | Illuminate\Redis\RedisServiceProvider::class, 160 | //Illuminate\Auth\Passwords\PasswordResetServiceProvider::class, 161 | Illuminate\Session\SessionServiceProvider::class, 162 | Illuminate\Translation\TranslationServiceProvider::class, 163 | Illuminate\Validation\ValidationServiceProvider::class, 164 | Illuminate\View\ViewServiceProvider::class, 165 | 166 | /* 167 | * Package Service Providers... 168 | */ 169 | Laravel\Tinker\TinkerServiceProvider::class, 170 | 171 | /* 172 | * Application Service Providers... 173 | */ 174 | App\Providers\AppServiceProvider::class, 175 | App\Providers\AuthServiceProvider::class, 176 | // App\Providers\BroadcastServiceProvider::class, 177 | App\Providers\EventServiceProvider::class, 178 | App\Providers\RouteServiceProvider::class, 179 | 180 | /** 181 | * Repository Providers 182 | */ 183 | 184 | /** 185 | * Custom Providers 186 | */ 187 | Barryvdh\LaravelIdeHelper\IdeHelperServiceProvider::class, // IDE Helper 188 | App\Providers\APIReturnServiceProvider::class, 189 | \App\Providers\LoggerServiceProvider::class, 190 | Tymon\JWTAuth\Providers\JWTAuthServiceProvider::class, 191 | ], 192 | 193 | /* 194 | |-------------------------------------------------------------------------- 195 | | Class Aliases 196 | |-------------------------------------------------------------------------- 197 | | 198 | | This array of class aliases will be registered when this application 199 | | is started. However, feel free to register as many as you wish as 200 | | the aliases are "lazy" loaded so they don't hinder performance. 201 | | 202 | */ 203 | 204 | 'aliases' => [ 205 | 206 | 'App' => Illuminate\Support\Facades\App::class, 207 | 'Artisan' => Illuminate\Support\Facades\Artisan::class, 208 | 'Auth' => Illuminate\Support\Facades\Auth::class, 209 | 'Blade' => Illuminate\Support\Facades\Blade::class, 210 | 'Broadcast' => Illuminate\Support\Facades\Broadcast::class, 211 | 'Bus' => Illuminate\Support\Facades\Bus::class, 212 | 'Cache' => Illuminate\Support\Facades\Cache::class, 213 | 'Config' => Illuminate\Support\Facades\Config::class, 214 | 'Cookie' => Illuminate\Support\Facades\Cookie::class, 215 | 'Crypt' => Illuminate\Support\Facades\Crypt::class, 216 | 'DB' => Illuminate\Support\Facades\DB::class, 217 | 'Eloquent' => Illuminate\Database\Eloquent\Model::class, 218 | 'Event' => Illuminate\Support\Facades\Event::class, 219 | 'File' => Illuminate\Support\Facades\File::class, 220 | 'Gate' => Illuminate\Support\Facades\Gate::class, 221 | 'Hash' => Illuminate\Support\Facades\Hash::class, 222 | 'Lang' => Illuminate\Support\Facades\Lang::class, 223 | 'Log' => Illuminate\Support\Facades\Log::class, 224 | 'Mail' => Illuminate\Support\Facades\Mail::class, 225 | 'Notification' => Illuminate\Support\Facades\Notification::class, 226 | 'Password' => Illuminate\Support\Facades\Password::class, 227 | 'Queue' => Illuminate\Support\Facades\Queue::class, 228 | 'Redirect' => Illuminate\Support\Facades\Redirect::class, 229 | 'Redis' => Illuminate\Support\Facades\Redis::class, 230 | 'Request' => Illuminate\Support\Facades\Request::class, 231 | 'Response' => Illuminate\Support\Facades\Response::class, 232 | 'Route' => Illuminate\Support\Facades\Route::class, 233 | 'Schema' => Illuminate\Support\Facades\Schema::class, 234 | 'Session' => Illuminate\Support\Facades\Session::class, 235 | 'Storage' => Illuminate\Support\Facades\Storage::class, 236 | 'URL' => Illuminate\Support\Facades\URL::class, 237 | 'Validator' => Illuminate\Support\Facades\Validator::class, 238 | 'View' => Illuminate\Support\Facades\View::class, 239 | 240 | /** 241 | * Custom Facades 242 | */ 243 | 'APIReturn' => \App\Facades\APIReturnFacade::class, 244 | 'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class, 245 | 'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class, 246 | 'Logger' => \App\Facades\LoggerFacade::class 247 | 248 | ], 249 | 250 | ]; 251 | -------------------------------------------------------------------------------- /config/auth.php: -------------------------------------------------------------------------------- 1 | [ 17 | 'guard' => 'web', 18 | 'passwords' => 'users', 19 | ], 20 | 21 | /* 22 | |-------------------------------------------------------------------------- 23 | | Authentication Guards 24 | |-------------------------------------------------------------------------- 25 | | 26 | | Next, you may define every authentication guard for your application. 27 | | Of course, a great default configuration has been defined for you 28 | | here which uses session storage and the Eloquent user provider. 29 | | 30 | | All authentication drivers have a user provider. This defines how the 31 | | users are actually retrieved out of your database or other storage 32 | | mechanisms used by this application to persist your user's data. 33 | | 34 | | Supported: "session", "token" 35 | | 36 | */ 37 | 38 | 'guards' => [ 39 | 'web' => [ 40 | 'driver' => 'session', 41 | 'provider' => 'users', 42 | ], 43 | 44 | 'api' => [ 45 | 'driver' => 'token', 46 | 'provider' => 'users', 47 | ], 48 | ], 49 | 50 | /* 51 | |-------------------------------------------------------------------------- 52 | | User Providers 53 | |-------------------------------------------------------------------------- 54 | | 55 | | All authentication drivers have a user provider. This defines how the 56 | | users are actually retrieved out of your database or other storage 57 | | mechanisms used by this application to persist your user's data. 58 | | 59 | | If you have multiple user tables or models you may configure multiple 60 | | sources which represent each model / table. These sources may then 61 | | be assigned to any extra authentication guards you have defined. 62 | | 63 | | Supported: "database", "eloquent" 64 | | 65 | */ 66 | 67 | 'providers' => [ 68 | 'users' => [ 69 | 'driver' => 'eloquent', 70 | 'model' => App\Team::class, 71 | ], 72 | 73 | // 'users' => [ 74 | // 'driver' => 'database', 75 | // 'table' => 'users', 76 | // ], 77 | ], 78 | 79 | /* 80 | |-------------------------------------------------------------------------- 81 | | Resetting Passwords 82 | |-------------------------------------------------------------------------- 83 | | 84 | | You may specify multiple password reset configurations if you have more 85 | | than one user table or model in the application and you want to have 86 | | separate password reset settings based on the specific user types. 87 | | 88 | | The expire time is the number of minutes that the reset token should be 89 | | considered valid. This security feature keeps tokens short-lived so 90 | | they have less time to be guessed. You may change this as needed. 91 | | 92 | */ 93 | 94 | 'passwords' => [ 95 | 'users' => [ 96 | 'provider' => 'users', 97 | 'table' => 'password_resets', 98 | 'expire' => 60, 99 | ], 100 | ], 101 | 102 | ]; 103 | -------------------------------------------------------------------------------- /config/broadcasting.php: -------------------------------------------------------------------------------- 1 | env('BROADCAST_DRIVER', 'null'), 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Broadcast Connections 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may define all of the broadcast connections that will be used 26 | | to broadcast events to other systems or over websockets. Samples of 27 | | each available type of connection are provided inside this array. 28 | | 29 | */ 30 | 31 | 'connections' => [ 32 | 33 | 'pusher' => [ 34 | 'driver' => 'pusher', 35 | 'key' => env('PUSHER_APP_KEY'), 36 | 'secret' => env('PUSHER_APP_SECRET'), 37 | 'app_id' => env('PUSHER_APP_ID'), 38 | 'options' => [ 39 | // 40 | ], 41 | ], 42 | 43 | 'redis' => [ 44 | 'driver' => 'redis', 45 | 'connection' => 'default', 46 | ], 47 | 48 | 'log' => [ 49 | 'driver' => 'log', 50 | ], 51 | 52 | 'null' => [ 53 | 'driver' => 'null', 54 | ], 55 | 56 | ], 57 | 58 | ]; 59 | -------------------------------------------------------------------------------- /config/cache.php: -------------------------------------------------------------------------------- 1 | env('CACHE_DRIVER', 'database'), 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Cache Stores 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may define all of the cache "stores" for your application as 26 | | well as their drivers. You may even define multiple stores for the 27 | | same cache driver to group types of items stored in your caches. 28 | | 29 | */ 30 | 31 | 'stores' => [ 32 | 33 | 'apc' => [ 34 | 'driver' => 'apc', 35 | ], 36 | 37 | 'array' => [ 38 | 'driver' => 'array', 39 | ], 40 | 41 | 'database' => [ 42 | 'driver' => 'database', 43 | 'table' => 'cache', 44 | 'connection' => null, 45 | ], 46 | 47 | 'file' => [ 48 | 'driver' => 'file', 49 | 'path' => storage_path('framework/cache/data'), 50 | ], 51 | 52 | 'memcached' => [ 53 | 'driver' => 'memcached', 54 | 'persistent_id' => env('MEMCACHED_PERSISTENT_ID'), 55 | 'sasl' => [ 56 | env('MEMCACHED_USERNAME'), 57 | env('MEMCACHED_PASSWORD'), 58 | ], 59 | 'options' => [ 60 | // Memcached::OPT_CONNECT_TIMEOUT => 2000, 61 | ], 62 | 'servers' => [ 63 | [ 64 | 'host' => env('MEMCACHED_HOST', '127.0.0.1'), 65 | 'port' => env('MEMCACHED_PORT', 11211), 66 | 'weight' => 100, 67 | ], 68 | ], 69 | ], 70 | 71 | 'redis' => [ 72 | 'driver' => 'redis', 73 | 'connection' => 'default', 74 | ], 75 | 76 | ], 77 | 78 | /* 79 | |-------------------------------------------------------------------------- 80 | | Cache Key Prefix 81 | |-------------------------------------------------------------------------- 82 | | 83 | | When utilizing a RAM based store such as APC or Memcached, there might 84 | | be other applications utilizing the same cache. So, we'll specify a 85 | | value to get prefixed to all our keys so we can avoid collisions. 