cyberhub-pracenv 1.0.0

package/src/commands.js

@@ -0,0 +1,442 @@
+'use strict';
+
+// Command handlers for the in-platform shell. Each handler receives a context:
+//   ctx = { rl, out, cwd, requestExit() }
+// and the parsed argument array. Handlers may be async (the upload wizard etc.).
+//
+// The command table at the bottom drives both dispatch and the `help` listing.
+
+const path = require('path');
+const store = require('./store');
+const auth = require('./auth');
+const ui = require('./ui');
+const { c } = ui;
+
+function print(ctx, ...lines) {
+  ctx.out(lines.join('\n'));
+}
+
+function requireAdmin(ctx) {
+  if (!auth.isAdmin()) {
+    print(ctx, c.err('Permission denied: this command is admin-only.'));
+    print(ctx, c.dim('Run `admin` and enter the admin password first.'));
+    return false;
+  }
+  return true;
+}
+
+// ---------------------------------------------------------------------------
+// User commands
+// ---------------------------------------------------------------------------
+
+function cmdHelp(ctx) {
+  const userCmds = [
+    ['challenges (ls)', 'List all available challenges'],
+    ['open <id>', 'Show a challenge: prompt, points, attached files'],
+    ['files <id>', 'List the files attached to a challenge'],
+    ['cat <id> <file>', 'Print the contents of an attached file'],
+    ['get <id> <file>', 'Copy an attached file into your launch directory'],
+    ['submit <id> <flag>', 'Submit a flag to solve a challenge'],
+    ['stats (whoami)', 'Show your full user breakdown'],
+    ['admin', 'Unlock admin mode (requires the admin password)'],
+    ['clear', 'Clear the screen'],
+    ['help', 'Show this help'],
+    ['exit (quit)', 'Leave the platform'],
+  ];
+  const adminCmds = [
+    ['upload', 'Launch the challenge upload wizard (writes a .yml)'],
+    ['addfile <id> <path>', 'Attach a file from disk to an existing challenge'],
+    ['rmchallenge <id>', 'Delete a challenge and its files'],
+    ['passwd', 'Change the admin password'],
+    ['logout', 'Leave admin mode'],
+  ];
+
+  print(ctx, c.title('Available commands'));
+  print(ctx, ui.table(userCmds.map(([name, desc]) => ({ name, desc })), [
+    { key: 'name', label: 'Command', color: c.accent },
+    { key: 'desc', label: 'Description' },
+  ]));
+
+  if (auth.isAdmin()) {
+    print(ctx, '', c.title('Admin commands'));
+    print(ctx, ui.table(adminCmds.map(([name, desc]) => ({ name, desc })), [
+      { key: 'name', label: 'Command', color: c.flag },
+      { key: 'desc', label: 'Description' },
+    ]));
+  }
+}
+
+function cmdChallenges(ctx) {
+  const profile = store.getProfile();
+  const challenges = store.listChallenges();
+  if (challenges.length === 0) {
+    print(ctx, c.warn('No challenges available yet.'));
+    return;
+  }
+  const rows = challenges.map((ch) => ({
+    solved: profile.solved.includes(ch.id) ? '✔' : ' ',
+    id: ch.id,
+    title: ch.title,
+    category: ch.category,
+    difficulty: ch.difficulty,
+    points: ch.points,
+    files: (ch.files || []).length,
+  }));
+  print(ctx, c.title('Challenges'));
+  print(ctx, ui.table(rows, [
+    { key: 'solved', label: '✔', color: c.ok },
+    { key: 'id', label: 'ID', color: c.accent },
+    { key: 'title', label: 'Title' },
+    { key: 'category', label: 'Category' },
+    { key: 'difficulty', label: 'Difficulty' },
+    { key: 'points', label: 'Pts' },
+    { key: 'files', label: 'Files' },
+  ]));
+  print(ctx, c.dim('\nUse `open <id>` to view a challenge.'));
+}
+
+function cmdOpen(ctx, args) {
+  const id = args[0];
+  if (!id) {
+    print(ctx, c.err('Usage: open <id>'));
+    return;
+  }
+  const ch = store.getChallenge(id);
+  if (!ch) {
+    print(ctx, c.err(`No challenge with id "${id}".`));
+    return;
+  }
+  const solved = store.getProfile().solved.includes(ch.id);
+  print(ctx, c.title(ch.title) + (solved ? '  ' + c.ok('[SOLVED]') : ''));
+  print(ctx, c.dim(`id: ${ch.id}   category: ${ch.category}   difficulty: ${ch.difficulty}   points: ${ch.points}`));
+  print(ctx, '');
+  print(ctx, String(ch.description || '').trimEnd());
+  print(ctx, '');
+  if ((ch.files || []).length > 0) {
+    print(ctx, c.bold('Attached files:'));
+    for (const f of ch.files) print(ctx, '  - ' + c.accent(f));
+    print(ctx, c.dim('View with `cat ' + ch.id + ' <file>` or download with `get ' + ch.id + ' <file>`.'));
+  } else {
+    print(ctx, c.dim('No files attached.'));
+  }
+  print(ctx, c.dim('\nSubmit your answer with `submit ' + ch.id + ' <flag>`.'));
+}
+
+function cmdFiles(ctx, args) {
+  const id = args[0];
+  if (!id) {
+    print(ctx, c.err('Usage: files <id>'));
+    return;
+  }
+  const ch = store.getChallenge(id);
+  if (!ch) {
+    print(ctx, c.err(`No challenge with id "${id}".`));
+    return;
+  }
+  if ((ch.files || []).length === 0) {
+    print(ctx, c.dim('No files attached to this challenge.'));
+    return;
+  }
+  print(ctx, c.title(`Files for ${ch.id}`));
+  for (const f of ch.files) print(ctx, '  - ' + c.accent(f));
+}
+
+function cmdCat(ctx, args) {
+  const [id, name] = args;
+  if (!id || !name) {
+    print(ctx, c.err('Usage: cat <id> <file>'));
+    return;
+  }
+  if (!store.getChallenge(id)) {
+    print(ctx, c.err(`No challenge with id "${id}".`));
+    return;
+  }
+  if (!store.hasChallengeFile(id, name)) {
+    print(ctx, c.err(`No file "${name}" attached to "${id}".`));
+    return;
+  }
+  print(ctx, c.dim(`----- ${name} -----`));
+  print(ctx, store.readChallengeFile(id, name).replace(/\s*$/, ''));
+  print(ctx, c.dim(`----- end of ${name} -----`));
+}
+
+function cmdGet(ctx, args) {
+  const [id, name] = args;
+  if (!id || !name) {
+    print(ctx, c.err('Usage: get <id> <file>'));
+    return;
+  }
+  try {
+    const dest = store.exportFile(id, name, ctx.cwd);
+    print(ctx, c.ok(`Saved ${name} to ${dest}`));
+  } catch (err) {
+    print(ctx, c.err(err.message));
+  }
+}
+
+function cmdSubmit(ctx, args) {
+  const id = args[0];
+  const flag = args.slice(1).join(' ');
+  if (!id || !flag) {
+    print(ctx, c.err('Usage: submit <id> <flag>'));
+    return;
+  }
+  const { result, challenge } = store.attemptFlag(id, flag);
+  switch (result) {
+    case 'notfound':
+      print(ctx, c.err(`No challenge with id "${id}".`));
+      break;
+    case 'already':
+      print(ctx, c.warn('You have already solved this challenge.'));
+      break;
+    case 'solved':
+      print(ctx, c.ok(`Correct! "${challenge.title}" solved.`) + c.dim(` (+${challenge.points} pts)`));
+      print(ctx, c.dim(`Total points: ${store.getProfile().points}`));
+      break;
+    default:
+      print(ctx, c.err('Incorrect flag. Try again.'));
+  }
+}
+
+function cmdStats(ctx) {
+  const profile = store.getProfile();
+  const challenges = store.listChallenges();
+  const total = challenges.length;
+  const solvedCount = profile.solved.length;
+
+  // Per-category progress.
+  const byCat = {};
+  for (const ch of challenges) {
+    const cat = ch.category || 'misc';
+    byCat[cat] = byCat[cat] || { total: 0, solved: 0 };
+    byCat[cat].total += 1;
+    if (profile.solved.includes(ch.id)) byCat[cat].solved += 1;
+  }
+
+  print(ctx, c.title('User breakdown'));
+  print(ctx, `  ${c.bold('Operative')}    : ${profile.name}`);
+  print(ctx, `  ${c.bold('Rank')}         : ${c.accent(ui.rankFor(profile.points))}`);
+  print(ctx, `  ${c.bold('Points')}       : ${c.ok(profile.points)}`);
+  print(ctx, `  ${c.bold('Solved')}       : ${solvedCount} / ${total}`);
+  print(ctx, `  ${c.bold('Attempts')}     : ${profile.attempts || 0}`);
+  print(ctx, `  ${c.bold('Member since')} : ${new Date(profile.createdAt).toLocaleString()}`);
+  print(ctx, `  ${c.bold('Admin mode')}   : ${auth.isAdmin() ? c.ok('ON') : c.dim('off')}`);
+
+  print(ctx, '', c.bold('  Progress by category:'));
+  const catRows = Object.keys(byCat)
+    .sort()
+    .map((cat) => ({
+      category: cat,
+      progress: `${byCat[cat].solved} / ${byCat[cat].total}`,
+    }));
+  if (catRows.length > 0) {
+    print(ctx, ui.table(catRows, [
+      { key: 'category', label: 'Category', color: c.accent },
+      { key: 'progress', label: 'Solved' },
+    ]));
+  }
+
+  if (solvedCount > 0) {
+    print(ctx, '', c.bold('  Solved challenges:'));
+    for (const id of profile.solved) {
+      const ch = store.getChallenge(id);
+      print(ctx, '    ' + c.ok('✔ ') + c.accent(id) + (ch ? c.dim('  ' + ch.title) : ''));
+    }
+  }
+}
+
+async function cmdAdmin(ctx) {
+  if (auth.isAdmin()) {
+    print(ctx, c.dim('Already in admin mode.'));
+    return;
+  }
+  const password = await ctx.askHidden('Admin password: ');
+  if (store.verifyAdminPassword(password)) {
+    auth.setAdmin(true);
+    print(ctx, c.ok('Admin mode unlocked.') + c.dim(' Type `help` to see admin commands.'));
+  } else {
+    print(ctx, c.err('Incorrect admin password.'));
+  }
+}
+
+function cmdLogout(ctx) {
+  if (!auth.isAdmin()) {
+    print(ctx, c.dim('You are not in admin mode.'));
+    return;
+  }
+  auth.setAdmin(false);
+  print(ctx, c.ok('Left admin mode.'));
+}
+
+// ---------------------------------------------------------------------------
+// Admin commands
+// ---------------------------------------------------------------------------
+
+async function cmdUpload(ctx) {
+  if (!requireAdmin(ctx)) return;
+
+  print(ctx, c.title('Challenge upload wizard'));
+  print(ctx, c.dim('Answer the prompts to create a new challenge .yml. Leave id blank to cancel.\n'));
+
+  const id = (await ctx.ask('Challenge id (e.g. web-201): ')).trim();
+  if (!id) {
+    print(ctx, c.warn('Cancelled.'));
+    return;
+  }
+  if (!/^[a-zA-Z0-9._-]+$/.test(id)) {
+    print(ctx, c.err('Invalid id. Use letters, numbers, dots, dashes or underscores only.'));
+    return;
+  }
+  if (store.challengeExists(id)) {
+    print(ctx, c.err(`Challenge "${id}" already exists.`));
+    return;
+  }
+
+  const title = (await ctx.ask('Title: ')).trim() || id;
+  const category = (await ctx.ask('Category [misc]: ')).trim() || 'misc';
+  const difficulty = (await ctx.ask('Difficulty [easy]: ')).trim() || 'easy';
+  const pointsRaw = (await ctx.ask('Points [100]: ')).trim();
+  const points = Number(pointsRaw) || 100;
+  const flag = (await ctx.ask('Flag (e.g. CHPE{...}): ')).trim();
+
+  print(ctx, c.dim('Description — enter as many lines as you like. Finish with a single "." on its own line.'));
+  const descLines = [];
+  // eslint-disable-next-line no-constant-condition
+  while (true) {
+    const line = await ctx.ask(c.dim('  desc> '));
+    if (line.trim() === '.') break;
+    descLines.push(line);
+  }
+  const description = descLines.join('\n');
+
+  try {
+    store.createChallenge({ id, title, category, difficulty, points, flag, description, files: [] });
+    print(ctx, c.ok(`Created challenge "${id}".`));
+    print(ctx, c.dim(`Attach files with: addfile ${id} <path-to-file>`));
+  } catch (err) {
+    print(ctx, c.err(err.message));
+  }
+}
+
+function cmdAddFile(ctx, args) {
+  if (!requireAdmin(ctx)) return;
+  const id = args[0];
+  const src = args.slice(1).join(' ');
+  if (!id || !src) {
+    print(ctx, c.err('Usage: addfile <id> <path-to-file>'));
+    return;
+  }
+  // Resolve relative paths against the directory the platform was launched from.
+  const resolved = path.isAbsolute(src) ? src : path.resolve(ctx.cwd, src);
+  try {
+    const name = store.attachFile(id, resolved);
+    print(ctx, c.ok(`Attached "${name}" to challenge "${id}".`));
+  } catch (err) {
+    print(ctx, c.err(err.message));
+  }
+}
+
+function cmdRmChallenge(ctx, args) {
+  if (!requireAdmin(ctx)) return;
+  const id = args[0];
+  if (!id) {
+    print(ctx, c.err('Usage: rmchallenge <id>'));
+    return;
+  }
+  if (store.deleteChallenge(id)) {
+    print(ctx, c.ok(`Deleted challenge "${id}".`));
+  } else {
+    print(ctx, c.err(`No challenge with id "${id}".`));
+  }
+}
+
+async function cmdPasswd(ctx) {
+  if (!requireAdmin(ctx)) return;
+  const current = await ctx.askHidden('Current admin password: ');
+  if (!store.verifyAdminPassword(current)) {
+    print(ctx, c.err('Incorrect password.'));
+    return;
+  }
+  const next = await ctx.askHidden('New admin password: ');
+  if (next.length < 4) {
+    print(ctx, c.err('Password must be at least 4 characters.'));
+    return;
+  }
+  const confirm = await ctx.askHidden('Confirm new password: ');
+  if (next !== confirm) {
+    print(ctx, c.err('Passwords do not match.'));
+    return;
+  }
+  store.setAdminPassword(next);
+  print(ctx, c.ok('Admin password updated.'));
+}
+
+function cmdClear(ctx) {
+  // Clear screen + scrollback, then reprint a slim header.
+  ctx.out('\x1b[2J\x1b[3J\x1b[H');
+  print(ctx, c.title('CyberHub Practice Environment') + c.dim('  —  type `help` for commands'));
+}
+
+function cmdExit(ctx) {
+  print(ctx, c.dim('Stay sharp. Goodbye.'));
+  ctx.requestExit();
+}
+
+// ---------------------------------------------------------------------------
+// Command table + dispatch
+// ---------------------------------------------------------------------------
+
+const COMMANDS = {
+  help: cmdHelp,
+  '?': cmdHelp,
+  challenges: cmdChallenges,
+  ls: cmdChallenges,
+  open: cmdOpen,
+  show: cmdOpen,
+  files: cmdFiles,
+  cat: cmdCat,
+  get: cmdGet,
+  download: cmdGet,
+  submit: cmdSubmit,
+  stats: cmdStats,
+  whoami: cmdStats,
+  profile: cmdStats,
+  admin: cmdAdmin,
+  login: cmdAdmin,
+  logout: cmdLogout,
+  upload: cmdUpload,
+  addfile: cmdAddFile,
+  rmchallenge: cmdRmChallenge,
+  passwd: cmdPasswd,
+  clear: cmdClear,
+  cls: cmdClear,
+  exit: cmdExit,
+  quit: cmdExit,
+};
+
+// Parse a raw input line into [command, ...args], respecting "quoted strings".
+function tokenize(line) {
+  const tokens = [];
+  const re = /"([^"]*)"|'([^']*)'|(\S+)/g;
+  let m;
+  while ((m = re.exec(line)) !== null) {
+    tokens.push(m[1] !== undefined ? m[1] : m[2] !== undefined ? m[2] : m[3]);
+  }
+  return tokens;
+}
+
+async function dispatch(line, ctx) {
+  const tokens = tokenize(line.trim());
+  if (tokens.length === 0) return;
+  const name = tokens[0].toLowerCase();
+  const args = tokens.slice(1);
+
+  const handler = COMMANDS[name];
+  if (!handler) {
+    print(ctx, c.err(`Unknown command: ${name}`) + c.dim('  (type `help`)'));
+    return;
+  }
+  await handler(ctx, args);
+}
+
+module.exports = { dispatch, tokenize, COMMANDS };

package/src/input.js

@@ -0,0 +1,59 @@
+'use strict';
+
+// Queue-based line reader over a readline interface.
+//
+// Using rl.question in a loop loses lines when several arrive between questions
+// (which happens whenever input is piped). Instead we listen to the 'line'
+// event continuously and buffer lines, handing them out one at a time. This
+// behaves correctly for both an interactive TTY and piped/scripted input.
+
+function createInput(rl) {
+  const queue = [];
+  const waiters = [];
+  let closed = false;
+
+  rl.on('line', (line) => {
+    const waiter = waiters.shift();
+    if (waiter) waiter(line);
+    else queue.push(line);
+  });
+
+  rl.on('close', () => {
+    closed = true;
+    while (waiters.length) waiters.shift()(null);
+  });
+
+  function nextLine() {
+    if (queue.length) return Promise.resolve(queue.shift());
+    if (closed) return Promise.resolve(null);
+    return new Promise((resolve) => waiters.push(resolve));
+  }
+
+  // Print a prompt, then resolve with the next line ('' on EOF).
+  async function ask(query) {
+    if (query) rl.output.write(query);
+    const line = await nextLine();
+    return line == null ? '' : line;
+  }
+
+  // Like ask, but suppresses echo of typed characters (password entry).
+  async function askHidden(query) {
+    rl.output.write(query);
+    rl.stdoutMuted = true;
+    const line = await nextLine();
+    rl.stdoutMuted = false;
+    rl.output.write('\n');
+    return line == null ? '' : line;
+  }
+
+  return {
+    ask,
+    askHidden,
+    nextLine,
+    get closed() {
+      return closed;
+    },
+  };
+}
+
+module.exports = { createInput };

package/src/repl.js

@@ -0,0 +1,71 @@
+'use strict';
+
+// The in-platform shell. Drives an async prompt loop over the shared queue-based
+// line reader so the same input source feeds both the main loop and sub-prompts
+// (the upload wizard, password entry).
+
+const { dispatch } = require('./commands');
+const auth = require('./auth');
+const ui = require('./ui');
+const { c } = ui;
+
+function promptString() {
+  return auth.isAdmin()
+    ? c.flag('cyberhub') + c.dim('(') + c.err('admin') + c.dim(')> ')
+    : c.accent('cyberhub') + c.dim('> ');
+}
+
+function makeContext(rl, input, cwd) {
+  let exitRequested = false;
+  return {
+    rl,
+    cwd,
+    ask: input.ask,
+    askHidden: input.askHidden,
+    out: (text) => process.stdout.write(text + '\n'),
+    requestExit() {
+      exitRequested = true;
+    },
+    get exitRequested() {
+      return exitRequested;
+    },
+    get inputClosed() {
+      return input.closed;
+    },
+  };
+}
+
+async function startRepl(rl, input, cwd) {
+  const ctx = makeContext(rl, input, cwd);
+
+  ctx.out(c.dim('Type `help` for a list of commands, `exit` to leave.\n'));
+
+  // Ctrl+C: first press hints how to leave, second press exits.
+  let sigintArmed = false;
+  rl.on('SIGINT', () => {
+    if (sigintArmed) {
+      ctx.out('');
+      process.exit(0);
+    }
+    sigintArmed = true;
+    ctx.out('\n' + c.dim('Type `exit` to leave, or press Ctrl+C again to force quit.'));
+    process.stdout.write(promptString());
+    setTimeout(() => {
+      sigintArmed = false;
+    }, 2000);
+  });
+
+  while (!ctx.exitRequested && !ctx.inputClosed) {
+    const line = await ctx.ask(promptString());
+    if (ctx.inputClosed && line === '') break; // EOF with nothing pending
+    try {
+      await dispatch(line, ctx);
+    } catch (err) {
+      ctx.out(c.err('Error: ' + (err && err.message ? err.message : String(err))));
+    }
+  }
+
+  rl.close();
+}
+
+module.exports = { startRepl, promptString };