Users may submit tickets for platform issues. Administrator accounts will be able to view tickets and resolve them like Github issues.

• Import via CLI
  • Load challenges into database
  • Load challenge-related files into filestore
• View challenges list (participants)
  • Solve challenges

Hosted externally for the time being.

• View some overall statistics
  • How many teams, how many challenges
  • Graphs?
• Modify config (start time, end time, etc..)
• Ban teams, manage teams

• Import
  • Import challenges
  • Import users
  • Import teams
  • Import solves
• Export
  • Export users
  • Export teams
  • Export solves

Rust 2018 launches on Dec. 6, so this doesn't matter until then. We should migrate once it does; this might be as simple as cargo fix --edition and fixing a bunch of warnings, though.

• Should be based on team solve times.
• It shouldn't display before competition starts, but once the competition starts, it should go from the beginning of the CTF until the current time.

• user registration
  • oauth with google and github and possibly ctf calendar
  • edit user settings
    • verify/edit email
    • two factor auth
• admin panel
  • manage users
  • manage teams
  • problem editor
    • problem importer from github and other sources maybe file upload?
  • export everything (backup)
• problems list
  • block before/after competition
  • filtering options
• shell server
  • chroot
• programming judge
  • supporting more languages? possibly
• run separate web challenge containers
• manager interface for all containers

If I were you, I'd add rel="noopener noreferrer" to links to external urls so people can't exploit window.opener. Not very serious, but worth doing. Read more

I know, I know. Everybody hates when others tell them they are missing security headers. Is there any reason why the X-XSS-Protection header is not set? There are a few others I'd add too, but these depend on how the site is set up:

• Strict-Transport-Security: Require use of HTTPS
• Content-Security-Policy: Mitigates some XSS attacks
• Public-Key-Pins: Prevents MiTM attacks using rouge X.509 certs if the CA is compromised
• X-Frame-Options: Stops clickjacking attacks
• X-Content-Type-Options: Stops browser from MIME-sniffing

So people can't randomly re-setup the platform.

Thanks for the project,

I am able to install project without any problem, but facing the problem to access the local website from the browsers.

If you have latest deployment documentation, please do share.

Regards,
Sourabh

Perhaps more user-friendly like hackerrank and allow people to save code to browser storage?

Instead of two arguments, we should get a single opaque 512-char-long hex string (i.e. 256 bits) as argv[1], which depends on both the problem and the team ID.

• Team creation
• Inviting someone else to join your team
  • Cancelling that invite
  • Listing your invites
    • Accepting a particular invite
• Public team profile pages
• Leaderboard for the competition

A CTF called OpenCTF has been going on at DEFCON for a long time. Would you please consider renaming your project?

Teams should be allowed to edit member and team information, until their team is finalized. The team captain should be able to decide when to finalize the team, and once finalized, their team cannot be changed anymore.

Problems may not be viewed/solved until teams have been finalized.

Need to be able to change password (on the /settings page) and recover passwords.

Allow teachers to access the classroom page without creating a team

Remaining views:

• Challenge list
• Team invite
• User settings

feel free to comment if anything seems missing

• user registration
  • team creation
    • invite users to teams, request to join teams
  • email verification
  • two-factor auth
  • oauth login with gmail/github/others
• admin panel
  • problem editing panel
    • upload files
    • autogen files
    • programming grader
  • themes
• actual competition
  • block certain pages before competition
  • end competition on time
  • ctftime integration (send scores to ctftime)
  • bonus points
  • problems page
    • sort/filter by category
    • card view as well as list view
• github integration
  • problem import
• manager that's able to launch/drop containers
  • launch containers for challenges (webchal)
  • scale containers as necessary
• a real logging solution.....
• documentation......

• Team profile page
• User profile page
• Setup page

Caused by the page loading before the API call finishes.

Why the build paths are like build: "../server" in docker-compose.yml

Because this isn't an existing path on the host:

$ docker-compose up -d
ERROR: build path /home/noraj/server either does not exist, is not accessible, or is not a valid URL.

How have I to custom this path:

$ cat docker-compose.yml | grep build
    build: "../server"
    build: "../filestore"
    build: "../server"
    build: "nginx"

• Sends an email upon registration.
• Some actions cannot be taken without email verification.

Verification email sends 127.0.0.1:8080/settings/verify?token=here, instead of http://play.weebctf.easyctf.com/settings/verify?token=here

Using threshold and weightmap properties.

There is an option to register with Github. When one tries register with github, there is an error message: Authentication failed. {}

See: https://www.easyctf.com/users/login

Can you provide a detailed installation guide?
With all steps, configuration, etc...

• Ability to register an account
  • Verify email
• Ability to login
  • Forgot password
• Settings page
  • Reset password
• Logout
  • Delete account?