86 | | 87 | */ 88 | 89 | 'prefix' => 'laravel', 90 | 91 | ]; 92 | -------------------------------------------------------------------------------- /config/database.php: -------------------------------------------------------------------------------- 1 | env('DB_CONNECTION', 'mysql'), 17 | 18 | /* 19 | |-------------------------------------------------------------------------- 20 | | Database Connections 21 | |-------------------------------------------------------------------------- 22 | | 23 | | Here are each of the database connections setup for your application. 24 | | Of course, examples of configuring each database platform that is 25 | | supported by Laravel is shown below to make development simple. 26 | | 27 | | 28 | | All database work in Laravel is done through the PHP PDO facilities 29 | | so make sure you have the driver for your particular database of 30 | | choice installed on your machine before you begin development. 31 | | 32 | */ 33 | 34 | 'connections' => [ 35 | 36 | 'sqlite' => [ 37 | 'driver' => 'sqlite', 38 | 'database' => env('DB_DATABASE', database_path('database.sqlite')), 39 | 'prefix' => '', 40 | ], 41 | 42 | 'mysql' => [ 43 | 'driver' => 'mysql', 44 | 'host' => env('DB_HOST', '127.0.0.1'), 45 | 'port' => env('DB_PORT', '3306'), 46 | 'database' => env('DB_DATABASE', 'forge'), 47 | 'username' => env('DB_USERNAME', 'forge'), 48 | 'password' => env('DB_PASSWORD', ''), 49 | 'unix_socket' => env('DB_SOCKET', ''), 50 | 'charset' => 'utf8mb4', 51 | 'collation' => 'utf8mb4_unicode_ci', 52 | 'prefix' => '', 53 | 'strict' => false, 54 | 'engine' => null, 55 | ], 56 | 57 | 'pgsql' => [ 58 | 'driver' => 'pgsql', 59 | 'host' => env('DB_HOST', '127.0.0.1'), 60 | 'port' => env('DB_PORT', '5432'), 61 | 'database' => env('DB_DATABASE', 'forge'), 62 | 'username' => env('DB_USERNAME', 'forge'), 63 | 'password' => env('DB_PASSWORD', ''), 64 | 'charset' => 'utf8', 65 | 'prefix' => '', 66 | 'schema' => 'public', 67 | 'sslmode' => 'prefer', 68 | ], 69 | 70 | 'sqlsrv' => [ 71 | 'driver' => 'sqlsrv', 72 | 'host' => env('DB_HOST', 'localhost'), 73 | 'port' => env('DB_PORT', '1433'), 74 | 'database' => env('DB_DATABASE', 'forge'), 75 | 'username' => env('DB_USERNAME', 'forge'), 76 | 'password' => env('DB_PASSWORD', ''), 77 | 'charset' => 'utf8', 78 | 'prefix' => '', 79 | ], 80 | 81 | ], 82 | 83 | /* 84 | |-------------------------------------------------------------------------- 85 | | Migration Repository Table 86 | |-------------------------------------------------------------------------- 87 | | 88 | | This table keeps track of all the migrations that have already run for 89 | | your application. Using this information, we can determine which of 90 | | the migrations on disk haven't actually been run in the database. 91 | | 92 | */ 93 | 94 | 'migrations' => 'migrations', 95 | 96 | /* 97 | |-------------------------------------------------------------------------- 98 | | Redis Databases 99 | |-------------------------------------------------------------------------- 100 | | 101 | | Redis is an open source, fast, and advanced key-value store that also 102 | | provides a richer set of commands than a typical key-value systems 103 | | such as APC or Memcached. Laravel makes it easy to dig right in. 104 | | 105 | */ 106 | 107 | 'redis' => [ 108 | 109 | 'client' => 'predis', 110 | 111 | 'default' => [ 112 | 'host' => env('REDIS_HOST', '127.0.0.1'), 113 | 'password' => env('REDIS_PASSWORD', null), 114 | 'port' => env('REDIS_PORT', 6379), 115 | 'database' => 0, 116 | ], 117 | 118 | ], 119 | 120 | ]; 121 | -------------------------------------------------------------------------------- /config/filesystems.php: -------------------------------------------------------------------------------- 1 | env('FILESYSTEM_DRIVER', 'local'), 17 | 18 | /* 19 | |-------------------------------------------------------------------------- 20 | | Default Cloud Filesystem Disk 21 | |-------------------------------------------------------------------------- 22 | | 23 | | Many applications store files both locally and in the cloud. For this 24 | | reason, you may specify a default "cloud" driver here. This driver 25 | | will be bound as the Cloud disk implementation in the container. 26 | | 27 | */ 28 | 29 | 'cloud' => env('FILESYSTEM_CLOUD', 's3'), 30 | 31 | /* 32 | |-------------------------------------------------------------------------- 33 | | Filesystem Disks 34 | |-------------------------------------------------------------------------- 35 | | 36 | | Here you may configure as many filesystem "disks" as you wish, and you 37 | | may even configure multiple disks of the same driver. Defaults have 38 | | been setup for each driver as an example of the required options. 39 | | 40 | | Supported Drivers: "local", "ftp", "s3", "rackspace" 41 | | 42 | */ 43 | 44 | 'disks' => [ 45 | 46 | 'local' => [ 47 | 'driver' => 'local', 48 | 'root' => storage_path('app'), 49 | ], 50 | 51 | 'public' => [ 52 | 'driver' => 'local', 53 | 'root' => storage_path('app/public'), 54 | 'url' => env('APP_URL').'/storage', 55 | 'visibility' => 'public', 56 | ], 57 | 58 | 's3' => [ 59 | 'driver' => 's3', 60 | 'key' => env('AWS_KEY'), 61 | 'secret' => env('AWS_SECRET'), 62 | 'region' => env('AWS_REGION'), 63 | 'bucket' => env('AWS_BUCKET'), 64 | ], 65 | 66 | ], 67 | 68 | ]; 69 | -------------------------------------------------------------------------------- /config/jwt.php: -------------------------------------------------------------------------------- 1 | 7 | * 8 | * For the full copyright and license information, please view the LICENSE 9 | * file that was distributed with this source code. 10 | */ 11 | 12 | return [ 13 | 14 | /* 15 | |-------------------------------------------------------------------------- 16 | | JWT Authentication Secret 17 | |-------------------------------------------------------------------------- 18 | | 19 | | Don't forget to set this, as it will be used to sign your tokens. 20 | | A helper command is provided for this: `php artisan jwt:generate` 21 | | 22 | */ 23 | 24 | 'secret' => env('JWT_SECRET', '1Ma44OhpL6TD3RdUcNf4OI5vEvZnqzMp'), 25 | 26 | /* 27 | |-------------------------------------------------------------------------- 28 | | JWT time to live 29 | |-------------------------------------------------------------------------- 30 | | 31 | | Specify the length of time (in minutes) that the token will be valid for. 32 | | Defaults to 1 hour 33 | | 34 | */ 35 | 36 | 'ttl' => 60, 37 | 38 | /* 39 | |-------------------------------------------------------------------------- 40 | | Refresh time to live 41 | |-------------------------------------------------------------------------- 42 | | 43 | | Specify the length of time (in minutes) that the token can be refreshed 44 | | within. I.E. The user can refresh their token within a 2 week window of 45 | | the original token being created until they must re-authenticate. 46 | | Defaults to 2 weeks 47 | | 48 | */ 49 | 50 | 'refresh_ttl' => 20160, 51 | 52 | /* 53 | |-------------------------------------------------------------------------- 54 | | JWT hashing algorithm 55 | |-------------------------------------------------------------------------- 56 | | 57 | | Specify the hashing algorithm that will be used to sign the token. 58 | | 59 | | See here: https://github.com/namshi/jose/tree/2.2.0/src/Namshi/JOSE/Signer 60 | | for possible values 61 | | 62 | */ 63 | 64 | 'algo' => 'HS256', 65 | 66 | /* 67 | |-------------------------------------------------------------------------- 68 | | User Model namespace 69 | |-------------------------------------------------------------------------- 70 | | 71 | | Specify the full namespace to your User model. 72 | | e.g. 'Acme\Entities\User' 73 | | 74 | */ 75 | 76 | 'user' => 'App\Team', 77 | 78 | /* 79 | |-------------------------------------------------------------------------- 80 | | User identifier 81 | |-------------------------------------------------------------------------- 82 | | 83 | | Specify a unique property of the user that will be added as the 'sub' 84 | | claim of the token payload. 85 | | 86 | */ 87 | 88 | 'identifier' => 'team_id', 89 | 90 | /* 91 | |-------------------------------------------------------------------------- 92 | | Required Claims 93 | |-------------------------------------------------------------------------- 94 | | 95 | | Specify the required claims that must exist in any token. 96 | | A TokenInvalidException will be thrown if any of these claims are not 97 | | present in the payload. 