m0rph3us1987/hipctf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Prevented admin challenge solves from creating score records

Browse Source 
- Added operator solves list to the Admin panel profile
- Allowed deletion of specific operator solves from the Admin panel
- Enhanced operator solves list with alphabetical sorting, difficulty colors, and point values
- Added rank medal icons to operator solves in the Admin panel
This commit is contained in:
m0rph3us1987
2026-03-07 02:18:47 +01:00
parent e04547301b
commit 800192c87f
6 changed files with 117 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
changelog.txt Normal file
View File

@@ -0,0 +1,37 @@
2026-03-07
- Prevented admin challenge solves from creating score records
- Added operator solves list to the Admin panel profile
- Allowed deletion of specific operator solves from the Admin panel
- Enhanced operator solves list with alphabetical sorting, difficulty colors, and point values
- Added rank medal icons to operator solves in the Admin panel
2026-02-28
- Removed the UTC time display from the countdown, leaving only the CET time
- Added logic to display the event start time in Central European Time (CET) on the Challenges list page
- Replaced mock authentication tokens with secure JWT-like signed tokens
- Added robust error handling and type checking for password hashing and validation functions
- Implemented logic to disable the default admin account (admin-0) once another admin is created
- Applied a database schema whitelist to prevent SQL injection during database restores
- Filtered out admin and disabled teams from the public scoreboard state for non-admin users
- Added strict /admin middleware to protect administrative API endpoints by verifying user permissions
- Updated page title to HIP7CTF in index.html
- Enhanced the state endpoint to completely hide challenges if the current time is before the configured event start time
2026-02-22
- Modified the /state endpoint to return an empty challenges list if the event has not started and the user is not an admin
2026-02-05
- Included authorization headers in the frontend getState API requests
- Added security check in the /state endpoint to filter out the flag from challenge data for non-admin users
- Added a dbGet utility function to the server
2026-01-21
- Removed the README.md file
- Added a fix-permissions service to docker-compose.yml to automatically set correct ownership for data and uploads directories
- Modularized the frontend by splitting the monolithic App.tsx into dedicated components (Admin.tsx, Auth.tsx, Blog.tsx, CTFContext.tsx, Challenges.tsx, Home.tsx, Scoreboard.tsx, UIComponents.tsx)
- Restructured API, server, and scoring logic to fit the new modular frontend architecture
- Re-added README.md file temporarily
2026-01-07
- Removed the README.md file
- Initial project setup including React frontend, Express backend, Docker configuration, and baseline scoring services