Add linked account creation from the Discord bot #301
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Start of the implementation of the register and link feature. Migration has been made but needs some tuning and can be further optimized and duplicate code can be removed. Will also require more testing if old features haven't been broken. |
…itation_link`. It is preferred we unique this column however whenever you accidentally dismiss the discord bot and want to make a new token you cant. This is why we removed the unique constraint for now.
Graphql schema updated, hopefully this is right because windows/wsl version of `yarn run codegen` likes to break the schema sometimes.
This commit implements the base of some utils that are required and the base of the command itself.
|
Discovered a little problem. Now you could make multiple invite codes that point to the same user and then use them seperately and have the database error out. Possible to return the old code if this one already exists. |
|
Another problem, with the convential link command the command will automatically sync permissions for all ctfs after linking. Currently I have no idea how this can be implemented. |
Discord bot now checks if there is already a invitation token for the Discord id. If there is, it returns this token instead of making a new one. The database can now be put back to unique and this eliminates the issue of invitation links for the same account causing errors and issues.
|
This commit implements fixes for the issues talked about in comment: TFNS#301 (comment) Also changed the migration back to unique
Adds the Environment variables that are needed to configure the register command and some explanation for them.
|
The message when the functionality has not been enabled. Also added the check if you have the required role to create an account. Message when you DO NOT have the role. Message when you DO have the role |
daanbreur
added a commit
to daanbreur/CTFNote
that referenced
this pull request
Jul 25, 2024
Some general cleanup and fixes of todo's. Also implemented the required checks and used data from the environment variables. This command implements what showcased in issue message: TFNS#301 (comment)
Some general cleanup and fixes of todo's. Also implemented the required checks and used data from the environment variables. This command implements what showcased in issue message: TFNS#301 (comment)
daanbreur
force-pushed
the
300-account-creation-from-discord
branch
from
742ba4d
to
841941d
Compare
|
Currently stuck at the "account syncing" part. Using the already existing Within the discord-hooks we can hook into the For the discord role sync we need a few things, the ctfnote user-id of the just created user and that this user exists in the database. |
With a setTimeout we can run code after the request lifecycle. This is ugly, but it works. See also the comment in the code about this. Solves the problem for TFNS#301 (comment)
Variable renaming for consistency. The `getInvitationUrl` should return null in case of error instead of an empty string in order clarify error state.
It makes more sense to have it there. It was by accident placed in the before hook previously.
daanbreur
commented
Aug 4, 2024
JJ-8
approved these changes
Aug 4, 2024
All looks good, should reimplement this some day when we change the backend to something that allows for easier hooking. LGTM (on Saturday) |
ISnackable
added a commit
to ISnackable/CTFNote
that referenced
this pull request
Aug 23, 2024
* Decreased task switcher density * Update filled textbox styling * Updated EditCtfDialog design * Updated ImportCtfDialog design * Updated InviteUserDialog design * Updated ResetPasswordDialog design * Updated SearchDialog design * Resolved Vue warnings * Updated TaskEditDialog design * Updated solve task dialog design * Update task and CTF deletion dialog design * Updated TaskExportDialog design * Formatted code * Add delay to tooltips * Formatted code * Reduced code duplication for TaskBtnGroup component * Force category tags to be in a row on TableDense layout * Updated TaskImportDialog design * Changed TableDense button group color scheme * Re-add category tag wrapping * Updated design of more dialogs * Small spacing changes * Added CTFTime icon to CTFTime URL/ID input fields * Made padding more consistent * Allow ctrl+k search dialog hotkey inside iframe Since the iframe is hosted on the same domain as the parent iframe, we can freely inject anything we want in the iframe. Therefore, we can control script execution and we use that to inject a specially crafted hotkeys-iframe.js file. This sounds like an exploit, but actually it is just the hotkeys-js library code together with a simple `ctrl+k, command+k` shortcut definition that posts a message to the parent frame that the search dialog should be shown. The parent will now act accordingly. Therefore, the search dialog shortcuts now also work on the Hedgedoc iframe pages. * Serve hotkeys-iframe.js from a path from Hedgedoc to circumvent CSP The Hedgedoc CSP is a good thing to have enabled. But it breaks the JS injection done by CTFNote. So