Fixed some things

server.js

@@ -202,7 +202,7 @@ apiRouter.get('/state', async (req, res) => {
     state.isStarted = state.config.isStarted === 'true';
     db.all("SELECT id, name, isAdmin, isDisabled FROM teams", (err, teams) => {
       if (err) return res.status(500).json({ error: 'Failed to fetch teams' });
-      state.teams = teams || [];
+      state.teams = teamId ? (teams || []) : [];
       db.all("SELECT * FROM challenges", (err, challenges) => {
         if (err) return res.status(500).json({ error: 'Failed to fetch challenges' });
         db.all("SELECT * FROM solves", (err, solves) => {
@@ -211,18 +211,22 @@ apiRouter.get('/state', async (req, res) => {
             if (err) return res.status(500).json({ error: 'Failed to fetch blogs' });
             state.solves = solves || [];
             state.blogs = blogs || [];
-            state.challenges = (challenges || []).map(c => {
+            if (!teamId || (!isAdmin && !state.isStarted)) {
-              const enriched = {
+              state.challenges = [];
-                ...c,
+            } else {
-                files: JSON.parse(c.files || '[]'),
+              state.challenges = (challenges || []).map(c => {
-                solves: state.solves.filter(s => s.challengeId === c.id).map(s => s.teamId)
+                const enriched = {
-              };
+                  ...c,
-              // CRITICAL SECURITY FIX: Hide flag if not admin
+                  files: JSON.parse(c.files || '[]'),
-              if (!isAdmin) {
+                  solves: state.solves.filter(s => s.challengeId === c.id).map(s => s.teamId)
-                delete enriched.flag;
+                };
-              }
+                // CRITICAL SECURITY FIX: Hide flag if not admin
-              return enriched;
+                if (!isAdmin) {
-            });
+                  delete enriched.flag;
+                }
+                return enriched;
+              });
+            }
             res.json(state);
           });
         });