98 | | 99 | */ 100 | 101 | 'required_claims' => ['iss', 'iat', 'exp', 'nbf', 'sub', 'jti'], 102 | 103 | /* 104 | |-------------------------------------------------------------------------- 105 | | Blacklist Enabled 106 | |-------------------------------------------------------------------------- 107 | | 108 | | In order to invalidate tokens, you must have the blacklist enabled. 109 | | If you do not want or need this functionality, then set this to false. 110 | | 111 | */ 112 | 113 | 'blacklist_enabled' => env('JWT_BLACKLIST_ENABLED', false), 114 | 115 | /* 116 | |-------------------------------------------------------------------------- 117 | | Providers 118 | |-------------------------------------------------------------------------- 119 | | 120 | | Specify the various providers used throughout the package. 121 | | 122 | */ 123 | 124 | 'providers' => [ 125 | 126 | /* 127 | |-------------------------------------------------------------------------- 128 | | User Provider 129 | |-------------------------------------------------------------------------- 130 | | 131 | | Specify the provider that is used to find the user based 132 | | on the subject claim 133 | | 134 | */ 135 | 136 | 'user' => 'Tymon\JWTAuth\Providers\User\EloquentUserAdapter', 137 | 138 | /* 139 | |-------------------------------------------------------------------------- 140 | | JWT Provider 141 | |-------------------------------------------------------------------------- 142 | | 143 | | Specify the provider that is used to create and decode the tokens. 144 | | 145 | */ 146 | 147 | 'jwt' => 'Tymon\JWTAuth\Providers\JWT\NamshiAdapter', 148 | 149 | /* 150 | |-------------------------------------------------------------------------- 151 | | Authentication Provider 152 | |-------------------------------------------------------------------------- 153 | | 154 | | Specify the provider that is used to authenticate users. 155 | | 156 | */ 157 | 158 | 'auth' => 'Tymon\JWTAuth\Providers\Auth\IlluminateAuthAdapter', 159 | 160 | /* 161 | |-------------------------------------------------------------------------- 162 | | Storage Provider 163 | |-------------------------------------------------------------------------- 164 | | 165 | | Specify the provider that is used to store tokens in the blacklist 166 | | 167 | */ 168 | 169 | 'storage' => 'Tymon\JWTAuth\Providers\Storage\IlluminateCacheAdapter', 170 | 171 | ], 172 | 173 | ]; 174 | -------------------------------------------------------------------------------- /config/mail.php: -------------------------------------------------------------------------------- 1 | env('MAIL_DRIVER', 'smtp'), 20 | 21 | /* 22 | |-------------------------------------------------------------------------- 23 | | SMTP Host Address 24 | |-------------------------------------------------------------------------- 25 | | 26 | | Here you may provide the host address of the SMTP server used by your 27 | | applications. A default option is provided that is compatible with 28 | | the Mailgun mail service which will provide reliable deliveries. 29 | | 30 | */ 31 | 32 | 'host' => env('MAIL_HOST', 'smtp.mailgun.org'), 33 | 34 | /* 35 | |-------------------------------------------------------------------------- 36 | | SMTP Host Port 37 | |-------------------------------------------------------------------------- 38 | | 39 | | This is the SMTP port used by your application to deliver e-mails to 40 | | users of the application. Like the host we have set this value to 41 | | stay compatible with the Mailgun e-mail application by default. 42 | | 43 | */ 44 | 45 | 'port' => env('MAIL_PORT', 587), 46 | 47 | /* 48 | |-------------------------------------------------------------------------- 49 | | Global "From" Address 50 | |-------------------------------------------------------------------------- 51 | | 52 | | You may wish for all e-mails sent by your application to be sent from 53 | | the same address. Here, you may specify a name and address that is 54 | | used globally for all e-mails that are sent by your application. 55 | | 56 | */ 57 | 58 | 'from' => [ 59 | 'address' => env('MAIL_FROM_ADDRESS', 'hello@example.com'), 60 | 'name' => env('MAIL_FROM_NAME', 'Example'), 61 | ], 62 | 63 | /* 64 | |-------------------------------------------------------------------------- 65 | | E-Mail Encryption Protocol 66 | |-------------------------------------------------------------------------- 67 | | 68 | | Here you may specify the encryption protocol that should be used when 69 | | the application send e-mail messages. A sensible default using the 70 | | transport layer security protocol should provide great security. 71 | | 72 | */ 73 | 74 | 'encryption' => env('MAIL_ENCRYPTION', 'tls'), 75 | 76 | /* 77 | |-------------------------------------------------------------------------- 78 | | SMTP Server Username 79 | |-------------------------------------------------------------------------- 80 | | 81 | | If your SMTP server requires a username for authentication, you should 82 | | set it here. This will get used to authenticate with your server on 83 | | connection. You may also set the "password" value below this one. 84 | | 85 | */ 86 | 87 | 'username' => env('MAIL_USERNAME'), 88 | 89 | 'password' => env('MAIL_PASSWORD'), 90 | 91 | /* 92 | |-------------------------------------------------------------------------- 93 | | Sendmail System Path 94 | |-------------------------------------------------------------------------- 95 | | 96 | | When using the "sendmail" driver to send e-mails, we will need to know 97 | | the path to where Sendmail lives on this server. A default path has 98 | | been provided here, which will work well on most of your systems. 99 | | 100 | */ 101 | 102 | 'sendmail' => '/usr/sbin/sendmail -bs', 103 | 104 | /* 105 | |-------------------------------------------------------------------------- 106 | | Markdown Mail Settings 107 | |-------------------------------------------------------------------------- 108 | | 109 | | If you are using Markdown based email rendering, you may configure your 110 | | theme and component paths here, allowing you to customize the design 111 | | of the emails. Or, you may simply stick with the Laravel defaults! 112 | | 113 | */ 114 | 115 | 'markdown' => [ 116 | 'theme' => 'default', 117 | 118 | 'paths' => [ 119 | resource_path('views/vendor/mail'), 120 | ], 121 | ], 122 | 123 | ]; 124 | -------------------------------------------------------------------------------- /config/queue.php: -------------------------------------------------------------------------------- 1 | env('QUEUE_DRIVER', 'sync'), 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Queue Connections 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may configure the connection information for each server that 26 | | is used by your application. A default configuration has been added 27 | | for each back-end shipped with Laravel. You are free to add more. 28 | | 29 | */ 30 | 31 | 'connections' => [ 32 | 33 | 'sync' => [ 34 | 'driver' => 'sync', 35 | ], 36 | 37 | 'database' => [ 38 | 'driver' => 'database', 39 | 'table' => 'jobs', 40 | 'queue' => 'default', 41 | 'retry_after' => 90, 42 | ], 43 | 44 | 'beanstalkd' => [ 45 | 'driver' => 'beanstalkd', 46 | 'host' => 'localhost', 47 | 'queue' => 'default', 48 | 'retry_after' => 90, 49 | ], 50 | 51 | 'sqs' => [ 52 | 'driver' => 'sqs', 53 | 'key' => 'your-public-key', 54 | 'secret' => 'your-secret-key', 55 | 'prefix' => 'https://sqs.us-east-1.amazonaws.com/your-account-id', 56 | 'queue' => 'your-queue-name', 57 | 'region' => 'us-east-1', 58 | ], 59 | 60 | 'redis' => [ 61 | 'driver' => 'redis', 62 | 'connection' => 'default', 63 | 'queue' => 'default', 64 | 'retry_after' => 90, 65 | ], 66 | 67 | ], 68 | 69 | /* 70 | |-------------------------------------------------------------------------- 71 | | Failed Queue Jobs 72 | |-------------------------------------------------------------------------- 73 | | 74 | | These options configure the behavior of failed queue job logging so you 75 | | can control which database and table are used to store the jobs that 76 | | have failed. You may change them to any database / table you wish. 77 | | 78 | */ 79 | 80 | 'failed' => [ 81 | 'database' => env('DB_CONNECTION', 'mysql'), 82 | 'table' => 'failed_jobs', 83 | ], 84 | 85 | ]; 86 | -------------------------------------------------------------------------------- /config/services.php: -------------------------------------------------------------------------------- 1 | [ 18 | 'domain' => env('MAILGUN_DOMAIN'), 19 | 'secret' => env('MAILGUN_SECRET'), 20 | ], 21 | 22 | 'ses' => [ 23 | 'key' => env('SES_KEY'), 24 | 'secret' => env('SES_SECRET'), 25 | 'region' => 'us-east-1', 26 | ], 27 | 28 | 'sparkpost' => [ 29 | 'secret' => env('SPARKPOST_SECRET'), 30 | ], 31 | 32 | 'stripe' => [ 33 | 'model' => App\User::class, 34 | 'key' => env('STRIPE_KEY'), 35 | 'secret' => env('STRIPE_SECRET'), 36 | ], 37 | 38 | ]; 39 | -------------------------------------------------------------------------------- /config/session.php: -------------------------------------------------------------------------------- 1 | env('SESSION_DRIVER', 'file'), 20 | 21 | /* 22 | |-------------------------------------------------------------------------- 23 | | Session Lifetime 24 | |-------------------------------------------------------------------------- 25 | | 26 | | Here you may specify the number of minutes that you wish the session 27 | | to be allowed to remain idle before it expires. If you want them 28 | | to immediately expire on the browser closing, set that option. 