now we just lie to the frontend that the file is hosted by Hedgedoc while it actually is hosted by CTFNote. This should circumvent the CSP and allow script execution inside the iframe, even when the CSP is enabled. * Swap order of import dialog columns to checkbox, title, tags * Align categories to the right in task import dialog * Add label to flag submission dialog input * Replaced q-form with div in task import dialog * Slightly increased density of task switcher menu * Solved wrapping in navigation bar caused by category tags * Hide tags in task switcher on small screens * Resolved UI compiler warnings for TaskImportDialog * Set indicator color of all tabs to secondary * Redesigned login page * Redesigned registration page * Redesigned password reset page * Set static width for all auth pages * Make auth pages centered * Hide CTFNote logo next to auth pages on smaller screens * Always show CTFNote text in navigation bar on login screen * Increase page padding on auth pages * Display admin settings page in a single column on small screens * Adjust padding of cards in registration settings * Style inputs in registration settings * Re-organize columns on registration settings to group registration and calendar settings separately * Hide inputs for registration and calendar passwords when disabled * Adjust padding of cards in profile settings * Add icon support to color picker button * Style inputs in profile settings * Moved Change password to left column in profile settings * Fix color picker button being too large in some cases * Adjust padding for theme settings * Update styling for registered users settings page * Removed borders from cards in settings pages * Added icons to notifications toggle * Added Discord logo to CTFNote token field * Undo auth page centering * Make color picker icon appear white in light mode * Merge tags list and condensed tags list into a single class * Changed condensed tags list hidden count color to accent * Updated task list toolbar design * Removed rounded corners from CTF pages * Made CTFTime link smaller * Disabled weight badge click animation * Adjusted spacing and layout on CTF info page * Force tags to be lowercase in the frontend during parsing The backend already enforces lowercase of the tags, but the frontend did not. This could result in double challenge imports if you parse again. Now after the custom parser, all tags are forced to be lower case and unique. This fixes JJ-8#89 * Merge CTF edit and delete buttons on info page on small screens * Remove separator between tabs and CTF pages * Enable contextMenu by default on CTF admin menu * Upgrade yarn and API dependencies Two breaking changes: 1. graphql-upload-ts import was changed. 2. ical-generator `serve` method does not exist anymore. Replaced with writing manually to response. * Update .prettierrc config for trailing comma Otherwise the API files will all be beautified with extra comma's. * Vertically stack CTF description and credentials on small screens * Upgrade frontend dependencies * Format frontend files * Fix frontend ESLint warnings * Update frontend yarn cache This makes sure that the frontend will live forever, even with npmjs.com downtime. * Upgrade NodeJS in API and front Docker container Otherwise it won't build. * Use alpine NodeJS docker versions * Fix Docker image format * Bump @babel/traverse from 7.22.19 to 7.24.1 in /front Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.19 to 7.24.1. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Update install-state.gz due to dependabot upgrade * Upgrade top most yarn files * Make start and end time text on CTF info page white on light mode * Increased width of auth screens to make UUID tokens fit * Made all table headers lowercase on admin user settings page * Moved role column in admin user settings to the left of the username column * Prepended # to pad URL in task iframe, fixes TFNS#96 * Remove newline from last paragraph in descriptions on CTF info page * Redesigned error page for unknown task IDs * Redesigned CTF guest settings page * Adjusted padding for CTF info badges * Removed description on error page for unknown task IDs * Focus input before opening animation finishes in global search dialog * Focus input before opening animation finishes in solve task popup * Moved edit and delete buttons next to CTF title on info page * Fixed spacing issues below description/credentials on CTF info page * Removed description from CTF guest settings * Increased Discord event link input width * Made full table rows clickable on past CTFs page * Removed padding from past CTFs card * Made past CTFs table dense * Increased rows per page options for past CTFs table * Made rows per page setting for past CTFs table persistent * Added custom shortcuts to HedgeDoc editor * Hide search dialog when pressing esc In the old implementation you can only dismiss the search dialog by stop focussing it and then pressing esc or clicking outside the dialog area. This is not keyboard friendly so we introduce a new shortcut that hides the search dialog by just pressing the esc-button. * Increased Nginx