CTFNote is a collaborative tool aiming to help CTF teams to organise their work.
Use the provided docker configuration to deploy the project:
$ docker-compose up -dThen, visit 127.0.0.1 and create your first account, which will automatically be provided with admin privileges
You can optionally edit the API configuration file depending on your needs:
CTFNote supports external authentication like Keycloak or OAuth with CTFNote.
You have to set environment variables throught docker-compose.yml.
As admin, you can allow or block the external authentication and/or registration if the user doesn't exist in the db.
For the callback URL, the url path is /api/auth/<MODULE>/callaback.
Routes from frontend:
Env vars:
EXTERNAL_AUTHENTICATION_MODULES: "oauth2"
EXTERNAL_AUTHENTICATION_OAUTH2_CLIENT_ID: "client_id"
EXTERNAL_AUTHENTICATION_OAUTH2_CLIENT_SECRET: "client_secret"
EXTERNAL_AUTHENTICATION_OAUTH2_AUTHORIZATION_URL: "https://example.com/auth/"
EXTERNAL_AUTHENTICATION_OAUTH2_TOKEN_SERVER_URL: "https://example.com/token/"
EXTERNAL_AUTHENTICATION_OAUTH2_CALLBACK_URL: "https://ctfnote.example.com/api/auth/oauth2/callback"
Notes: Maybe not functional because the user's profile does not seem to be retrieved by Passport.
Routes from frontend:
Env vars:
EXTERNAL_AUTHENTICATION_MODULES: "keycloak"
EXTERNAL_AUTHENTICATION_KEYCLOAK_CLIENT_ID: "client_id"
EXTERNAL_AUTHENTICATION_KEYCLOAK_CLIENT_SECRET: "client_secret"
EXTERNAL_AUTHENTICATION_KEYCLOAK_AUTH_URL: "https://example.com/auth"
EXTERNAL_AUTHENTICATION_KEYCLOAK_REALM: "Realm"
EXTERNAL_AUTHENTICATION_KEYCLOAK_CALLBACK_URL: "https://ctfnote.example.com/api/auth/keycloak/callback"
If you want more methods, you have to implement them with Passport. Don't hesitate to PR it :D
- Add your module name inside the array
externalAuthenticationModuleAuthorized(api/src/config/globals.ts). It's very important as the route will be generated from it.
static externalAuthenticationModuleAuthorized = ['oauth2','keycloak','<your_module>'];- Add the environment variables that you need. Example for oauth2:
static externalAuthenticationOauthClientID = process.env.EXTERNAL_AUTHENTICATION_OAUTH_CLIENT_ID || "";
static externalAuthenticationOauthClientSecret = process.env.EXTERNAL_AUTHENTICATION_OAUTH_CLIENT_SECRET || "";
static externalAuthenticationOauthAuthorizationUrl = process.env.EXTERNAL_AUTHENTICATION_OAUTH_AUTHORIZATION_URL || "";
static externalAuthenticationOauthTokenServerUrl = process.env.EXTERNAL_AUTHENTICATION_OAUTH_TOKEN_SERVER_URL || "";
static externalAuthenticationOauth2CallbackUrl = process.env.EXTERNAL_AUTHENTICATION_OAUTH2_CALLBACK_URL || "";- Add your passport method inside
api/src/config/passport.ts. Example for oauth2:
if (Globals.externalAuthenticationModules.indexOf('oauth2') != -1){
passport.use('oauth2',new Oauth2Strategy({
clientID: Globals.externalAuthenticationOauth2ClientID,
clientSecret: Globals.externalAuthenticationOauth2ClientSecret,
authorizationURL: Globals.externalAuthenticationOauth2AuthorizationUrl,
tokenURL: Globals.externalAuthenticationOauth2TokenServerUrl,
callbackURL: Globals.externalAuthenticationOauth2CallbackUrl,
},
function(accessToken, refreshToken, profile, done) {
findOrCreateExternalUser(profile,done); // Not sure about that because profile maybe empty :/
})
);
}- ADMIN_ALL: can create CTFs, tasks, edit users/the config.
- EDIT_CTF: can create and modify CTF information; you should grant this right to your captain
- CTF_ALL: can join every CTF; you should grant this right to your team members.
- no privileges: can only view CTFs when invited; this is used for irregular guests.
CTF guests are allowed to create and edit tasks, but not the CTF information.
The development server includes a simple HTTP proxy allowing the frontend to access the local API (cf quasar.conf.js). Hot reloading is configured on both components as well.
$ cd front/
$ yarn install
$ yarn start$ cd api/
$ yarn install
$ yarn start
$ MD_PROVIDER=https://ur-codimd-instance-full-url yarn start