29 | | 30 | */ 31 | 32 | 'lifetime' => 120, 33 | 34 | 'expire_on_close' => false, 35 | 36 | /* 37 | |-------------------------------------------------------------------------- 38 | | Session Encryption 39 | |-------------------------------------------------------------------------- 40 | | 41 | | This option allows you to easily specify that all of your session data 42 | | should be encrypted before it is stored. All encryption will be run 43 | | automatically by Laravel and you can use the Session like normal. 44 | | 45 | */ 46 | 47 | 'encrypt' => false, 48 | 49 | /* 50 | |-------------------------------------------------------------------------- 51 | | Session File Location 52 | |-------------------------------------------------------------------------- 53 | | 54 | | When using the native session driver, we need a location where session 55 | | files may be stored. A default has been set for you but a different 56 | | location may be specified. This is only needed for file sessions. 57 | | 58 | */ 59 | 60 | 'files' => storage_path('framework/sessions'), 61 | 62 | /* 63 | |-------------------------------------------------------------------------- 64 | | Session Database Connection 65 | |-------------------------------------------------------------------------- 66 | | 67 | | When using the "database" or "redis" session drivers, you may specify a 68 | | connection that should be used to manage these sessions. This should 69 | | correspond to a connection in your database configuration options. 70 | | 71 | */ 72 | 73 | 'connection' => null, 74 | 75 | /* 76 | |-------------------------------------------------------------------------- 77 | | Session Database Table 78 | |-------------------------------------------------------------------------- 79 | | 80 | | When using the "database" session driver, you may specify the table we 81 | | should use to manage the sessions. Of course, a sensible default is 82 | | provided for you; however, you are free to change this as needed. 83 | | 84 | */ 85 | 86 | 'table' => 'sessions', 87 | 88 | /* 89 | |-------------------------------------------------------------------------- 90 | | Session Cache Store 91 | |-------------------------------------------------------------------------- 92 | | 93 | | When using the "apc" or "memcached" session drivers, you may specify a 94 | | cache store that should be used for these sessions. This value must 95 | | correspond with one of the application's configured cache stores. 96 | | 97 | */ 98 | 99 | 'store' => null, 100 | 101 | /* 102 | |-------------------------------------------------------------------------- 103 | | Session Sweeping Lottery 104 | |-------------------------------------------------------------------------- 105 | | 106 | | Some session drivers must manually sweep their storage location to get 107 | | rid of old sessions from storage. Here are the chances that it will 108 | | happen on a given request. By default, the odds are 2 out of 100. 109 | | 110 | */ 111 | 112 | 'lottery' => [2, 100], 113 | 114 | /* 115 | |-------------------------------------------------------------------------- 116 | | Session Cookie Name 117 | |-------------------------------------------------------------------------- 118 | | 119 | | Here you may change the name of the cookie used to identify a session 120 | | instance by ID. The name specified here will get used every time a 121 | | new session cookie is created by the framework for every driver. 122 | | 123 | */ 124 | 125 | 'cookie' => 'laravel_session', 126 | 127 | /* 128 | |-------------------------------------------------------------------------- 129 | | Session Cookie Path 130 | |-------------------------------------------------------------------------- 131 | | 132 | | The session cookie path determines the path for which the cookie will 133 | | be regarded as available. Typically, this will be the root path of 134 | | your application but you are free to change this when necessary. 135 | | 136 | */ 137 | 138 | 'path' => '/', 139 | 140 | /* 141 | |-------------------------------------------------------------------------- 142 | | Session Cookie Domain 143 | |-------------------------------------------------------------------------- 144 | | 145 | | Here you may change the domain of the cookie used to identify a session 146 | | in your application. This will determine which domains the cookie is 147 | | available to in your application. A sensible default has been set. 148 | | 149 | */ 150 | 151 | 'domain' => env('SESSION_DOMAIN', null), 152 | 153 | /* 154 | |-------------------------------------------------------------------------- 155 | | HTTPS Only Cookies 156 | |-------------------------------------------------------------------------- 157 | | 158 | | By setting this option to true, session cookies will only be sent back 159 | | to the server if the browser has a HTTPS connection. This will keep 160 | | the cookie from being sent to you if it can not be done securely. 161 | | 162 | */ 163 | 164 | 'secure' => env('SESSION_SECURE_COOKIE', false), 165 | 166 | /* 167 | |-------------------------------------------------------------------------- 168 | | HTTP Access Only 169 | |-------------------------------------------------------------------------- 170 | | 171 | | Setting this value to true will prevent JavaScript from accessing the 172 | | value of the cookie and the cookie will only be accessible through 173 | | the HTTP protocol. You are free to modify this option if needed. 174 | | 175 | */ 176 | 177 | 'http_only' => true, 178 | 179 | ]; 180 | -------------------------------------------------------------------------------- /config/view.php: -------------------------------------------------------------------------------- 1 | [ 17 | resource_path('views'), 18 | ], 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Compiled View Path 23 | |-------------------------------------------------------------------------- 24 | | 25 | | This option determines where all the compiled Blade templates will be 26 | | stored for your application. Typically, this is within the storage 27 | | directory. However, as usual, you are free to change this value. 28 | | 29 | */ 30 | 31 | 'compiled' => realpath(storage_path('framework/views')), 32 | 33 | ]; 34 | -------------------------------------------------------------------------------- /database/.gitignore: -------------------------------------------------------------------------------- 1 | *.sqlite 2 | -------------------------------------------------------------------------------- /database/factories/LogFactory.php: -------------------------------------------------------------------------------- 1 | define(App\Log::class, function(Faker\Generator $faker){ 4 | return [ 5 | 'challenge_id' => 1, 6 | 'team_id' => random_int(1, 51), 7 | 'level_id' => 1, 8 | 'status' => 'correct', 9 | 'flag' => 'fake_flag', 10 | 'score' => random_int(100, 300), 11 | 'created_at' => $faker->dateTimeBetween('+7 days', '+9 days') 12 | ]; 13 | }); -------------------------------------------------------------------------------- /database/factories/ModelFactory.php: -------------------------------------------------------------------------------- 1 | define(App\User::class, function (Faker\Generator $faker) { 16 | static $password; 17 | 18 | return [ 19 | 'name' => $faker->name, 20 | 'email' => $faker->unique()->safeEmail, 21 | 'password' => $password ?: $password = bcrypt('secret'), 22 | 'remember_token' => str_random(10), 23 | ]; 24 | }); 25 | -------------------------------------------------------------------------------- /database/factories/TeamFactory.php: -------------------------------------------------------------------------------- 1 | define(App\Team::class, function (Faker\Generator $faker) { 4 | return [ 5 | 'team_name' => $faker->name, 6 | 'email' => $faker->unique()->safeEmail, 7 | 'password' => bcrypt(hash('sha256', str_random(32))), 8 | 'token' => str_random(32) 9 | ]; 10 | }); -------------------------------------------------------------------------------- /database/migrations/2017_08_21_120744_create_team_table.php: -------------------------------------------------------------------------------- 1 | increments('id'); 18 | $table->string('teamName')->unique(); // Display Name 19 | $table->string('email')->unique(); // Login Name 20 | $table->string('password'); 21 | $table->dateTimeTz('signUpTime'); 22 | $table->dateTimeTz('lastLoginTime'); 23 | $table->decimal('score')->default(0); 24 | $table->boolean('banned')->default(0); 25 | $table->rememberToken(); 26 | $table->timestamps(); 27 | }); 28 | } 29 | 30 | /** 31 | * Reverse the migrations. 32 | * 33 | * @return void 34 | */ 35 | public function down() 36 | { 37 | Schema::dropIfExists('teams'); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /database/migrations/2017_09_02_122006_add_admin_column_to_team_table.php: -------------------------------------------------------------------------------- 1 | boolean('admin')->default(0); 18 | }); 19 | } 20 | 21 | /** 22 | * Reverse the migrations. 23 | * 24 | * @return void 25 | */ 26 | public function down() 27 | { 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /database/migrations/2017_09_04_030244_add_question_table.php: -------------------------------------------------------------------------------- 1 | increments('id'); 18 | $table->string("title"); 19 | $table->string("url"); 20 | $table->text("description"); 21 | $table->decimal("score"); 22 | $table->dateTimeTz("release_time"); 23 | $table->timestamps(); 24 | }); 25 | } 26 | 27 | /** 28 | * Reverse the migrations. 29 | * 30 | * @return void 31 | */ 32 | public function down() 33 | { 34 | Schema::dropIfExists('questions'); 35 | Schema::dropIfExists('challenges'); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /database/migrations/2017_09_04_031726_add_flag_table.php: -------------------------------------------------------------------------------- 1 | increments("id"); 18 | $table->integer("qid"); 19 | $table->string("flag"); 20 | $table->timestamps(); 21 | }); 22 | } 23 | 24 | /** 25 | * Reverse the migrations. 26 | * 27 | * @return void 28 | */ 29 | public function down() 30 | { 31 | Schema::dropIfExists('flags'); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /database/migrations/2017_09_08_124811_rename_question_table_to_challenge.php: -------------------------------------------------------------------------------- 1 | increments("category_id"); 18 | $table->string("category_name"); 19 | $table->timestamps(); 20 | }); 21 | } 22 | 23 | /** 24 | * Reverse the migrations. 25 | * 26 | * @return void 27 | */ 28 | public function down() 29 | { 30 | Schema::dropIfExists('categorys'); 31 | Schema::dropIfExists('categories'); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /database/migrations/2017_09_10_052508_rename_some_columns.php: -------------------------------------------------------------------------------- 1 | renameColumn("id", "team_id"); 18 | $table->renameColumn("teamName", "team_name"); 19 | }); 20 | Schema::table("challenges", function (Blueprint $table){ 21 | $table->renameColumn("id", "challenge_id"); 22 | }); 23 | Schema::table("flags", function (Blueprint $table){ 24 | $table->renameColumn("id", "flag_id"); 25 | $table->renameColumn("qid", "challenge_id"); 26 | }); 27 | } 28 | 29 | /** 30 | * Reverse the migrations. 31 | * 32 | * @return void 33 | */ 34 | public function down() 35 | { 36 | // 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /database/migrations/2017_09_10_061818_add_level_table.php: -------------------------------------------------------------------------------- 1 | increments("level_id"); 18 | $table->string("level_name"); 19 | $table->text("rules"); 20 | $table->dateTimeTz("release_time"); 21 | $table->timestamps(); 22 | }); 23 | } 24 | 25 | /** 26 | * Reverse the migrations. 27 | * 28 | * @return void 29 | */ 30 | public function down() 31 | { 32 | Schema::dropIfExists('levels'); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /database/migrations/2017_09_10_062950_rename_categorys_to_categories.php: -------------------------------------------------------------------------------- 1 | integer("level_id")->after("score"); 18 | }); 19 | } 20 | 21 | /** 22 | * Reverse the migrations. 23 | * 24 | * @return void 25 | */ 26 | public function down() 27 | { 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /database/migrations/2017_09_10_074003_add_category_id_column_to_level_table.php: -------------------------------------------------------------------------------- 1 | integer("category_id")->after("rules"); 18 | }); 19 | } 20 | 21 | /** 22 | * Reverse the migrations. 23 | * 24 | * @return void 25 | */ 26 | public function down() 27 | { 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /database/migrations/2017_09_16_015423_add_columns_to_challenge_and_flag_table.php: -------------------------------------------------------------------------------- 1 | integer('team_id')->after('flag'); 18 | }); 19 | Schema::table("challenges", function(Blueprint $table){ 20 | $table->text('config')->after('release_time'); 21 | }); 22 | } 23 | 24 | /** 25 | * Reverse the migrations. 26 | * 27 | * @return void 28 | */ 29 | public function down() 30 | { 31 | // 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /database/migrations/2017_09_16_125233_add_default_value_to_teamid_column_in_flag_table.php: -------------------------------------------------------------------------------- 1 | integer('team_id')->after('flag')->default(0)->change(); 18 | }); 19 | } 20 | 21 | /** 22 | * Reverse the migrations. 23 | * 24 | * @return void 25 | */ 26 | public function down() 27 | { 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /database/migrations/2017_09_18_064058_add_log_table.php: -------------------------------------------------------------------------------- 1 | increments("log_id"); 18 | $table->integer("team_id"); 19 | $table->integer("challenge_id"); 20 | $table->integer("level_id"); 21 | $table->integer("category_id"); 22 | $table->string("status"); 23 | $table->string("flag"); 24 | $table->decimal("score"); 25 | $table->timestamps(); 26 | }); 27 | } 28 | 29 | /** 30 | * Reverse the migrations. 31 | * 32 | * @return void 33 | */ 34 | public function down() 35 | { 36 | // 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /database/migrations/2017_09_20_075514_add_cache_table.php: -------------------------------------------------------------------------------- 1 | string('key')->unique(); 18 | $table->text('value'); 19 | $table->integer('expiration'); 20 | }); 21 | } 22 | 23 | /** 24 | * Reverse the migrations. 25 | * 26 | * @return void 27 | */ 28 | public function down() 29 | { 30 | // 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /database/migrations/2017_09_22_092011_add_system_log_table.php: -------------------------------------------------------------------------------- 1 | increments('id'); 18 | $table->string('message', 500); 19 | $table->enum('level', [ 20 | 'DEBUG', 21 | 'INFO', 22 | 'NOTICE', 23 | 'WARNING', 24 | 'ERROR', 25 | 'CRITICAL', 26 | 'ALERT', 27 | 'EMERGENCY' 28 | ])->default('INFO'); 29 | $table->timestamps(); 30 | }); 31 | } 32 | 33 | /** 34 | * Reverse the migrations. 35 | * 36 | * @return void 37 | */ 38 | public function down() 39 | { 40 | // 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /database/migrations/2017_09_24_042255_delete_score_column_in_team_table.php: -------------------------------------------------------------------------------- 1 | dropColumn('score'); 18 | }); 19 | } 20 | 21 | /** 22 | * Reverse the migrations. 23 | * 24 | * @return void 25 | */ 26 | public function down() 27 | { 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /database/migrations/2017_09_25_142940_add_back_score_column_to_team_table.php: -------------------------------------------------------------------------------- 1 | decimal('score')->after('banned'); 18 | }); 19 | } 20 | 21 | /** 22 | * Reverse the migrations. 23 | * 24 | * @return void 25 | */ 26 | public function down() 27 | { 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /database/migrations/2017_10_08_090551_add_token_column_to_team_table.php: -------------------------------------------------------------------------------- 1 | string("token")->after("score"); 18 | }); 19 | } 20 | 21 | /** 22 | * Reverse the migrations. 23 | * 24 | * @return void 25 | */ 26 | public function down() 27 | { 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /database/migrations/2017_10_11_104929_add_is_dynamic_flag_column_to_challenge_table.php: -------------------------------------------------------------------------------- 1 | boolean("is_dynamic_flag")->after("release_time"); 18 | }); 19 | } 20 | 21 | /** 22 | * Reverse the migrations. 23 | * 24 | * @return void 25 | */ 26 | public function down() 27 | { 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /database/migrations/2017_10_26_154016_add_config_table.php: -------------------------------------------------------------------------------- 1 | string('key')->unique(); 18 | $table->string('value'); 19 | }); 20 | } 21 | 22 | /** 23 | * Reverse the migrations. 24 | * 25 | * @return void 26 | */ 27 | public function down() 28 | { 29 | // 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /database/migrations/2017_11_08_134052_add_bulletin_table.php: -------------------------------------------------------------------------------- 1 | increments("bulletin_id"); 18 | $table->string("title"); 19 | $table->text("content"); 20 | }); 21 | } 22 | 23 | /** 24 | * Reverse the migrations. 25 | * 26 | * @return void 27 | */ 28 | public function down() 29 | { 30 | // 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /database/migrations/2018_10_12_161641_add_index_for_log_table.php: -------------------------------------------------------------------------------- 1 | index('category_id'); 18 | $table->index('team_id'); 19 | $table->index('level_id'); 20 | $table->index('challenge_id'); 21 | }); 22 | } 23 | 24 | /** 25 | * Reverse the migrations. 