upload limit to 5MB * Only allow one solve task dialog to be opened at most * Set nginx upload max size in hosting instructions This corresponds to the outer-nginx and may also need to be set before the change will actually be effective. * Make max upload size a global in the inner-nginx config With this it will apply to all requests done, so also the /uploads endpoint and not only the endpoint for Hedgedoc. * Added shortcut for opening solve task dialog * Added component to preview key combinations for shortcuts * Replace modifier keys on macOS with symbols * Made search dialog use ShortcutPreview component * Made solve task dialog use custom component * Renamed ShortcutPreview to ShortcutHint * Added shortcut hint to solve task dialog when opened on task pages * Fixed flag not updating in task solve dialog when opened using shortcut * Insert iframe hotkey script on task page during iframe load instead of onMounted * Remove no-backdrop-dismiss from task solve dialog * Fix Discord event link hanging issue When a sync has been performed, the old implementation causes a release of the database PoolClient, causing any future database operation to fail. This is due to the event sync code being triggered from the context of GraphQL queries instead of a separate context when an incoming event from Discord is processed. The code has now been rewritten to take the context.pgClient database client which is the current GraphQL pgClient. This client is used in all database operations and not released so it can be used in the future. This will stop the hanging of the server when a Discord event link sync is done. This issue was only reliable reproducible with quite some members interested in an event. I tested this with 13 people interested. In the future we should rewrite this code to always take a pgClient in the database code and create a new pgClient at a higher level when not available and otherwise always use the context.pgClient. At lower levels we should not be caring about releasing or not because this can only cause issues. * Set docker-compose images back to upstream * Remove accidental paste in README * Add back manual workflow trigger This is useful for testing if a branch builds. * Update husky dependency * Update contribution guidelines and mention Discord server * Fix line endings * Drop Node 16 test * Fix `any` return type of discord.js ActionRowBuilder * Regenerate graphql bindings * yarn --frozen-lockfile is deprecated * Fix `any` usage partly The query results should be type checked properly in the future. * Run prettier on api * Upgrade used actions to use node 20 https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/ * Bump postcss from 8.4.29 to 8.4.38 in /front Bumps [postcss](https://github.com/postcss/postcss) from 8.4.29 to 8.4.38. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.29...8.4.38) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Create dependabot.yml Config was created by @peace-maker through Discord. It should revive the Dependabot. * Update install-state.gz for Dependabot This is what I get when I run yarn myself. Don't know why Dependabot does not commit this already. * Bump tar from 6.2.0 to 6.2.1 in /api Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump express from 4.19.1 to 4.19.2 in /api Bumps [express](https://github.com/expressjs/express) from 4.19.1 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.1...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump typescript from 5.4.3 to 5.4.5 in /api Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.4.3 to 5.4.5. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.4.3...v5.4.5) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump ip from 2.0.0 to 2.0.1 in /api Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1. - [Commits](indutny/node-ip@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: ip dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Rename ECSC parser to ECSC2021 * Add CINI parser (ECSC 2024) * Bump braces from 3.0.2 to 3.0.3 in /api Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump @typescript-eslint/parser from 7.3.1 to 7.16.0 in /api Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 7.3.1 to 7.16.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.16.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Add base of the hitcon parser for ctfnote * import hitcon parser * Fix HITCON parser The isValid function has been updated to match the correct data and imports are fixed. * Fix formatting issues in hitcon.ts * Fix isValid of CINI parser * Drop ECSC2021/2022 parser The parser was introduced in TFNS#184 but I don't think anyone will be using this parser since the project is dead for years and ENISA is not using this gameboard in the last couple of years. Since it conflicts with the parsing of the other CTF formats, it is better to drop it and reintroduce it when necessary. * Bump braces from 3.0.2 to 3.0.3 in /front Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump tar from 6.2.0 to 6.2.1 in /front Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /front Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4. - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: webpack-dev-middleware dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Fixed .yarn exlusion rules inside of the .gitignore to make them compliant. Added rules to .gitattributes * Created .vscode folder with config to hide yarn from search * Add migration for the discord_integration_enabled field in ctfnote.settings * Add code to sync the discord use from the config to the database. * Make sure discord_integration_enabled is not null. * Maybe its a good idea to grant the correct user.... * Add checks to the pages with Discord * Run codegen for graphql schema. For some reason codegen deleted a lot of things, lets hope nothing bad happens * Spelling fixes. * Simplified v-if to v-else * GraphQL schema files fixed. * Fixes that user_admin could write to ctfnote.settings.discord_integration_enabled * Bump quasar from 2.15.1 to 2.16.6 in /front Bumps [quasar](https://github.com/quasarframework/quasar) from 2.15.1 to 2.16.6. - [Release notes](https://github.com/quasarframework/quasar/releases) - [Commits](quasarframework/quasar@quasar-v2.15.1...quasar-v2.16.6) --- updated-dependencies: - dependency-name: quasar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Fix Quasar build issues "@quasar/app-webpack": "^3.13.2", This package had to be this version to fix the issue. * Create migration for account invitation with Discord link * Removes the unique constraint from discord_id in `ctfnote_private.invitation_link`. It is preferred we unique this column however whenever you accidentally dismiss the discord bot and want to make a new token you cant. This is why we removed the unique constraint for now. * Update the GraphQL schema Graphql schema updated, hopefully this is right because windows/wsl version of `yarn run codegen` likes to break the schema sometimes. * Add base implementation of register command. This commit implements the base of some utils that are required and the base of the command itself. * Add checks to make sure user only has one token. This commit implements fixes for the issues talked about in comment: TFNS#301 (comment) Also changed the migration back to unique * Add ENV vars for configuring register command. Adds the Environment variables that are needed to configure the register command and some explanation for them. * Adds checks to register command and some cleanup Some general cleanup and fixes of todo's. Also implemented the required checks and used data from the environment variables. This command implements what showcased in issue message: TFNS#301 (comment) * Add role sync after `/register` command With a setTimeout we can run code after the request lifecycle. This is ugly, but it works. See also the comment in the code about this. Solves the problem for TFNS#301 (comment) * Refactor AllowedRoles to enum of strings * Rename variables and change signature of functions Variable renaming for consistency. The `getInvitationUrl` should return null in case of error instead of an empty string in order clarify error state. * Move the registerWithToken role sync to the after mutation hook It makes more sense to have it there. It was by accident placed in the before hook previously. * Improve Discord messages text * Add strict 'true' check for Discord registration * Small text improvements * Improve `/register` output even more * Add comments to sql migration file * Rename registration logic function to match command name * format fix * Autofocus username field on login and registration This makes it possible to have a login / registration flow easily by only keyboard. * Fix missing environment variables for Discord registration These were missing in the docker-compose.yml file. Without these it is not possible to configure the options for the `/register` command. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: markfijneman <[email protected]> Co-authored-by: JJ-8 <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Peace-Maker <[email protected]> Co-authored-by: Alexandre Iooss <[email protected]> Co-authored-by: Daan Breur <[email protected]> Co-authored-by: Daan Breur <[email protected]>
ISnackable
added a commit
to ISnackable/CTFNote
that referenced
this pull request
Aug 23, 2024
* Decreased task switcher density * Update filled textbox styling * Updated EditCtfDialog design * Updated ImportCtfDialog design * Updated InviteUserDialog design * Updated ResetPasswordDialog design * Updated SearchDialog design * Resolved Vue warnings * Updated TaskEditDialog design * Updated solve task dialog design * Update task and CTF deletion dialog design * Updated TaskExportDialog design * Formatted code * Add delay to tooltips * Formatted code * Reduced code duplication for TaskBtnGroup component * Force category tags to be in a row on TableDense layout * Updated TaskImportDialog design * Changed TableDense button group color scheme * Re-add category tag wrapping * Updated design of more dialogs * Small spacing changes * Added CTFTime icon to CTFTime URL/ID input fields * Made padding more consistent * Allow ctrl+k search dialog hotkey inside iframe Since the iframe