2018-05-02 15:45:45 -06:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2018-09-17 17:00:08 -06:00
|
|
|
"bufio"
|
2018-09-24 14:00:18 -06:00
|
|
|
"encoding/json"
|
2018-05-02 15:45:45 -06:00
|
|
|
"fmt"
|
2018-09-17 18:02:44 -06:00
|
|
|
"io"
|
2018-09-17 17:00:08 -06:00
|
|
|
"log"
|
2018-05-02 15:45:45 -06:00
|
|
|
"net/http"
|
2018-05-04 17:20:51 -06:00
|
|
|
"os"
|
|
|
|
"strconv"
|
2018-09-17 17:00:08 -06:00
|
|
|
"strings"
|
2018-05-02 15:45:45 -06:00
|
|
|
)
|
|
|
|
|
2018-09-24 14:00:18 -06:00
|
|
|
type JSend struct {
|
|
|
|
Status string `json:"status"`
|
|
|
|
Data JSendData `json:"data"`
|
|
|
|
}
|
|
|
|
type JSendData struct {
|
|
|
|
Short string `json:"short"`
|
|
|
|
Description string `json:"description"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// ShowJSend renders a JSend response to w
|
|
|
|
func ShowJSend(w http.ResponseWriter, status Status, short string, description string) {
|
|
|
|
|
|
|
|
resp := JSend{
|
|
|
|
Status: "success",
|
|
|
|
Data: JSendData{
|
|
|
|
Short: short,
|
|
|
|
Description: description,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
switch status {
|
|
|
|
case Success:
|
|
|
|
resp.Status = "success"
|
|
|
|
case Fail:
|
|
|
|
resp.Status = "fail"
|
|
|
|
default:
|
|
|
|
resp.Status = "error"
|
|
|
|
}
|
|
|
|
|
|
|
|
respBytes, err := json.Marshal(resp)
|
|
|
|
if (err != nil) {
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
w.WriteHeader(http.StatusOK) // RFC2616 makes it pretty clear that 4xx codes are for the user-agent
|
|
|
|
w.Write(respBytes)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ShowHtml delevers an HTML response to w
|
|
|
|
func ShowHtml(w http.ResponseWriter, status Status, title string, body string) {
|
|
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
|
|
|
|
statusStr := ""
|
|
|
|
switch status {
|
|
|
|
case Success:
|
|
|
|
statusStr = "Success"
|
|
|
|
case Fail:
|
|
|
|
statusStr = "Fail"
|
|
|
|
default:
|
|
|
|
statusStr = "Error"
|
|
|
|
}
|
|
|
|
|
|
|
|
fmt.Fprintf(w, "<!DOCTYPE html>")
|
|
|
|
fmt.Fprintf(w, "<html><head>")
|
|
|
|
fmt.Fprintf(w, "<title>%s</title>", title)
|
|
|
|
fmt.Fprintf(w, "<link rel=\"stylesheet\" href=\"basic.css\">")
|
|
|
|
fmt.Fprintf(w, "<meta name=\"viewport\" content=\"width=device-width\">")
|
|
|
|
fmt.Fprintf(w, "<link rel=\"icon\" href=\"res/icon.svg\" type=\"image/svg+xml\">")
|
|
|
|
fmt.Fprintf(w, "<link rel=\"icon\" href=\"res/icon.png\" type=\"image/png\">")
|
|
|
|
fmt.Fprintf(w, "</head><body><h1 class=\"%s\">%s</h1>", statusStr, title)
|
|
|
|
fmt.Fprintf(w, "<section>%s</section>", body)
|
|
|
|
fmt.Fprintf(w, "<nav>")
|
|
|
|
fmt.Fprintf(w, "<ul>")
|
|
|
|
fmt.Fprintf(w, "<li><a href=\"puzzle-list.html\">Puzzles</a></li>")
|
|
|
|
fmt.Fprintf(w, "<li><a href=\"scoreboard.html\">Scoreboard</a></li>")
|
|
|
|
fmt.Fprintf(w, "</ul>")
|
|
|
|
fmt.Fprintf(w, "</nav>")
|
|
|
|
fmt.Fprintf(w, "</body></html>")
|
|
|
|
}
|
|
|
|
|
2018-09-17 17:40:05 -06:00
|
|
|
func respond(w http.ResponseWriter, req *http.Request, status Status, short string, format string, a ...interface{}) {
|
|
|
|
long := fmt.Sprintf(format, a...)
|
2018-09-17 17:00:08 -06:00
|
|
|
// This is a kludge. Do proper parsing when this causes problems.