26 | * 27 | * @return void 28 | */ 29 | public function down() 30 | { 31 | // 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /database/seeds/ConfigTableSeeder.php: -------------------------------------------------------------------------------- 1 | delete(); 15 | 16 | $config = [ 17 | [ 18 | 'key' => 'start_time', 19 | 'value' => '2017-11-11T08:00:00+08:00' 20 | ], 21 | [ 22 | 'key' => 'end_time', 23 | 'value' => '2017-11-13T08:00:00+08:00' 24 | ], 25 | [ 26 | 'key' => 'flag_prefix', 27 | 'value' => 'hctf{' 28 | ], 29 | [ 30 | 'key' => 'flag_suffix', 31 | 'value' => '}' 32 | ] 33 | ]; 34 | 35 | DB::table('config')->insert($config); 36 | } 37 | } -------------------------------------------------------------------------------- /database/seeds/TeamTableSeeder.php: -------------------------------------------------------------------------------- 1 | delete(); 17 | 18 | $teams = [ 19 | [ 20 | 'team_name' => 'Vidar', 21 | 'email' => 'aklis@vidar.club', 22 | 'password' => bcrypt(hash('sha256', 'aklis@hctf')), 23 | 'signUpTime' => Carbon::now('Asia/Shanghai'), 24 | 'admin' => true, 25 | 'banned' => false, 26 | 'token' => str_random("32"), 27 | 'lastLoginTime' => Carbon::now('Asia/Shanghai'), 28 | ], 29 | [ 30 | 'team_name' => 'HDUISA', 31 | 'email' => 'birdway@vidar.club', 32 | 'password' => bcrypt(hash('sha256', 'aklis@hctf')), 33 | 'signUpTime' => Carbon::now('Asia/Shanghai'), 34 | 'admin' => false, 35 | 'banned' => false, 36 | 'token' => str_random("32"), 37 | 'lastLoginTime' => Carbon::now('Asia/Shanghai'), 38 | ], 39 | ]; 40 | 41 | DB::table('teams')->insert($teams); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "private": true, 3 | "scripts": { 4 | "dev": "npm run development", 5 | "development": "cross-env NODE_ENV=development node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js", 6 | "watch": "cross-env NODE_ENV=development node_modules/webpack/bin/webpack.js --watch --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js", 7 | "watch-poll": "npm run watch -- --watch-poll", 8 | "hot": "cross-env NODE_ENV=development node_modules/webpack-dev-server/bin/webpack-dev-server.js --inline --hot --config=node_modules/laravel-mix/setup/webpack.config.js", 9 | "prod": "npm run production", 10 | "production": "cross-env NODE_ENV=production node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js" 11 | }, 12 | "devDependencies": { 13 | "axios": "^0.18.1", 14 | "bootstrap-sass": "^3.4.1", 15 | "cross-env": "^5.0.1", 16 | "jquery": "^3.5.0", 17 | "laravel-mix": "^1.0", 18 | "lodash": "^4.17.13", 19 | "vue": "^2.1.10" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /phpunit.xml: -------------------------------------------------------------------------------- 1 | 2 | 11 | 12 | 13 | ./tests/Feature 14 | 15 | 16 | 17 | ./tests/Unit 18 | 19 | 20 | 21 | 22 | ./app 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /public/.htaccess: -------------------------------------------------------------------------------- 1 | 2 | 3 | Options -MultiViews 4 | 5 | 6 | RewriteEngine On 7 | 8 | # Redirect Trailing Slashes If Not A Folder... 9 | RewriteCond %{REQUEST_FILENAME} !-d 10 | RewriteRule ^(.*)/$ /$1 [L,R=301] 11 | 12 | # Handle Front Controller... 13 | RewriteCond %{REQUEST_FILENAME} !-d 14 | RewriteCond %{REQUEST_FILENAME} !-f 15 | RewriteRule ^ index.php [L] 16 | 17 | # Handle Authorization Header 18 | RewriteCond %{HTTP:Authorization} . 19 | RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 20 | 21 | -------------------------------------------------------------------------------- /public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vidar-team/hctf_backend/0fef9d6b86384fae04a8dd86a43b2804fd08d1a1/public/favicon.ico -------------------------------------------------------------------------------- /public/index.php: -------------------------------------------------------------------------------- 1 | 8 | */ 9 | 10 | /* 11 | |-------------------------------------------------------------------------- 12 | | Register The Auto Loader 13 | |-------------------------------------------------------------------------- 14 | | 15 | | Composer provides a convenient, automatically generated class loader for 16 | | our application. We just need to utilize it! We'll simply require it 17 | | into the script here so that we don't have to worry about manual 18 | | loading any of our classes later on. It feels great to relax. 19 | | 20 | */ 21 | 22 | require __DIR__.'/../bootstrap/autoload.php'; 23 | 24 | /* 25 | |-------------------------------------------------------------------------- 26 | | Turn On The Lights 27 | |-------------------------------------------------------------------------- 28 | | 29 | | We need to illuminate PHP development, so let us turn on the lights. 30 | | This bootstraps the framework and gets it ready for use, then it 31 | | will load up this application so that we can run it and send 32 | | the responses back to the browser and delight our users. 33 | | 34 | */ 35 | 36 | $app = require_once __DIR__.'/../bootstrap/app.php'; 37 | 38 | /* 39 | |-------------------------------------------------------------------------- 40 | | Run The Application 41 | |-------------------------------------------------------------------------- 42 | | 43 | | Once we have the application, we can handle the incoming request 44 | | through the kernel, and send the associated response back to 45 | | the client's browser allowing them to enjoy the creative 46 | | and wonderful application we have prepared for them. 47 | | 48 | */ 49 | 50 | $kernel = $app->make(Illuminate\Contracts\Http\Kernel::class); 51 | 52 | $response = $kernel->handle( 53 | $request = Illuminate\Http\Request::capture() 54 | ); 55 | 56 | $response->send(); 57 | 58 | $kernel->terminate($request, $response); 59 | -------------------------------------------------------------------------------- /public/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: 3 | -------------------------------------------------------------------------------- /resources/assets/js/app.js: -------------------------------------------------------------------------------- 1 | 2 | /** 3 | * First we will load all of this project's JavaScript dependencies which 4 | * includes Vue and other libraries. It is a great starting point when 5 | * building robust, powerful web applications using Vue and Laravel. 6 | */ 7 | 8 | require('./bootstrap'); 9 | 10 | window.Vue = require('vue'); 11 | 12 | /** 13 | * Next, we will create a fresh Vue application instance and attach it to 14 | * the page. Then, you may begin adding components to this application 15 | * or customize the JavaScript scaffolding to fit your unique needs. 16 | */ 17 | 18 | Vue.component('example', require('./components/Example.vue')); 19 | 20 | const app = new Vue({ 21 | el: '#app' 22 | }); 23 | -------------------------------------------------------------------------------- /resources/assets/js/bootstrap.js: -------------------------------------------------------------------------------- 1 | 2 | window._ = require('lodash'); 3 | 4 | /** 5 | * We'll load jQuery and the Bootstrap jQuery plugin which provides support 6 | * for JavaScript based Bootstrap features such as modals and tabs. This 7 | * code may be modified to fit the specific needs of your application. 8 | */ 9 | 10 | try { 11 | window.$ = window.jQuery = require('jquery'); 12 | 13 | require('bootstrap-sass'); 14 | } catch (e) {} 15 | 16 | /** 17 | * We'll load the axios HTTP library which allows us to easily issue requests 18 | * to our Laravel back-end. This library automatically handles sending the 19 | * CSRF token as a header based on the value of the "XSRF" token cookie. 20 | */ 21 | 22 | window.axios = require('axios'); 23 | 24 | window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest'; 25 | 26 | /** 27 | * Next we will register the CSRF Token as a common header with Axios so that 28 | * all outgoing HTTP requests automatically have it attached. This is just 29 | * a simple convenience so we don't have to attach every token manually. 30 | */ 31 | 32 | let token = document.head.querySelector('meta[name="csrf-token"]'); 33 | 34 | if (token) { 35 | window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content; 36 | } else { 37 | console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token'); 38 | } 39 | 40 | /** 41 | * Echo exposes an expressive API for subscribing to channels and listening 42 | * for events that are broadcast by Laravel. Echo and event broadcasting 43 | * allows your team to easily build robust real-time web applications. 