Implemented some features

.gitignore

@@ -1 +1,92 @@
-ctf.db
+ctf.db
+config.json
+
+# Created by https://www.gitignore.io/api/python,virtualenv
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask instance folder
+instance/
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# IPython Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+
+
+### VirtualEnv ###
+# Virtualenv
+# http://iamzed.com/2009/05/07/a-primer-on-virtualenv/
+.Python
+[Bb]in
+[Ii]nclude
+[Ll]ib
+[Ll]ib64
+[Ll]ocal
+[Ss]cripts
+pyvenv.cfg
+.venv
+pip-selfcheck.json
+

README.md

@@ -3,6 +3,16 @@ tinyctf-platform
 
 `tinyctf-platform` is yet another open-source (jeopardy style) CTF platform. It is relatively easy to set up and modify. Hopefully it will become even better over time, with other people contributing.
 
+Features
+--------
+
+- Public scoreboard
+- JSON scoreboard at ```/scoreboard.json```
+- Automatic start/end of CTF based on timestamps
+- CSRF protection (can be disabled)
+- Username validation (regex ftw)
+
+
 ![alt text](http://i.imgur.com/dqGeLNM.jpg "tinyctf-platform in action")
 
 Deployment
@@ -45,5 +55,4 @@ Start the server
 Caveats
 -------
 
-* CSRF is currently not addressed
 * The platform does not support tasks with the same score and category right now

config.json → config.json.sample

@@ -9,5 +9,11 @@
     "language_file": "lang.json",
     "language": "english",
 
-    "debug": false
+    "username_regex": "^[a-zA-Z0-9-_. &']+$",
+
+    "start":0,
+    "end":0,
+
+    "enable_csrf_protection": true,
+    "debug": true
 }

lang.json

@@ -44,7 +44,10 @@
             "invalid_credentials": "Invalid username or password",
             "already_registered": "This user is already registered",
             "empty_user": "Empty username is not allowed",
-            "task_not_found": "TBD"
+            "task_not_found": "TBD",
+            "invalid_user": "Invalid username",
+            "ctf_not_started": "Wait until the CTF starts",
+            "ctf_over": "CTF is over"
         }
     }
 }

requirements.txt

@@ -0,0 +1,14 @@
+alembic==0.8.4
+dataset==0.6.2
+Flask==0.10.1
+itsdangerous==0.24
+Jinja2==2.8
+Mako==1.0.3
+MarkupSafe==0.23
+normality==0.2.4
+python-editor==0.5
+PyYAML==3.11
+six==1.10.0
+SQLAlchemy==1.0.12
+Werkzeug==0.11.4
+wheel==0.29.0