is hosted on the same domain as the parent iframe, we can freely inject anything we want in the iframe. Therefore, we can control script execution and we use that to inject a specially crafted hotkeys-iframe.js file. This sounds like an exploit, but actually it is just the hotkeys-js library code together with a simple `ctrl+k, command+k` shortcut definition that posts a message to the parent frame that the search dialog should be shown. The parent will now act accordingly. Therefore, the search dialog shortcuts now also work on the Hedgedoc iframe pages. * Serve hotkeys-iframe.js from a path from Hedgedoc to circumvent CSP The Hedgedoc CSP is a good thing to have enabled. But it breaks the JS injection done by CTFNote. So now we just lie to the frontend that the file is hosted by Hedgedoc while it actually is hosted by CTFNote. This should circumvent the CSP and allow script execution inside the iframe, even when the CSP is enabled. * Swap order of import dialog columns to checkbox, title, tags * Align categories to the right in task import dialog * Add label to flag submission dialog input * Replaced q-form with div in task import dialog * Slightly increased density of task switcher menu * Solved wrapping in navigation bar caused by category tags * Hide tags in task switcher on small screens * Resolved UI compiler warnings for TaskImportDialog * Set indicator color of all tabs to secondary * Redesigned login page * Redesigned registration page * Redesigned password reset page * Set static width for all auth pages * Make auth pages centered * Hide CTFNote logo next to auth pages on smaller screens * Always show CTFNote text in navigation bar on login screen * Increase page padding on auth pages * Display admin settings page in a single column on small screens * Adjust padding of cards in registration settings * Style inputs in registration settings * Re-organize columns on registration settings to group registration and calendar settings separately * Hide inputs for registration and calendar passwords when disabled * Adjust padding of cards in profile settings * Add icon support to color picker button * Style inputs in profile settings * Moved Change password to left column in profile settings * Fix color picker button being too large in some cases * Adjust padding for theme settings * Update styling for registered users settings page * Removed borders from cards in settings pages * Added icons to notifications toggle * Added Discord logo to CTFNote token field * Undo auth page centering * Make color picker icon appear white in light mode * Merge tags list and condensed tags list into a single class * Changed condensed tags list hidden count color to accent * Updated task list toolbar design * Removed rounded corners from CTF pages * Made CTFTime link smaller * Disabled weight badge click animation * Adjusted spacing and layout on CTF info page * Force tags to be lowercase in the frontend during parsing The backend already enforces lowercase of the tags, but the frontend did not. This could result in double challenge imports if you parse again. Now after the custom parser, all tags are forced to be lower case and unique. This fixes JJ-8#89 * Merge CTF edit and delete buttons on info page on small screens * Remove separator between tabs and CTF pages * Enable contextMenu by default on CTF admin menu * Upgrade yarn and API dependencies Two breaking changes: 1. graphql-upload-ts import was changed. 2. ical-generator `serve` method does not exist anymore. Replaced with writing manually to response. * Update .prettierrc config for trailing comma Otherwise the API files will all be beautified with extra comma's. * Vertically stack CTF description and credentials on small screens * Upgrade frontend dependencies * Format frontend files * Fix frontend ESLint warnings * Update frontend yarn cache This makes sure that the frontend will live forever, even with npmjs.com downtime. * Upgrade NodeJS in API and front Docker container Otherwise it won't build. * Use alpine NodeJS docker versions * Fix Docker image format * Bump @babel/traverse from 7.22.19 to 7.24.1 in /front Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.19 to 7.24.1. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Update install-state.gz due to dependabot upgrade * Upgrade top most yarn files * Make start and end time text on CTF info page white on light mode * Increased width of auth screens to make UUID tokens fit * Made all table headers lowercase on admin user settings page * Moved role column in admin user settings to the left of the username column * Prepended # to pad URL in task iframe, fixes TFNS#96 * Remove newline from last paragraph in descriptions on CTF info page * Redesigned error page for unknown task IDs * Redesigned CTF guest settings page * Adjusted padding for CTF info badges * Removed description on error page for unknown task IDs * Focus input before opening animation finishes in global search dialog * Focus input before opening animation finishes in solve task popup * Moved edit and delete buttons next to CTF title on info page * Fixed spacing issues below description/credentials on CTF info page * Removed description from CTF guest settings * Increased Discord event link input width * Made full table rows clickable on past CTFs page * Removed padding from past CTFs card * Made past CTFs table dense * Increased rows per page options for past CTFs table * Made rows per page setting for past CTFs table persistent * Added custom shortcuts to HedgeDoc editor * Hide search dialog when pressing esc In the old implementation you can only dismiss the search dialog by stop focussing it and then pressing esc or clicking outside the dialog area. This is not keyboard friendly so we introduce a new shortcut that hides the search dialog by just pressing the esc-button. * Increased Nginx upload limit to 5MB * Only allow one solve task dialog to be opened at most * Set nginx upload max size in hosting instructions This corresponds to the outer-nginx and may also need to be set before the change will actually be effective. * Make max upload size a global in the inner-nginx config With this it will apply to all requests done, so also the /uploads endpoint and not only the endpoint for Hedgedoc. * Added shortcut for opening solve task dialog * Added component to preview key combinations for shortcuts * Replace modifier keys on macOS with symbols * Made search dialog use ShortcutPreview component * Made solve task dialog use custom component * Renamed ShortcutPreview to ShortcutHint * Added shortcut hint to solve task dialog when opened on task pages * Fixed flag not updating in task solve dialog when opened using shortcut * Insert iframe hotkey script on task page during iframe load instead of onMounted * Remove no-backdrop-dismiss from task solve dialog * Fix Discord event link hanging issue When a sync has been performed, the old implementation causes a release of the database PoolClient, causing any future database operation to fail. This is due to the event sync code being triggered from the context of GraphQL queries instead of a separate context when an incoming event from Discord is processed. The code has now been rewritten to take the context.pgClient database client which is the current GraphQL pgClient. This client is used in all database operations and not released so it can be used in the future. This will stop the hanging of the server when a Discord event link sync is done. This issue was only reliable reproducible with quite some members interested in an event. I tested this with 13 people interested. In the future we should rewrite this code to always take a pgClient in the database code and create a new pgClient at a higher level when not available and otherwise always use the context.pgClient. At lower levels we should not be caring about releasing or not because this can only cause issues. * Set docker-compose images back to upstream * Remove accidental paste in README * Add back manual workflow trigger This is useful for testing if a branch builds. * Update husky dependency * Update contribution guidelines and mention Discord server * Fix line endings * Drop Node 16 test * Fix `any` return type of discord.js ActionRowBuilder * Regenerate graphql bindings * yarn --frozen-lockfile is deprecated * Fix `any` usage partly The query results should be type checked properly in the future. * Run prettier on api * Upgrade used actions to use node 20 https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/ * Bump postcss from 8.4.29 to 8.4.38 in /front Bumps [postcss](https://github.com/postcss/postcss) from 8.4.29 to 8.4.38. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.29...8.4.38) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Create dependabot.yml Config was created by @peace-maker through Discord. It should revive the Dependabot. * Update install-state.gz for Dependabot This is what I get when I run yarn myself. Don't know why Dependabot does not commit this already. * Bump tar from 6.2.0 to 6.2.1 in /api Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump express from 4.19.1 to 4.19.2 in /api Bumps [express](https://github.com/expressjs/express) from 4.19.1 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.1...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Bump typescript from 5.4.3 to 5.4.5 in /api Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.4.3 to 5.4.5. - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml) - [Commits](microsoft/TypeScript@v5.4.3...v5.4.5) --- updated-dependencies: - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump ip from 2.0.0 to 2.0.1 in /api Bumps [ip](https://github.com/indutny/node-ip) from 2.0.0 to 2.0.1. - [Commits](indutny/node-ip@v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: ip dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Rename ECSC parser to ECSC2021 * Add CINI parser (ECSC 2024) * Bump braces from 3.0.2 to 3.0.3 in /api Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump @typescript-eslint/parser from 7.3.1 to 7.16.0 in /api Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 7.3.1 to 7.16.0. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v7.16.0/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Add base of the hitcon parser for ctfnote * import hitcon parser * Fix HITCON parser The isValid function has been updated to match the correct data and imports are fixed. * Fix formatting issues in hitcon.ts * Fix isValid of CINI parser * Drop ECSC2021/2022 parser The parser was introduced in TFNS#184 but I don't think anyone will be using this parser since the project is dead for years and ENISA is not using this gameboard in the last couple of years. Since it conflicts with the parsing of the other CTF formats, it is better to drop it and reintroduce it when necessary. * Bump braces from 3.0.2 to 3.0.3 in /front Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump tar from 6.2.0 to 6.2.1 in /front Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v6.2.0...v6.2.1) --- updated-dependencies: - dependency-name: tar dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /front Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4. - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: webpack-dev-middleware dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Fixed .yarn exlusion rules inside of the .gitignore to make them compliant. Added rules to .gitattributes * Created .vscode folder with config to hide yarn from search * Add migration for the discord_integration_enabled field in ctfnote.settings * Add code to sync the discord use from the config to the database. * Make sure discord_integration_enabled is not null. * Maybe its a good idea to grant the correct user.... * Add checks to the pages with Discord * Run codegen for graphql schema. For some reason codegen deleted a lot of things, lets hope nothing bad happens * Spelling fixes. * Simplified v-if to v-else * GraphQL schema files fixed. * Fixes that user_admin could write to ctfnote.settings.discord_integration_enabled * Bump quasar from 2.15.1 to 2.16.6 in /front Bumps [quasar](https://github.com/quasarframework/quasar) from 2.15.1 to 2.16.6. - [Release notes](https://github.com/quasarframework/quasar/releases) - [Commits](quasarframework/quasar@quasar-v2.15.1...quasar-v2.16.6) --- updated-dependencies: - dependency-name: quasar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Fix Quasar build issues "@quasar/app-webpack": "^3.13.2", This package had to be this version to fix the issue. * Create migration for account invitation with Discord link * Removes the unique constraint from discord_id in `ctfnote_private.invitation_link`. It is preferred we unique this column however whenever you accidentally dismiss the discord bot and want to make a new token you cant. This is why we removed the unique constraint for now. * Update the GraphQL schema Graphql schema updated, hopefully this is right because windows/wsl version of `yarn run codegen` likes to break the schema sometimes. * Add base implementation of register command. This commit implements the base of some utils that are required and the base of the command itself. * Add checks to make sure user only has one token. This commit implements fixes for the issues talked about in comment: TFNS#301 (comment) Also changed the migration back to unique * Add ENV vars for configuring register command. Adds the Environment variables that are needed to configure the register command and some explanation for them. * Adds checks to register command and some cleanup Some general cleanup and fixes of todo's. Also implemented the required checks and used data from the environment variables. This command implements what showcased in issue message: TFNS#301 (comment) * Add role sync after `/register` command With a setTimeout we can run code after the request lifecycle. This is ugly, but it works. See also the comment in the code about this. Solves the problem for TFNS#301 (comment) * Refactor AllowedRoles to enum of strings * Rename variables and change signature of functions Variable renaming for consistency. The `getInvitationUrl` should return null in case of error instead of an empty string in order clarify error state. * Move the registerWithToken role sync to the after mutation hook It makes more sense to have it there. It was by accident placed in the before hook previously. * Improve Discord messages text * Add strict 'true' check for Discord registration * Small text improvements * Improve `/register` output even more * Add comments to sql migration file * Rename registration logic function to match command name * format fix * Autofocus username field on login and registration This makes it possible to have a login / registration flow easily by only keyboard. * Fix missing environment variables for Discord registration These were missing in the docker-compose.yml file. Without these it is not possible to configure the options for the `/register` command. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: markfijneman <[email protected]> Co-authored-by: JJ-8 <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Peace-Maker <[email protected]> Co-authored-by: Alexandre Iooss <[email protected]> Co-authored-by: Daan Breur <[email protected]> Co-authored-by: Daan Breur <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements #300