cyberhub-pracenv 1.0.0

package/src/store.js

@@ -0,0 +1,337 @@
+'use strict';
+
+// Persistence layer for cyberhub-pracenv.
+//
+// Everything lives under a per-user data directory in the home folder so the
+// platform works the same no matter which directory it was launched from:
+//
+//   ~/.cyberhub-pracenv/
+//     config.json                 admin password hash + settings
+//     profile.json                the single local user profile
+//     challenges/<id>.yml         challenge definitions
+//     files/<id>/<filename>       files attached to a challenge
+//
+// Bundled sample challenges shipped in the package (data/challenges) are copied
+// into the user directory on first run so there is something to play with.
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const yaml = require('js-yaml');
+const auth = require('./auth');
+
+const DATA_DIR = path.join(os.homedir(), '.cyberhub-pracenv');
+const CHALLENGES_DIR = path.join(DATA_DIR, 'challenges');
+const FILES_DIR = path.join(DATA_DIR, 'files');
+const CONFIG_PATH = path.join(DATA_DIR, 'config.json');
+const PROFILE_PATH = path.join(DATA_DIR, 'profile.json');
+
+// Bundled seed data shipped with the package.
+const SEED_DIR = path.join(__dirname, '..', 'data', 'challenges');
+const SEED_FILES_DIR = path.join(SEED_DIR, 'files');
+
+const DEFAULT_ADMIN_PASSWORD = 'admin';
+
+function ensureDir(dir) {
+  fs.mkdirSync(dir, { recursive: true });
+}
+
+function readJson(file, fallback) {
+  try {
+    return JSON.parse(fs.readFileSync(file, 'utf8'));
+  } catch (_err) {
+    return fallback;
+  }
+}
+
+function writeJson(file, data) {
+  fs.writeFileSync(file, JSON.stringify(data, null, 2) + '\n', 'utf8');
+}
+
+function copyRecursive(src, dest) {
+  if (!fs.existsSync(src)) return;
+  const stat = fs.statSync(src);
+  if (stat.isDirectory()) {
+    ensureDir(dest);
+    for (const entry of fs.readdirSync(src)) {
+      copyRecursive(path.join(src, entry), path.join(dest, entry));
+    }
+  } else {
+    ensureDir(path.dirname(dest));
+    fs.copyFileSync(src, dest);
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Initialisation / seeding
+// ---------------------------------------------------------------------------
+
+function init() {
+  ensureDir(DATA_DIR);
+  ensureDir(CHALLENGES_DIR);
+  ensureDir(FILES_DIR);
+
+  if (!fs.existsSync(CONFIG_PATH)) {
+    const { hash, salt } = auth.hashPassword(DEFAULT_ADMIN_PASSWORD);
+    writeJson(CONFIG_PATH, {
+      adminPasswordHash: hash,
+      adminPasswordSalt: salt,
+      createdAt: new Date().toISOString(),
+    });
+  }
+
+  if (!fs.existsSync(PROFILE_PATH)) {
+    writeJson(PROFILE_PATH, {
+      name: os.userInfo().username || 'operative',
+      points: 0,
+      solved: [],
+      attempts: 0,
+      createdAt: new Date().toISOString(),
+    });
+  }
+
+  // Seed sample challenges + their files only when the user has none yet.
+  if (listChallengeIds().length === 0) {
+    if (fs.existsSync(SEED_DIR)) {
+      for (const entry of fs.readdirSync(SEED_DIR)) {
+        if (entry.endsWith('.yml') || entry.endsWith('.yaml')) {
+          fs.copyFileSync(path.join(SEED_DIR, entry), path.join(CHALLENGES_DIR, entry));
+        }
+      }
+    }
+    if (fs.existsSync(SEED_FILES_DIR)) {
+      copyRecursive(SEED_FILES_DIR, FILES_DIR);
+    }
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Config + admin password
+// ---------------------------------------------------------------------------
+
+function getConfig() {
+  return readJson(CONFIG_PATH, {});
+}
+
+function verifyAdminPassword(password) {
+  const cfg = getConfig();
+  if (!cfg.adminPasswordHash || !cfg.adminPasswordSalt) return false;
+  return auth.verifyPassword(password, cfg.adminPasswordHash, cfg.adminPasswordSalt);
+}
+
+function setAdminPassword(password) {
+  const cfg = getConfig();
+  const { hash, salt } = auth.hashPassword(password);
+  cfg.adminPasswordHash = hash;
+  cfg.adminPasswordSalt = salt;
+  writeJson(CONFIG_PATH, cfg);
+}
+
+// ---------------------------------------------------------------------------
+// Profile
+// ---------------------------------------------------------------------------
+
+function getProfile() {
+  return readJson(PROFILE_PATH, {
+    name: 'operative',
+    points: 0,
+    solved: [],
+    attempts: 0,
+    createdAt: new Date().toISOString(),
+  });
+}
+
+function saveProfile(profile) {
+  writeJson(PROFILE_PATH, profile);
+}
+
+// Record a flag attempt. Returns one of: 'solved', 'already', 'wrong', 'notfound'.
