mirror of https://github.com/dirtbags/moth.git
Path traversal fix, beginning to work on teamid as auth
This commit is contained in:
Neale Pickett
parent
3a11cc65ef
commit
651c8fdfa4
|
|
@ -102,18 +102,31 @@ func (ctx *Instance) MaybeInitialize() {
|
||||||
fmt.Fprintln(f, "Remove this file to reinitialize the contest")
|
fmt.Fprintln(f, "Remove this file to reinitialize the contest")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func pathCleanse(parts []string) string {
|
||||||
|
clean := make([]string, len(parts))
|
||||||
|
for i := range parts {
|
||||||
|
part := parts[i]
|
||||||
|
part = strings.TrimLeft(part, ".")
|
||||||
|
if p := strings.LastIndex(part, "/"); p >= 0 {
|
||||||
|
part = part[p+1:]
|
||||||
|
}
|
||||||
|
clean[i] = part
|
||||||
|
}
|
||||||
|
return path.Join(clean...)
|
||||||
|
}
|
||||||
|
|
||||||
func (ctx Instance) MothballPath(parts ...string) string {
|
func (ctx Instance) MothballPath(parts ...string) string {
|
||||||
tail := path.Join(parts...)
|
tail := pathCleanse(parts)
|
||||||
return path.Join(ctx.MothballDir, tail)
|
return path.Join(ctx.MothballDir, tail)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ctx *Instance) StatePath(parts ...string) string {
|
func (ctx *Instance) StatePath(parts ...string) string {
|
||||||
tail := path.Join(parts...)
|
tail := pathCleanse(parts)
|
||||||
return path.Join(ctx.StateDir, tail)
|
return path.Join(ctx.StateDir, tail)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ctx *Instance) ResourcePath(parts ...string) string {
|
func (ctx *Instance) ResourcePath(parts ...string) string {
|
||||||
tail := path.Join(parts...)
|
tail := pathCleanse(parts)
|
||||||
return path.Join(ctx.ResourcesDir, tail)
|
return path.Join(ctx.ResourcesDir, tail)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,30 +1,25 @@
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<title>Welcome</title>
|
<title>Sign In</title>
|
||||||
<link rel="stylesheet" href="basic.css">
|
|
||||||
<meta name="viewport" content="width=device-width">
|
<meta name="viewport" content="width=device-width">
|
||||||
|
<link rel="stylesheet" href="basic.css">
|
||||||
|
<script src="moth.js"></script>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<h1>Welcome</h1>
|
<h1 id="title">Sign In</h1>
|
||||||
<section>
|
<section>
|
||||||
<h2>Register your team</h2>
|
<div id="login">
|
||||||
|
|
||||||
<form action="register" method="post">
|
|
||||||
Team ID: <input name="id"> <br>
|
|
||||||
Team name: <input name="name">
|
Team name: <input name="name">
|
||||||
<input type="submit" value="Register">
|
Team ID: <input name="id"> <br>
|
||||||
</form>
|
<button id="submit">Sign In</button>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div id="puzzles"></div>
|
||||||
|
|
||||||
<p>
|
|
||||||
If someone on your team has already registered,
|
|
||||||
proceed to the
|
|
||||||
<a href="puzzle-list.html">puzzles overview</a>.
|
|
||||||
</p>
|
|
||||||
</section>
|
</section>
|
||||||
<nav>
|
<nav>
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="puzzle-list.html">Puzzles</a></li>
|
|
||||||
<li><a href="scoreboard.html">Scoreboard</a></li>
|
<li><a href="scoreboard.html">Scoreboard</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</nav>
|
</nav>
|
||||||
|
|
|
||||||
|
|
@ -7,82 +7,6 @@
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
<script>
|
<script>
|
||||||
|
|
||||||
function render(obj) {
|
|
||||||
puzzlesElement = document.createElement('div');
|
|
||||||
|
|
||||||
// Create a sorted list of category names
|
|
||||||
let cats = Object.keys(obj);
|
|
||||||
cats.sort();
|
|
||||||
|
|
||||||
for (let cat of cats) {
|
|
||||||
if (cat.startsWith("__")) {
|
|
||||||
// Metadata or something
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
let puzzles = obj[cat];
|
|
||||||
|
|
||||||
let pdiv = document.createElement('div');
|
|
||||||
pdiv.className = 'category';
|
|
||||||
|
|
||||||
let h = document.createElement('h2');
|
|
||||||
pdiv.appendChild(h);
|
|
||||||
h.textContent = cat;
|
|
||||||
|
|
||||||
// Extras if we're running a devel server
|
|
||||||
if (obj.__devel__) {
|
|
||||||
var a = document.createElement('a');
|
|
||||||
h.insertBefore(a, h.firstChild);
|
|
||||||
a.textContent = "⬇️";
|
|
||||||
a.href = "mothballer/" + cat;
|
|
||||||
a.classList.add("mothball");
|
|
||||||
a.title = "Download a compiled puzzle for this category";
|
|
||||||
}
|
|
||||||
|
|
||||||
let l = document.createElement('ul');
|
|
||||||
pdiv.appendChild(l);
|
|
||||||
|
|
||||||
for (var puzzle of puzzles) {
|
|
||||||
var points = puzzle[0];
|
|
||||||
var id = puzzle[1];
|
|
||||||
|
|
||||||
var i = document.createElement('li');
|
|
||||||
l.appendChild(i);
|
|
||||||
i.textContent = " ";
|
|
||||||
|
|
||||||
if (points === 0) {
|
|
||||||
// Sentry: there are no more puzzles in this category
|
|
||||||
i.textContent = "✿";
|
|
||||||
} else {
|
|
||||||
var a = document.createElement('a');
|
|
||||||
i.appendChild(a);
|
|
||||||
a.textContent = points;
|
|
||||||
a.href = "puzzle.html?cat=" + cat + "&points=" + points + "&pid=" + id;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
puzzlesElement.appendChild(pdiv);
|
|
||||||
document.getElementById("puzzles").appendChild(puzzlesElement);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function init() {
|
|
||||||
fetch("puzzles.json")
|
|
||||||
.then(resp => {
|
|
||||||
return resp.json();
|
|
||||||
})
|
|
||||||
.then(obj => {
|
|
||||||
render(obj);
|
|
||||||
})
|
|
||||||
.catch(err => {
|
|
||||||
console.log("Error", err);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
if (document.readyState === "loading") {
|
|
||||||
document.addEventListener("DOMContentLoaded", init);
|
|
||||||
} else {
|
|
||||||
init();
|
|
||||||
}
|
|
||||||
</script>
|
</script>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue