mirror of
https://github.com/aljazceru/CTFd.git
synced 2025-12-17 05:54:19 +01:00
b8d0f80d01
2.2.0 / 2019-12-22
==================
## Notice
2.2.0 focuses on updating the front end of CTFd to use more modern programming practices and changes some aspects of core CTFd design. If your current installation is using a custom theme or custom plugin with ***any*** kind of JavaScript, it is likely that you will need to upgrade that theme/plugin to be useable with v2.2.0.
**General**
* Team size limits can now be enforced from the configuration panel
* Access tokens functionality for API usage
* Admins can now choose how to deliver their notifications
* Toast (new default)
* Alert
* Background
* Sound On / Sound Off
* There is now a notification counter showing how many unread notifications were received
* Setup has been redesigned to have multiple steps
* Added Description
* Added Start time and End time,
* Added MajorLeagueCyber integration
* Added Theme and color selection
* Fixes issue where updating dynamic challenges could change the value to an incorrect value
* Properly use a less restrictive regex to validate email addresses
* Bump Python dependencies to latest working versions
* Admins can now give awards to team members from the team's admin panel page
**API**
* Team member removals (`DELETE /api/v1/teams/[team_id]/members`) from the admin panel will now delete the removed members's Submissions, Awards, Unlocks
**Admin Panel**
* Admins can now user a color input box to specify a theme color which is injected as part of the CSS configuration. Theme developers can use this CSS value to change colors and styles accordingly.
* Challenge updates will now alert you if the challenge doesn't have a flag
* Challenge entry now allows you to upload files and enter simple flags from the initial challenge creation page
**Themes**
* Significant JavaScript and CSS rewrite to use ES6, Webpack, yarn, and babel
* Theme asset specially generated URLs
* Static theme assets are now loaded with either .dev.extension or .min.extension depending on production or development (i.e. debug server)
* Static theme assets are also given a `d` GET parameter that changes per server start. Used to bust browser caches.
* Use `defer` for script tags to not block page rendering
* Only show the MajorLeagueCyber button if configured in configuration
* The admin panel now links to https://help.ctfd.io/ in the top right
* Create an `ezToast()` function to use [Bootstrap's toasts](https://getbootstrap.com/docs/4.3/components/toasts/)
* The user-facing navbar now features icons
* Awards shown on a user's profile can now have award icons
* The default MarkdownIt render created by CTFd will now open links in new tabs
* Country flags can now be shown on the user pages
**Deployment**
* Switch `Dockerfile` from `python:2.7-alpine` to `python:3.7-alpine`
* Add `SERVER_SENT_EVENTS` config value to control whether Notifications are enabled
* Challenge ID is now recorded in the submission log
**Plugins**
* Add an endpoint parameter to `register_plugin_assets_directory()` and `register_plugin_asset()` to control what endpoint Flask uses for the added route
**Miscellaneous**
* `CTFd.utils.email.sendmail()` now allows the caller to specify subject as an argument
* The subject allows for injecting custom variable via the new `CTFd.utils.formatters.safe_format()` function
* Admin user information is now error checked during setup
* Added yarn to the toolchain and the yarn dev, yarn build, yarn verify, and yarn clean scripts
* Prevent old CTFd imports from being imported
151 lines
4.4 KiB
ReStructuredText
151 lines
4.4 KiB
ReStructuredText
Configuration
|
|
=============
|
|
|
|
CTFd provides a number of configuration options which are used to configure server behavior. CTFd makes a distinction between configuration values which can be configured only with server-level access and values which can be configured by those with administrative priveleges on CTFd.
|
|
|
|
Server Level Configuration
|
|
--------------------------
|
|
Server level configuration can be modified from the ``config.py`` file in CTFd.
|
|
|
|
SECRET_KEY
|
|
~~~~~~~~~~
|
|
The secret value used to creation sessions and sign strings. This should be set to a random string. In the
|
|
interest of ease, CTFd will automatically create a secret key file for you. If you wish to add this secret key
|
|
to your instance you should hard code this value to a random static value.
|
|
|
|
You can also remove .ctfd_secret_key from the .gitignore file and commit this file into whatever repository
|
|
you are using.
|
|
|
|
http://flask.pocoo.org/docs/latest/quickstart/#sessions
|
|
|
|
|
|
DATABASE_URL
|
|
~~~~~~~~~~~~
|
|
The URI that specifies the username, password, hostname, port, and database of the server
|
|
used to hold the CTFd database.
|
|
|
|
e.g. ``mysql+pymysql://root:<YOUR_PASSWORD_HERE>@localhost/ctfd``
|
|
|
|
REDIS_URL
|
|
~~~~~~~~~
|
|
The URI to connect to a Redis server.
|
|
|
|
e.g. ``redis://user:password@localhost:6379``
|
|
|
|
http://pythonhosted.org/Flask-Caching/#configuring-flask-caching
|
|
|
|
|
|
MAILFROM_ADDR
|
|
~~~~~~~~~~~~~
|
|
The email address that emails are sent from if not overridden in the configuration panel.
|
|
|
|
MAIL_SERVER
|
|
~~~~~~~~~~~
|
|
The mail server that emails are sent from if not overriden in the configuration panel.
|
|
|
|
MAIL_PORT
|
|
~~~~~~~~~
|
|
The mail port that emails are sent from if not overriden in the configuration panel.
|
|
|
|
MAIL_USEAUTH
|
|
~~~~~~~~~~~~
|
|
Whether or not to use username and password to authenticate to the SMTP server
|
|
|
|
MAIL_USERNAME
|
|
~~~~~~~~~~~~~
|
|
The username used to authenticate to the SMTP server if MAIL_USEAUTH is defined
|
|
|
|
MAIL_PASSWORD
|
|
~~~~~~~~~~~~~
|
|
The password used to authenticate to the SMTP server if MAIL_USEAUTH is defined
|
|
|
|
MAIL_TLS
|
|
~~~~~~~~
|
|
Whether to connect to the SMTP server over TLS
|
|
|
|
MAIL_SSL
|
|
~~~~~~~~
|
|
Whether to connect to the SMTP server over SSL
|
|
|
|
MAILGUN_API_KEY
|
|
~~~~~~~~~~~~~~~
|
|
Mailgun API key to send email over Mailgun
|
|
|
|
MAILGUN_BASE_URL
|
|
~~~~~~~~~~~~~~~~
|
|
Mailgun base url to send email over Mailgun
|
|
|
|
LOG_FOLDER
|
|
~~~~~~~~~~
|
|
The location where logs are written. These are the logs for CTFd key submissions, registrations, and logins.
|
|
The default location is the CTFd/logs folder.
|
|
|
|
UPLOAD_PROVIDER
|
|
~~~~~~~~~~~~~~~
|
|
Specifies the service that CTFd should use to store files.
|
|
|
|
UPLOAD_FOLDER
|
|
~~~~~~~~~~~~~
|
|
The location where files are uploaded. The default destination is the CTFd/uploads folder.
|
|
|
|
AWS_ACCESS_KEY_ID
|
|
~~~~~~~~~~~~~~~~~
|
|
AWS access token used to authenticate to the S3 bucket.
|
|
|
|
AWS_SECRET_ACCESS_KEY
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
AWS secret token used to authenticate to the S3 bucket.
|
|
|
|
AWS_S3_BUCKET
|
|
~~~~~~~~~~~~~
|
|
The unique identifier for your S3 bucket.
|
|
|
|
AWS_S3_ENDPOINT_URL
|
|
~~~~~~~~~~~~~~~~~~~
|
|
A URL pointing to a custom S3 implementation.
|
|
|
|
|
|
REVERSE_PROXY
|
|
~~~~~~~~~~~~~
|
|
Specifies whether CTFd is behind a reverse proxy or not. Set to ``True`` if using a reverse proxy like nginx.
|
|
|
|
See `Flask documentation <https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/#werkzeug.middleware.proxy_fix.ProxyFix.>`_ for full details.
|
|
|
|
.. Tip::
|
|
You can also specify a comma seperated set of numbers specifying the reverse proxy configuration settings. For example to configure `x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1` specify `1,1,1,1,1`. By setting the value to ``True``, CTFd will default to the above behavior with all proxy settings set to 1.
|
|
|
|
TEMPLATES_AUTO_RELOAD
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
Specifies whether Flask should check for modifications to templates and reload them automatically.
|
|
|
|
SQLALCHEMY_TRACK_MODIFICATIONS
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Automatically disabled to suppress warnings and save memory. You should only enable this if you need it.
|
|
|
|
SWAGGER_UI
|
|
~~~~~~~~~~
|
|
Enable the Swagger UI endpoint at ``/api/v1/``
|
|
|
|
UPDATE_CHECK
|
|
~~~~~~~~~~~~
|
|
Specifies whether or not CTFd will check whether or not there is a new version of CTFd
|
|
|
|
APPLICATION_ROOT
|
|
~~~~~~~~~~~~~~~~
|
|
Specifies what path CTFd is mounted under. It can be used to run CTFd in a subdirectory.
|
|
Example: /ctfd
|
|
|
|
SERVER_SENT_EVENTS
|
|
~~~~~~~~~~~~~~~~~~
|
|
Specifies whether or not to enable to server-sent events based Notifications system.
|
|
|
|
OAUTH_CLIENT_ID
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
OAUTH_CLIENT_SECRET
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
Application Level Configuration
|
|
------------------------------- |