Infinity ∞ is a puzzle hunt server written for inteGIRLS. It can also be used as a lightweight alternative to CTF platforms like CTFd.
Please contact tech@integirls.org before reusing this software for a large competition. We may be able to help.
These are the technologies and libraries used to make Infinity possible. If you are willing to contribute to this project, it's suggested that you have a basic understanding of most of the tools used.
Languages Used: JavaScript used with Node.js for most of the logic, HTML + Sass/Scss to build and style the pages, and pgSQL to work around the database.
Front-End Rendering: Handlebars.js for templating, and Bulma for easy flexbox & responsiveness.
Back-End Serving: Express.js for routing, and Passport.js as local authentication middleware,.
Storage: PostgreSQL as main database interfaced with node-postgres, Redis for key-value persistent storage, and Airtable API for static content storage (puzzles). Some data is cached directly in memory to preserve database I/O.
This is not a "perfect" solution, but Infinity is designed with ease of deployment and management in mind. I wanted it to become a platform that everyone, whether you are technical or not, can deploy within minutes to start hosting their own puzzle hunt competition.
- Clone this repo.
- Create
.env
with the following configurations:DATABASE_URL
: The PostgreSQL connection URI.REDIS_URL
: The REDIS server connection URI.RECAPTCHA_SITEKEY
+RECAPTCHA_SECRETKEY
: Google reCAPTCHA setup.PORT
: The port the application should run on. Default3000
.AIRTABLE_KEY
: API Key from Airtable.AIRTABLE_BASE
: Base ID from Airtable, where the problems and solutions are stored.BUGSNAG_KEY
: Bugsnag key to collect error data.
- Start the initialized PostgreSQL server
service postgresql start
.- Run the database initialization script located at
sql/db_init.sql
.
- Run the database initialization script located at
- Start application with
yarn start
.
Note: If hosting a test database on Heroku, Heroku's security policies require that you use SSL to connect to the database. Use a service like ngrok to proxy through.
This system is not 100% resource efficient, which means in production (especially during live competitions), it depends on automatic scaling of the deployment platforms to stay up. It is suggested that this server should be deployed on Google App Engine for production.
A few deployment tips, courtesy of the Puzzle Potluck team:
- Deploy the PostgreSQL server separately using a Cloud SQL instance.
- Be aware of the connection limits of the deployed instance. When scaling up the instance group for the verification server, be sure to set the maximum number of instances allowed to be below the database connection limits, or else the instance group could be thrown into an error loop.
When developing, be sure to reduce the amount of unnecessary database i/o to improve efficiency of the system.
Bug reporting is always welcome!
For issues that are not security-related (does not impact data integrity, competition fairness, etc.), please simply create an issue in the GitHub Repository.
For security-related issues, please directly contact tech@integirls.org. Please be aware that any attempt to gain an unfair advantage during a live competition may disqualify you from the event at the organizer's discretion. If you accidentally discovered a security flaw during a competition and would like to retrace it, please follow the deployment guide to create a local instance instead of testing it in production.
Do not attempt to access an account you didn't create, data related to people other than yourself, or teams that you do not belong in. Do not perform any attack that could harm the integrity of our data. Don't perform any attack which could interfere with others' use of the platform. Do not publicly disclose a security-related bug before it has been patched.
Special thanks to Puzzle Potluck's @jeevnayak for providing guidiance on designing this platform.
Copyright (c) 2020 Mingjie Jiang (@itsmingjie). Commissioned by inteGIRLS, a 501(c)(3) non-profit organization and released under MIT License. See LICENSE for details.
In addition to the MIT Licensed distribution, we ask that you credit [inteGIRLS] and link to this repository when reusing/redistributing this software. If you are interested in supporting the organization, please contact info@integirls.org.