|
|
|
|
accept := req.Header.Get("Accept")
|
|
|
|
if strings.Contains(accept, "application/json") {
|
2018-09-17 17:40:05 -06:00
|
|
|
ShowJSend(w, status, short, long)
|
2018-09-17 17:00:08 -06:00
|
|
|
} else {
|
2018-09-17 17:40:05 -06:00
|
|
|
ShowHtml(w, status, short, long)
|
2018-09-14 18:24:48 -06:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-09-17 21:32:24 -06:00
|
|
|
// hasLine returns true if line appears in r.
|
|
|
|
// The entire line must match.
|
|
|
|
func hasLine(r io.Reader, line string) bool {
|
2018-09-17 18:02:44 -06:00
|
|
|
scanner := bufio.NewScanner(r)
|
|
|
|
for scanner.Scan() {
|
2018-09-17 21:32:24 -06:00
|
|
|
if scanner.Text() == line {
|
2018-09-17 18:02:44 -06:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2018-09-19 21:44:34 -06:00
|
|
|
func (ctx *Instance) registerHandler(w http.ResponseWriter, req *http.Request) {
|
2018-09-17 17:00:08 -06:00
|
|
|
teamname := req.FormValue("name")
|
|
|
|
teamid := req.FormValue("id")
|
|
|
|
|
|
|
|
// Keep foolish operators from shooting themselves in the foot
|
|
|
|
// You would have to add a pathname to your list of Team IDs to open this vulnerability,
|
|
|
|
// but I have learned not to overestimate people.
|
|
|
|
if strings.Contains(teamid, "../") {
|
|
|
|
teamid = "rodney"
|
2018-05-04 17:20:51 -06:00
|
|
|
}
|
2018-09-17 17:00:08 -06:00
|
|
|
|
2018-05-04 17:20:51 -06:00
|
|
|
if (teamid == "") || (teamname == "") {
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
|
|
|
"Invalid Entry",
|
|
|
|
"Either `id` or `name` was missing from this request.",
|
|
|
|
)
|
2018-05-04 17:20:51 -06:00
|
|
|
return
|
|
|
|
}
|
2018-09-17 17:00:08 -06:00
|
|
|
|
2018-09-17 21:32:24 -06:00
|
|
|
teamids, err := os.Open(ctx.StatePath("teamids.txt"))
|
|
|
|
if err != nil {
|
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
|
|
|
"Cannot read valid team IDs",
|
|
|
|
"An error was encountered trying to read valid teams IDs: %v", err,
|
|
|
|
)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer teamids.Close()
|
|
|
|
if !hasLine(teamids, teamid) {
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
|
|
|
"Invalid Team ID",
|
|
|
|
"I don't have a record of that team ID. Maybe you used capital letters accidentally?",
|
|
|
|
)
|
2018-05-04 17:20:51 -06:00
|
|
|
return
|
|
|
|
}
|
2018-09-17 17:00:08 -06:00
|
|
|
|
|
|
|
f, err := os.OpenFile(ctx.StatePath("teams", teamid), os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0644)
|
2018-05-04 17:20:51 -06:00
|
|
|
if err != nil {
|
2018-09-17 17:00:08 -06:00
|
|
|
log.Print(err)
|
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
2018-05-04 17:20:51 -06:00
|
|
|
"Registration failed",
|
|
|
|
"Unable to register. Perhaps a teammate has already registered?",
|
|
|
|
)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer f.Close()
|
|
|
|
fmt.Fprintln(f, teamname)
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Success,
|
|
|
|
"Team registered",
|
|
|
|
"Okay, your team has been named and you may begin using your team ID!",
|
|
|
|
)
|
2018-05-04 17:20:51 -06:00
|
|
|
}
|
|
|
|
|
2018-09-19 21:44:34 -06:00
|
|
|
func (ctx *Instance) tokenHandler(w http.ResponseWriter, req *http.Request) {
|
2018-09-17 17:40:05 -06:00
|
|
|
teamid := req.FormValue("id")
|
|
|
|
token := req.FormValue("token")
|
|
|
|
|
|
|
|
var category string
|
|
|
|
var points int
|
|
|
|
var fluff string
|
2018-05-04 17:20:51 -06:00
|
|
|
|
2018-09-17 17:40:05 -06:00
|
|
|
stoken := strings.Replace(token, ":", " ", 2)
|
|
|
|
n, err := fmt.Sscanf(stoken, "%s %d %s", &category, &points, &fluff)
|
|
|
|
if err != nil || n != 3 {
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
2018-09-17 17:40:05 -06:00
|
|
|
"Malformed token",
|
|
|
|
"That doesn't look like a token: %v.", err,
|
2018-09-17 17:00:08 -06:00
|
|
|
)
|
2018-05-04 17:20:51 -06:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-09-17 17:40:05 -06:00
|
|
|
if (category == "") || (points <= 0) {
|
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
|
|
|
"Weird token",
|
|
|
|
"That token doesn't make any sense.",
|
|
|
|
)
|
|
|
|
return
|
2018-05-04 17:20:51 -06:00
|
|
|
}
|
2018-09-17 17:40:05 -06:00
|
|
|
|
|
|
|
f, err := ctx.OpenCategoryFile(category, "tokens.txt")
|
2018-05-04 17:20:51 -06:00
|
|
|
if err != nil {
|
2018-09-17 17:40:05 -06:00
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
|
|
|
"Cannot list valid tokens",
|
|
|
|
err.Error(),
|
|
|
|
)
|
|
|
|
return
|
2018-05-04 17:20:51 -06:00
|
|
|
}
|
2018-09-17 17:40:05 -06:00
|
|
|
defer f.Close()
|
2018-09-17 17:00:08 -06:00
|
|
|
|
2018-09-17 17:40:05 -06:00
|
|
|
// Make sure the token is in the list
|
2018-09-17 21:32:24 -06:00
|
|
|
if !hasLine(f, token) {
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
|
|
|
"Unrecognized token",
|
2018-09-17 17:40:05 -06:00
|
|
|
"I don't recognize that token. Did you type in the whole thing?",
|
2018-09-17 17:00:08 -06:00
|
|
|
)
|
2018-05-04 17:20:51 -06:00
|
|
|
return
|
|
|
|
}
|
2018-09-17 17:00:08 -06:00
|
|
|
|
2018-09-14 18:24:48 -06:00
|
|
|
if err := ctx.AwardPoints(teamid, category, points); err != nil {
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
|
|
|
"Error awarding points",
|
|
|
|
err.Error(),
|
|
|
|
)
|
2018-05-04 17:20:51 -06:00
|
|
|
return
|
|
|
|
}
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Success,
|
|
|
|
"Points awarded",
|
2018-09-17 17:40:05 -06:00
|
|
|
"%d points for %s!", points, teamid,
|
2018-09-17 17:00:08 -06:00
|
|
|
)
|
2018-05-04 17:20:51 -06:00
|
|
|
}
|
|
|
|
|
2018-09-19 21:44:34 -06:00
|
|
|
func (ctx *Instance) answerHandler(w http.ResponseWriter, req *http.Request) {
|
2018-09-17 17:40:05 -06:00
|
|
|
teamid := req.FormValue("id")
|
|
|
|
category := req.FormValue("cat")
|
|
|
|
pointstr := req.FormValue("points")
|
|
|
|
answer := req.FormValue("answer")
|
2018-05-04 17:20:51 -06:00
|
|
|
|
|
|
|
points, err := strconv.Atoi(pointstr)
|
|
|
|
if err != nil {
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
2018-09-17 17:40:05 -06:00
|
|
|
"Cannot parse point value",
|
|
|
|
"This doesn't look like an integer: %s", pointstr,
|
2018-09-17 17:00:08 -06:00
|
|
|
)
|
2018-09-14 18:24:48 -06:00
|
|
|
return
|
2018-05-04 17:20:51 -06:00
|
|
|
}
|
|
|
|
|
2018-09-17 17:40:05 -06:00
|
|
|
haystack, err := ctx.OpenCategoryFile(category, "answers.txt")
|
2018-09-14 18:24:48 -06:00
|
|
|
if err != nil {
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
2018-09-17 17:40:05 -06:00
|
|
|
w, req, Fail,
|
|
|
|
"Cannot list answers",
|
|
|
|
"Unable to read the list of answers for this category.",
|
2018-09-17 17:00:08 -06:00
|
|
|
)
|
2018-09-14 18:24:48 -06:00
|
|
|
return
|
|
|
|
}
|
|
|
|
defer haystack.Close()
|
2018-09-17 17:00:08 -06:00
|
|
|
|
2018-09-14 18:24:48 -06:00
|
|
|
// Look for the answer
|
|
|
|
needle := fmt.Sprintf("%d %s", points, answer)
|
2018-09-17 21:32:24 -06:00
|
|
|
if !hasLine(haystack, needle) {
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Fail,
|
|
|
|
"Wrong answer",
|
2018-09-17 17:40:05 -06:00
|
|
|
"That is not the correct answer for %s %d.", category, points,
|
2018-09-17 17:00:08 -06:00
|
|
|
)
|
2018-09-14 18:24:48 -06:00
|
|
|
return
|
2018-05-04 17:20:51 -06:00
|
|
|
}
|
|
|
|
|
2018-09-17 18:06:29 -06:00
|
|
|
if err := ctx.AwardPoints(teamid, category, points); err != nil {
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Error,
|
2018-09-20 14:44:56 -06:00
|
|
|
"Cannot award points",
|
|
|
|
"The answer is correct, but there was an error awarding points: %v", err.Error(),
|
2018-09-17 17:00:08 -06:00
|
|
|
)
|
2018-05-04 17:20:51 -06:00
|
|
|
return
|
|
|
|
}
|
2018-09-17 17:00:08 -06:00
|
|
|
respond(
|
|
|
|
w, req, Success,
|
|
|
|
"Points awarded",
|
|
|
|
fmt.Sprintf("%d points for %s!", points, teamid),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2018-09-19 21:44:34 -06:00
|
|
|
func (ctx *Instance) puzzlesHandler(w http.ResponseWriter, req *http.Request) {
|
2018-09-17 17:00:08 -06:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
w.WriteHeader(http.StatusOK)
|
2018-09-19 21:44:34 -06:00
|
|
|
w.Write(ctx.jPuzzleList)
|
2018-05-08 12:45:50 -06:00
|
|
|
}
|
|
|
|
|
2018-09-19 21:44:34 -06:00
|
|
|
func (ctx *Instance) pointsHandler(w http.ResponseWriter, req *http.Request) {
|
2018-09-17 17:00:08 -06:00
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
w.WriteHeader(http.StatusOK)
|
2018-09-19 21:44:34 -06:00
|
|
|
w.Write(ctx.jPointsLog)
|
2018-09-17 17:00:08 -06:00
|
|
|
}
|
|
|
|
|
2018-09-19 21:44:34 -06:00
|
|
|
func (ctx *Instance) contentHandler(w http.ResponseWriter, req *http.Request) {
|
2018-09-19 17:56:26 -06:00
|
|
|
// Prevent directory traversal
|
|
|
|
if strings.Contains(req.URL.Path, "/.") {
|
|
|
|
http.Error(w, "Not Found", http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
2018-09-19 21:44:34 -06:00
|
|
|
|
2018-09-19 17:56:26 -06:00
|
|
|
// Be clever: use only the last three parts of the path. This may prove to be a bad idea.
|
|
|
|
parts := strings.Split(req.URL.Path, "/")
|
|
|
|
if len(parts) < 3 {
|
|
|
|
http.Error(w, "Not Found", http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
2018-09-19 21:44:34 -06:00
|
|
|
|
2018-09-19 17:56:26 -06:00
|
|
|
fileName := parts[len(parts)-1]
|
|
|
|
puzzleId := parts[len(parts)-2]
|
|
|
|
categoryName := parts[len(parts)-3]
|
2018-09-19 21:44:34 -06:00
|
|
|
|
2018-09-19 17:56:26 -06:00
|
|
|
mb, ok := ctx.Categories[categoryName]
|
|
|
|
if !ok {
|
|
|
|
http.Error(w, "Not Found", http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
2018-09-19 21:44:34 -06:00
|
|
|
|
2018-09-19 17:56:26 -06:00
|
|
|
mbFilename := fmt.Sprintf("content/%s/%s", puzzleId, fileName)
|
|
|
|
mf, err := mb.Open(mbFilename)
|
|
|
|
if err != nil {
|
|
|
|
log.Print(err)
|
|
|
|
http.Error(w, "Not Found", http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer mf.Close()
|
2018-09-19 21:44:34 -06:00
|
|
|
|
2018-09-19 17:56:26 -06:00
|
|
|
http.ServeContent(w, req, fileName, mf.ModTime(), mf)
|
|
|
|
}
|
|
|
|
|
2018-09-19 21:44:34 -06:00
|
|
|
func (ctx *Instance) staticHandler(w http.ResponseWriter, req *http.Request) {
|
2018-09-17 17:00:08 -06:00
|
|
|
ServeStatic(w, req, ctx.ResourcesDir)
|
2018-05-06 21:37:52 -06:00
|
|
|
}
|
2018-09-14 18:24:48 -06:00
|
|
|
|
2018-09-19 21:44:34 -06:00
|
|
|
func (ctx *Instance) BindHandlers(mux *http.ServeMux) {
|
2018-09-17 17:00:08 -06:00
|
|
|
mux.HandleFunc(ctx.Base+"/", ctx.staticHandler)
|
|
|
|
mux.HandleFunc(ctx.Base+"/register", ctx.registerHandler)
|
|
|
|
mux.HandleFunc(ctx.Base+"/token", ctx.tokenHandler)
|
|
|
|
mux.HandleFunc(ctx.Base+"/answer", ctx.answerHandler)
|
2018-09-19 17:56:26 -06:00
|
|
|
mux.HandleFunc(ctx.Base+"/content/", ctx.contentHandler)
|
2018-09-17 17:00:08 -06:00
|
|
|
mux.HandleFunc(ctx.Base+"/puzzles.json", ctx.puzzlesHandler)
|
|
|
|
mux.HandleFunc(ctx.Base+"/points.json", ctx.pointsHandler)
|
2018-09-14 18:24:48 -06:00
|
|
|
}
|