nitowa
/
PlaidCTF-YACA
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
Tree: 0086c95dc0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0086c95dc0'
${ noResults }
PlaidCTF-YACA/src/index.ts

index.ts 2.8KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. import * as express from "express";

  2. import * as fs from "fs-extra";

  3. import * as path from "path";

  4. import * as bodyParser from "body-parser";

  5. import { v4 as uuid } from "uuid";

  6. 

  7. import { startVisiting } from "./page-worker";

  8. import { enqueue, setup } from "./database";

  9. 

  10. const cacheDir = path.join(__dirname, "../cache");

  11. const clientDir = path.join(__dirname, "../client");

  12. 

  13. const main = async () => {

  14.     await setup()

  15.     await fs.ensureDir(cacheDir);

  16. 

  17.     const app = express();

  18.     app.use(bodyParser.json());

  19.     app.use((req, res, next) => {

  20.         res.setHeader("Content-Security-Policy", "script-src 'self' 'unsafe-eval' 'unsafe-inline'");

  21.         next();

  22.     });

  23. 

  24.     app.get("/", (req, res) => {

  25.         res.sendFile(path.join(clientDir, "index.html"));

  26.     });

  27. 

  28.     app.post("/upload", async (req, res) => {

  29.         if (typeof req.body !== "object") {

  30.             return res.status(500).send("Bad payload");

  31.         }

  32. 

  33.         const { type, program } = req.body;

  34.         if (

  35.             typeof type !== "string"

  36.             || type.match(/^[a-zA-Z\-/]{3,}$/) === null

  37.             || typeof program.name !== "string"

  38.             || typeof program.code !== "string"

  39.             || program.code.length > 10000

  40.         ) {

  41.             return res.status(500).send("Invalid program");

  42.         }

  43. 

  44.         const sanitizedProgram =

  45.             JSON.stringify(program)

  46.                 .replace(/</g, "&lt;")

  47.                 .replace(/>/g, "&gt;");

  48. 

  49.         const template = await fs.readFile(path.join(clientDir, "calculator.hbs"), "utf-8");

  50.         const formattedFile =

  51.             template

  52.                 .replace("{{ content-type }}", type)

  53.                 .replace("{{ program }}", sanitizedProgram);

  54. 

  55.         const fileName = `program-${uuid()}`;

  56.         await fs.writeFile(path.join(cacheDir, fileName), formattedFile);

  57. 

  58.         res.send(`/program/${fileName}`);

  59.     });

  60. 

  61.     app.post("/report", async (req, res) => {

  62.         if (

  63.             typeof req.body !== "object"

  64.             || typeof req.body.file !== "string"

  65.             || !req.body.file.match(/^program-[a-f0-9-]+$/)

  66.         ) {

  67.             return res.status(500).send("Bad payload");

  68.         }

  69. 

  70.         const ip = req.ip;

  71.         const { file } = req.body;

  72.         const url = `http://localhost:3838/program/${file}`;

  73. 

  74.         await enqueue(url, ip)

  75.         res.send("Ok");

  76.     })

  77. 

  78.     app.get("/program/:file", async (req, res) => {

  79.         const fileName = req.params.file;

  80.         const filePath = path.join(cacheDir, fileName);

  81. 

  82.         res.type("html");

  83.         res.sendFile(filePath);

  84.     });

  85. 

  86.     app.use("/js", express.static(path.join(clientDir, "js")));

  87.     app.use("/css", express.static(path.join(clientDir, "css")));

  88. 

  89.     app.listen(3838, () => {

  90.         console.log("Listening on port 3838");

  91.     });

  92. }

  93. 

  94. startVisiting();

  95. main();

  96.