44 | */ 45 | 46 | // import Echo from 'laravel-echo' 47 | 48 | // window.Pusher = require('pusher-js'); 49 | 50 | // window.Echo = new Echo({ 51 | // broadcaster: 'pusher', 52 | // key: 'your-pusher-key' 53 | // }); 54 | -------------------------------------------------------------------------------- /resources/assets/js/components/Example.vue: -------------------------------------------------------------------------------- 1 | 16 | 17 | 24 | -------------------------------------------------------------------------------- /resources/assets/sass/_variables.scss: -------------------------------------------------------------------------------- 1 | 2 | // Body 3 | $body-bg: #f5f8fa; 4 | 5 | // Borders 6 | $laravel-border-color: darken($body-bg, 10%); 7 | $list-group-border: $laravel-border-color; 8 | $navbar-default-border: $laravel-border-color; 9 | $panel-default-border: $laravel-border-color; 10 | $panel-inner-border: $laravel-border-color; 11 | 12 | // Brands 13 | $brand-primary: #3097D1; 14 | $brand-info: #8eb4cb; 15 | $brand-success: #2ab27b; 16 | $brand-warning: #cbb956; 17 | $brand-danger: #bf5329; 18 | 19 | // Typography 20 | $icon-font-path: "~bootstrap-sass/assets/fonts/bootstrap/"; 21 | $font-family-sans-serif: "Raleway", sans-serif; 22 | $font-size-base: 14px; 23 | $line-height-base: 1.6; 24 | $text-color: #636b6f; 25 | 26 | // Navbar 27 | $navbar-default-bg: #fff; 28 | 29 | // Buttons 30 | $btn-default-color: $text-color; 31 | 32 | // Inputs 33 | $input-border: lighten($text-color, 40%); 34 | $input-border-focus: lighten($brand-primary, 25%); 35 | $input-color-placeholder: lighten($text-color, 30%); 36 | 37 | // Panels 38 | $panel-default-heading-bg: #fff; 39 | -------------------------------------------------------------------------------- /resources/assets/sass/app.scss: -------------------------------------------------------------------------------- 1 | 2 | // Fonts 3 | @import url("https://fonts.googleapis.com/css?family=Raleway:300,400,600"); 4 | 5 | // Variables 6 | @import "variables"; 7 | 8 | // Bootstrap 9 | @import "~bootstrap-sass/assets/stylesheets/bootstrap"; 10 | -------------------------------------------------------------------------------- /resources/lang/en.json: -------------------------------------------------------------------------------- 1 | { 2 | "缺少队伍名字段": "Missing team name", 3 | "队伍名过长": "Team name too long.", 4 | "缺少 Email 字段": "Missing Email", 5 | "Email 字段不合法": "Invalid Email", 6 | "Email 过长": "Email too long", 7 | "缺少密码字段": "Missing password", 8 | "密码字段不合法": "Invalid password", 9 | "Email 与密码不匹配": "Unmatched credentials", 10 | "无法创建认证Token": "Fail to generate access token", 11 | "队伍或Email已经存在": "Duplicated team name or Email", 12 | 13 | "缺少 Flag 字段": "Missing flag", 14 | "Flag 不正确": "Incorrect flag", 15 | "Flag 已经提交过": "You have already submitted this flag", 16 | "队伍已被封禁": "You have been blocked", 17 | 18 | 19 | "数据库读写错误": "Database error", 20 | "操作过于频繁": "Too many requests. Please try again later.", 21 | "缺少 题目ID 字段": "Missing Challenge ID", 22 | "问题不存在": "Challenge not found" 23 | } -------------------------------------------------------------------------------- /resources/lang/en/auth.php: -------------------------------------------------------------------------------- 1 | 'These credentials do not match our records.', 17 | 'throttle' => 'Too many login attempts. Please try again in :seconds seconds.', 18 | 19 | ]; 20 | -------------------------------------------------------------------------------- /resources/lang/en/pagination.php: -------------------------------------------------------------------------------- 1 | '« Previous', 17 | 'next' => 'Next »', 18 | 19 | ]; 20 | -------------------------------------------------------------------------------- /resources/lang/en/passwords.php: -------------------------------------------------------------------------------- 1 | 'Passwords must be at least six characters and match the confirmation.', 17 | 'reset' => 'Your password has been reset!', 18 | 'sent' => 'We have e-mailed your password reset link!', 19 | 'token' => 'This password reset token is invalid.', 20 | 'user' => "We can't find a user with that e-mail address.", 21 | 22 | ]; 23 | -------------------------------------------------------------------------------- /resources/lang/en/validation.php: -------------------------------------------------------------------------------- 1 | 'The :attribute must be accepted.', 17 | 'active_url' => 'The :attribute is not a valid URL.', 18 | 'after' => 'The :attribute must be a date after :date.', 19 | 'after_or_equal' => 'The :attribute must be a date after or equal to :date.', 20 | 'alpha' => 'The :attribute may only contain letters.', 21 | 'alpha_dash' => 'The :attribute may only contain letters, numbers, and dashes.', 22 | 'alpha_num' => 'The :attribute may only contain letters and numbers.', 23 | 'array' => 'The :attribute must be an array.', 24 | 'before' => 'The :attribute must be a date before :date.', 25 | 'before_or_equal' => 'The :attribute must be a date before or equal to :date.', 26 | 'between' => [ 27 | 'numeric' => 'The :attribute must be between :min and :max.', 28 | 'file' => 'The :attribute must be between :min and :max kilobytes.', 29 | 'string' => 'The :attribute must be between :min and :max characters.', 30 | 'array' => 'The :attribute must have between :min and :max items.', 31 | ], 32 | 'boolean' => 'The :attribute field must be true or false.', 33 | 'confirmed' => 'The :attribute confirmation does not match.', 34 | 'date' => 'The :attribute is not a valid date.', 35 | 'date_format' => 'The :attribute does not match the format :format.', 36 | 'different' => 'The :attribute and :other must be different.', 37 | 'digits' => 'The :attribute must be :digits digits.', 38 | 'digits_between' => 'The :attribute must be between :min and :max digits.', 39 | 'dimensions' => 'The :attribute has invalid image dimensions.', 40 | 'distinct' => 'The :attribute field has a duplicate value.', 41 | 'email' => 'The :attribute must be a valid email address.', 42 | 'exists' => 'The selected :attribute is invalid.', 43 | 'file' => 'The :attribute must be a file.', 44 | 'filled' => 'The :attribute field must have a value.', 45 | 'image' => 'The :attribute must be an image.', 46 | 'in' => 'The selected :attribute is invalid.', 47 | 'in_array' => 'The :attribute field does not exist in :other.', 48 | 'integer' => 'The :attribute must be an integer.', 49 | 'ip' => 'The :attribute must be a valid IP address.', 50 | 'ipv4' => 'The :attribute must be a valid IPv4 address.', 51 | 'ipv6' => 'The :attribute must be a valid IPv6 address.', 52 | 'json' => 'The :attribute must be a valid JSON string.', 53 | 'max' => [ 54 | 'numeric' => 'The :attribute may not be greater than :max.', 55 | 'file' => 'The :attribute may not be greater than :max kilobytes.', 56 | 'string' => 'The :attribute may not be greater than :max characters.', 57 | 'array' => 'The :attribute may not have more than :max items.', 58 | ], 59 | 'mimes' => 'The :attribute must be a file of type: :values.', 60 | 'mimetypes' => 'The :attribute must be a file of type: :values.', 61 | 'min' => [ 62 | 'numeric' => 'The :attribute must be at least :min.', 63 | 'file' => 'The :attribute must be at least :min kilobytes.', 64 | 'string' => 'The :attribute must be at least :min characters.', 65 | 'array' => 'The :attribute must have at least :min items.', 66 | ], 67 | 'not_in' => 'The selected :attribute is invalid.', 68 | 'numeric' => 'The :attribute must be a number.', 69 | 'present' => 'The :attribute field must be present.', 70 | 'regex' => 'The :attribute format is invalid.', 71 | 'required' => 'The :attribute field is required.', 72 | 'required_if' => 'The :attribute field is required when :other is :value.', 73 | 'required_unless' => 'The :attribute field is required unless :other is in :values.', 74 | 'required_with' => 'The :attribute field is required when :values is present.', 75 | 'required_with_all' => 'The :attribute field is required when :values is present.', 76 | 'required_without' => 'The :attribute field is required when :values is not present.', 77 | 'required_without_all' => 'The :attribute field is required when none of :values are present.', 78 | 'same' => 'The :attribute and :other must match.', 79 | 'size' => [ 80 | 'numeric' => 'The :attribute must be :size.', 81 | 'file' => 'The :attribute must be :size kilobytes.', 82 | 'string' => 'The :attribute must be :size characters.', 83 | 'array' => 'The :attribute must contain :size items.', 84 | ], 85 | 'string' => 'The :attribute must be a string.', 86 | 'timezone' => 'The :attribute must be a valid zone.', 87 | 'unique' => 'The :attribute has already been taken.', 88 | 'uploaded' => 'The :attribute failed to upload.', 89 | 'url' => 'The :attribute format is invalid.', 90 | 91 | /* 92 | |-------------------------------------------------------------------------- 93 | | Custom Validation Language Lines 94 | |-------------------------------------------------------------------------- 95 | | 96 | | Here you may specify custom validation messages for attributes using the 97 | | convention "attribute.rule" to name the lines. This makes it quick to 98 | | specify a specific custom language line for a given attribute rule. 99 | | 100 | */ 101 | 102 | 'custom' => [ 103 | 'attribute-name' => [ 104 | 'rule-name' => 'custom-message', 105 | ], 106 | ], 107 | 108 | /* 109 | |-------------------------------------------------------------------------- 110 | | Custom Validation Attributes 111 | |-------------------------------------------------------------------------- 112 | | 113 | | The following language lines are used to swap attribute place-holders 114 | | with something more reader friendly such as E-Mail Address instead 115 | | of "email". This simply helps us make messages a little cleaner. 116 | | 117 | */ 118 | 119 | 'attributes' => [], 120 | 121 | ]; 122 | -------------------------------------------------------------------------------- /resources/views/welcome.blade.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Laravel 9 | 10 | 11 | 12 | 13 | 14 | 66 | 67 | 68 |
69 | @if (Route::has('login')) 70 |
71 | @auth 72 | Home 73 | @else 74 | Login 75 | Register 76 | @endauth 77 |
78 | @endif 79 | 80 |
81 |
82 | Laravel 83 |
84 | 85 |
86 | Documentation 87 | Laracasts 88 | News 89 | Forge 90 | GitHub 91 |
92 |
93 |
94 | 95 | 96 | -------------------------------------------------------------------------------- /routes/api.php: -------------------------------------------------------------------------------- 1 | get('/user', function (Request $request) { 17 | // return $request->user(); 18 | //}); -------------------------------------------------------------------------------- /routes/channels.php: -------------------------------------------------------------------------------- 1 | id === (int) $id; 16 | }); 17 | -------------------------------------------------------------------------------- /routes/console.php: -------------------------------------------------------------------------------- 1 | comment(Inspiring::quote()); 18 | })->describe('Display an inspiring quote'); 19 | -------------------------------------------------------------------------------- /routes/web.php: -------------------------------------------------------------------------------- 1 | 'API'], function () { 14 | Route::get('/', 'IndexController@index'); 15 | Route::group(['prefix' => 'Team'], function () { 16 | //Route::group(['middleware' => 'throttle:120'], function(){ 17 | Route::post('login', 'TeamController@login'); 18 | Route::post('register', 'TeamController@register'); 19 | Route::get('token', 'TeamController@tokenVerify'); 20 | //}); 21 | 22 | //Route::group(['middleware' => 'throttle:100'], function(){ 23 | Route::get('select', 'TeamController@publicListTeams'); 24 | Route::get('ranking', 'TeamController@getRanking'); 25 | //}); 26 | 27 | Route::group(['middleware' => 'jwt.auth.mod'], function () { 28 | Route::get('info', 'TeamController@getAuthInfo')->middleware(['jwt.refresh']); 29 | // Method Need Auth 30 | }); 31 | 32 | Route::group(['middleware' => ['jwt.auth.mod', 'AdminCheck']], function () { 33 | Route::get('list', 'TeamController@listTeams'); 34 | Route::get('search', 'TeamController@search'); 35 | Route::post('ban', 'TeamController@banTeam'); 36 | Route::post('unban', 'TeamController@unbanTeam'); 37 | Route::post('setAdmin', 'TeamController@setAdmin'); 38 | Route::post('forceResetPassword', 'TeamController@forceResetPassword'); 39 | }); 40 | }); 41 | 42 | Route::group(['prefix' => 'Category', 'middlewaire' => ''], function () { 43 | Route::group(['middleware' => ['jwt.auth.mod', 'AdminCheck']], function () { 44 | Route::get('list', 'CategoryController@list'); 45 | Route::post('create', 'CategoryController@create'); 46 | Route::post('deleteCategory', 'CategoryController@deleteCategory'); 47 | }); 48 | }); 49 | 50 | Route::group(['prefix' => 'Level'], function () { 51 | Route::group(['middleware' => ['jwt.auth.mod', 'AdminCheck']], function () { 52 | Route::get('info', 'LevelController@info'); 53 | Route::post('setName', 'LevelController@setName'); 54 | Route::post('setReleaseTime', 'LevelController@setReleaseTime'); 55 | Route::post('setRules', 'LevelController@setRules'); 56 | Route::post('deleteLevel', 'LevelController@deleteLevel'); 57 | Route::post('create', 'LevelController@create'); 58 | }); 59 | }); 60 | 61 | Route::group(['prefix' => 'Challenge'], function () { 62 | Route::group(['middleware' => ['jwt.auth.mod', 'AdminCheck']], function () { 63 | Route::post('create', 'ChallengeController@create'); 64 | Route::get('info', 'ChallengeController@info'); 65 | Route::post('edit', 'ChallengeController@editChallenge'); 66 | Route::get('getFlags', 'ChallengeController@getFlagsInfo'); 67 | Route::post('deleteFlags', 'ChallengeController@deleteAllFlags'); 68 | Route::post('addFlags', 'ChallengeController@addFlags'); 69 | Route::post('resetScore', 'ChallengeController@resetScore'); 70 | Route::post('delete', 'ChallengeController@deleteChallenge'); 71 | }); 72 | 73 | Route::group(['middleware' => ['jwt.auth.mod', 'TimeCheck']], function () { 74 | Route::get('list', 'ChallengeController@list'); 75 | Route::get('solvedTeams', 'ChallengeController@getSolvedTeams'); 76 | }); 77 | 78 | Route::group(['middleware' => ['jwt.auth.mod', 'TimeCheck', 'BlockCheck']], function () { 79 | Route::post('submitFlag', 'ChallengeController@submitFlag'); 80 | }); 81 | }); 82 | 83 | Route::group(['prefix' => 'Flag', 'middleware' => ['jwt.auth.mod', 'AdminCheck']], function () { 84 | Route::post('delete', 'FlagController@deleteFlag'); 85 | Route::post('edit', 'FlagController@editFlag'); 86 | }); 87 | 88 | Route::group(['prefix' => 'SystemLog', 'middleware' => ['jwt.auth.mod', 'AdminCheck']], function () { 89 | Route::get('list', 'SystemLogController@list'); 90 | }); 91 | 92 | Route::group(['prefix' => 'System'], function () { 93 | Route::get('meta', 'SystemController@getMetaInfo'); 94 | Route::group(['middleware' => ['jwt.auth.mod', 'AdminCheck']], function () { 95 | Route::post('edit', 'SystemController@editMetaInfo'); 96 | }); 97 | }); 98 | 99 | Route::group(['prefix' => 'Bulletin'], function () { 100 | Route::get('list', 'BulletinController@list'); 101 | 102 | Route::group(['middleware' => ['jwt.auth.mod', 'AdminCheck']], function () { 103 | Route::post('delete', 'BulletinController@delete'); 104 | Route::post('create', 'BulletinController@create'); 105 | Route::post('edit', 'BulletinController@edit'); 106 | }); 107 | }); 108 | 109 | Route::get('token/{token}', 'TeamController@tokenVerify'); 110 | 111 | }); 112 | 113 | Route::get('token/{token}', 'TeamController@tokenVerify'); 114 | -------------------------------------------------------------------------------- /server.php: -------------------------------------------------------------------------------- 1 | 8 | */ 9 | 10 | $uri = urldecode( 11 | parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) 12 | ); 13 | 14 | // This file allows us to emulate Apache's "mod_rewrite" functionality from the 15 | // built-in PHP web server. This provides a convenient way to test a Laravel 16 | // application without having installed a "real" web server software here. 17 | if ($uri !== '/' && file_exists(__DIR__.'/public'.$uri)) { 18 | return false; 19 | } 20 | 21 | require_once __DIR__.'/public/index.php'; 22 | -------------------------------------------------------------------------------- /storage/app/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !public/ 3 | !.gitignore 4 | -------------------------------------------------------------------------------- /storage/app/public/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /storage/framework/.gitignore: -------------------------------------------------------------------------------- 1 | config.php 2 | routes.php 3 | schedule-* 4 | compiled.php 5 | services.json 6 | events.scanned.php 7 | routes.scanned.php 8 | down 9 | -------------------------------------------------------------------------------- /storage/framework/cache/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /storage/framework/sessions/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /storage/framework/testing/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /storage/framework/views/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /storage/logs/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /tests/CreatesApplication.php: -------------------------------------------------------------------------------- 1 | make(Kernel::class)->bootstrap(); 19 | 20 | return $app; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /tests/Feature/ExampleTest.php: -------------------------------------------------------------------------------- 1 | get('/'); 20 | 21 | $response->assertStatus(200); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /tests/TestCase.php: -------------------------------------------------------------------------------- 1 | assertTrue(true); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /webpack.mix.js: -------------------------------------------------------------------------------- 1 | let mix = require('laravel-mix'); 2 | 3 | /* 4 | |-------------------------------------------------------------------------- 5 | | Mix Asset Management 6 | |-------------------------------------------------------------------------- 7 | | 8 | | Mix provides a clean, fluent API for defining some Webpack build steps 9 | | for your Laravel application. By default, we are compiling the Sass 10 | | file for the application as well as bundling up all the JS files. 11 | | 12 | */ 13 | 14 | mix.js('resources/assets/js/app.js', 'public/js') 15 | .sass('resources/assets/sass/app.scss', 'public/css'); 16 | --------------------------------------------------------------------------------