+function attemptFlag(id, flag) {
+  const challenge = getChallenge(id);
+  if (!challenge) return { result: 'notfound' };
+
+  const profile = getProfile();
+  profile.attempts = (profile.attempts || 0) + 1;
+
+  if (profile.solved.includes(id)) {
+    saveProfile(profile);
+    return { result: 'already', challenge };
+  }
+
+  const submitted = String(flag).trim();
+  const expected = String(challenge.flag == null ? '' : challenge.flag).trim();
+  if (submitted.length > 0 && submitted === expected) {
+    profile.solved.push(id);
+    profile.points = (profile.points || 0) + (Number(challenge.points) || 0);
+    saveProfile(profile);
+    return { result: 'solved', challenge };
+  }
+
+  saveProfile(profile);
+  return { result: 'wrong', challenge };
+}
+
+// ---------------------------------------------------------------------------
+// Challenges
+// ---------------------------------------------------------------------------
+
+function challengePath(id) {
+  return path.join(CHALLENGES_DIR, `${id}.yml`);
+}
+
+function listChallengeIds() {
+  if (!fs.existsSync(CHALLENGES_DIR)) return [];
+  return fs
+    .readdirSync(CHALLENGES_DIR)
+    .filter((f) => f.endsWith('.yml') || f.endsWith('.yaml'))
+    .map((f) => f.replace(/\.ya?ml$/, ''));
+}
+
+function listChallenges() {
+  return listChallengeIds()
+    .map((id) => getChallenge(id))
+    .filter(Boolean)
+    .sort((a, b) => String(a.id).localeCompare(String(b.id)));
+}
+
+function getChallenge(id) {
+  const file = challengePath(id);
+  if (!fs.existsSync(file)) {
+    // Allow .yaml extension as well.
+    const alt = path.join(CHALLENGES_DIR, `${id}.yaml`);
+    if (!fs.existsSync(alt)) return null;
+    return loadChallengeFile(alt, id);
+  }
+  return loadChallengeFile(file, id);
+}
+
+function loadChallengeFile(file, id) {
+  try {
+    const doc = yaml.load(fs.readFileSync(file, 'utf8')) || {};
+    doc.id = doc.id || id;
+    if (!Array.isArray(doc.files)) doc.files = [];
+    return doc;
+  } catch (_err) {
+    return null;
+  }
+}
+
+function challengeExists(id) {
+  return getChallenge(id) !== null;
+}
+
+// Create a brand-new challenge from a plain object. Throws if id already exists.
+function createChallenge(challenge) {
+  const id = String(challenge.id || '').trim();
+  if (!id) throw new Error('Challenge id is required.');
+  if (challengeExists(id)) throw new Error(`Challenge "${id}" already exists.`);
+  saveChallenge(challenge);
+  return id;
+}
+
+function saveChallenge(challenge) {
+  ensureDir(CHALLENGES_DIR);
+  const id = String(challenge.id).trim();
+  const doc = {
+    id,
+    title: challenge.title || id,
+    category: challenge.category || 'misc',
+    difficulty: challenge.difficulty || 'easy',
+    points: Number(challenge.points) || 0,
+    description: challenge.description || '',
+    flag: challenge.flag || '',
+    files: Array.isArray(challenge.files) ? challenge.files : [],
+  };
+  fs.writeFileSync(challengePath(id), yaml.dump(doc, { lineWidth: 100 }), 'utf8');
+}
+
+function deleteChallenge(id) {
+  const file = challengePath(id);
+  const alt = path.join(CHALLENGES_DIR, `${id}.yaml`);
+  let removed = false;
+  for (const f of [file, alt]) {
+    if (fs.existsSync(f)) {
+      fs.unlinkSync(f);
+      removed = true;
+    }
+  }
+  const dir = path.join(FILES_DIR, id);
+  if (fs.existsSync(dir)) {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+  return removed;
+}
+
+// ---------------------------------------------------------------------------
+// Files attached to challenges
+// ---------------------------------------------------------------------------
+
+function challengeFileDir(id) {
+  return path.join(FILES_DIR, id);
+}
+
+function challengeFilePath(id, name) {
+  return path.join(challengeFileDir(id), path.basename(name));
+}
+
+function hasChallengeFile(id, name) {
+  return fs.existsSync(challengeFilePath(id, name));
+}
+
+function readChallengeFile(id, name) {
+  return fs.readFileSync(challengeFilePath(id, name), 'utf8');
+}
+
+// Attach a file from an arbitrary path on disk to an existing challenge.
+// Copies the file into the data dir and records its name in the challenge yml.
+function attachFile(id, sourcePath) {
+  const challenge = getChallenge(id);
+  if (!challenge) throw new Error(`Challenge "${id}" does not exist.`);
+  if (!fs.existsSync(sourcePath)) throw new Error(`File not found: ${sourcePath}`);
+  if (fs.statSync(sourcePath).isDirectory()) {
+    throw new Error(`"${sourcePath}" is a directory, not a file.`);
+  }
+
+  const name = path.basename(sourcePath);
+  ensureDir(challengeFileDir(id));
+  fs.copyFileSync(sourcePath, challengeFilePath(id, name));
+
+  if (!challenge.files.includes(name)) {
+    challenge.files.push(name);
+    saveChallenge(challenge);
+  }
+  return name;
+}
+
+// Copy an attached file out to a destination directory (used by the `get` command).
+function exportFile(id, name, destDir) {
+  const src = challengeFilePath(id, name);
+  if (!fs.existsSync(src)) throw new Error(`No such file "${name}" on challenge "${id}".`);
+  ensureDir(destDir);
+  const dest = path.join(destDir, path.basename(name));
+  fs.copyFileSync(src, dest);
+  return dest;
+}
+
+module.exports = {
+  DATA_DIR,
+  DEFAULT_ADMIN_PASSWORD,
+  init,
+  getConfig,
+  verifyAdminPassword,
+  setAdminPassword,
+  getProfile,
+  saveProfile,
+  attemptFlag,
+  listChallengeIds,
+  listChallenges,
+  getChallenge,
+  challengeExists,
+  createChallenge,
+  saveChallenge,
+  deleteChallenge,
+  hasChallengeFile,
+  readChallengeFile,
+  attachFile,
+  exportFile,
+};

package/src/ui.js

@@ -0,0 +1,97 @@
+'use strict';
+
+// Presentation helpers: the welcome banner, colour styling, simple table
+// rendering, and prompt helpers (including a masked password prompt) that all
+// share the single readline interface owned by the REPL.
+
+const chalk = require('chalk');
+
+const c = {
+  title: chalk.cyanBright.bold,
+  accent: chalk.cyan,
+  ok: chalk.greenBright,
+  warn: chalk.yellow,
+  err: chalk.redBright,
+  dim: chalk.gray,
+  bold: chalk.bold,
+  flag: chalk.magentaBright,
+};
+
+const BANNER = [
+  '',
+  c.accent('   ____      _               _   _       _     '),
+  c.accent('  / ___|   _| |__   ___ _ __| | | |_   _| |__  '),
+  c.accent(" | |  | | | | '_ \\ / _ \\ '__| |_| | | | | '_ \\ "),
+  c.accent(' | |__| |_| | |_) |  __/ |  |  _  | |_| | |_) |'),
+  c.accent('  \\____\\__, |_.__/ \\___|_|  |_| |_|\\__,_|_.__/ '),
+  c.accent('      |___/   ') + c.dim('practice environment'),
+  '',
+  c.title('        CyberHub Practice Environment'),
+  c.dim('   A beginner-friendly, terminal-based CTF trainer'),
+  c.dim('            in the ICOA terminal style'),
+  '',
+].join('\n');
+
+function welcomeScreen() {
+  return [
+    BANNER,
+    c.dim('  ──────────────────────────────────────────────'),
+    '  ' + c.bold('Welcome, operative.'),
+    '',
+    '  This is a self-contained practice range. Solve challenges,',
+    '  submit flags, and track your progress — all from this terminal.',
+    '',
+    '  ' + c.accent('Press ENTER to begin') + c.dim('  (Ctrl+C to quit)'),
+    '',
+  ].join('\n');
+}
+
+// Render an array of row objects as an aligned text table.
+// columns: [{ key, label, color? }]
+function table(rows, columns) {
+  const widths = columns.map((col) => {
+    const headerLen = String(col.label).length;
+    const cellLen = rows.reduce(
+      (max, row) => Math.max(max, String(row[col.key] == null ? '' : row[col.key]).length),
+      0
+    );
+    return Math.max(headerLen, cellLen);
+  });
+
+  const pad = (str, width) => {
+    const s = String(str == null ? '' : str);
+    return s + ' '.repeat(Math.max(0, width - s.length));
+  };
+
+  const header = columns
+    .map((col, i) => c.bold(pad(col.label, widths[i])))
+    .join('  ');
+  const sep = c.dim(widths.map((w) => '─'.repeat(w)).join('  '));
+
+  const body = rows.map((row) =>
+    columns
+      .map((col, i) => {
+        const text = pad(row[col.key], widths[i]);
+        return col.color ? col.color(text) : text;
+      })
+      .join('  ')
+  );
+
+  return [header, sep, ...body].join('\n');
+}
+
+function rankFor(points) {
+  if (points >= 1000) return 'Elite';
+  if (points >= 600) return 'Operator';
+  if (points >= 300) return 'Pentester';
+  if (points >= 100) return 'Script Kiddie';
+  return 'Recruit';
+}
+
+module.exports = {
+  c,
+  BANNER,
+  welcomeScreen,
+  table,
+  rankFor,
+};