From 0d0fa0c508e0dd88be497e1aa1e292ffd0a4a81f Mon Sep 17 00:00:00 2001
From: lhy6305 <2734565242@qq.com>
Date: Mon, 23 Sep 2024 23:15:55 +0800
Subject: [PATCH] ~~ssh~~ https auto update

---
 api.php                | 39 ++++++++++++++++--------
 incl_external_flag.php | 67 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 94 insertions(+), 12 deletions(-)
 create mode 100644 incl_external_flag.php

diff --git a/api.php b/api.php
index 2a0966c..376756f 100644
--- a/api.php
+++ b/api.php
@@ -31,25 +31,18 @@ if($query===false) {
     exit;
 }
 
-if(!array_key_exists("game", $query)||gettype($query["game"])!="string"||strlen($query["game"])<=0) {
-    gen_error_400("key \"game\" not found or is empty, or has an invalid type.");
-    exit;
-}
-
 if(!array_key_exists("action", $query)||gettype($query["action"])!="string") {
     gen_error_400("key \"action\" not found or has an invalid type. use 'help' to view help");
     exit;
 }
 
-if(!array_key_exists("ttoken", $query)||gettype($query["ttoken"])!="string"||strlen($query["ttoken"])<=0) {
-    gen_error_400("key \"ttoken\" not found or is empty, or has an invalid type.");
-    exit;
-}
-
 $action=$query["action"];
 $action=explode(",", $action);
 
-//verify the [game, team-hash] pair
+if(!array_key_exists("game", $query)||gettype($query["game"])!="string"||strlen($query["game"])<=0) {
+    gen_error_400("key \"game\" not found or is empty, or has an invalid type.");
+    exit;
+}
 
 require(__DIR__."/phplib/libvar_gsec.php");
 
@@ -64,6 +57,22 @@ if(!array_key_exists($game, $gsecret_l)) {
 $ginfo=$gsecret_l[$game];
 unset($gsecret_l);
 
+//do actions that do not need team_token auth
+//only $action and $game is set here
+
+if($action[0]=="external-flag") {
+    require(__DIR__."/incl_external_flag.php");
+    exit;
+}
+
+if(!array_key_exists("ttoken", $query)||gettype($query["ttoken"])!="string"||strlen($query["ttoken"])<=0) {
+    gen_error_400("key \"ttoken\" not found or is empty, or has an invalid type.");
+    exit;
+}
+
+
+//verify the [game, team-hash] pair (team_token auth)
+
 if(!verify_team_token($ginfo["gpub"], $team_token)) {
     gen_error_400("the team token provided is not valid: ".$team_token);
     exit;
@@ -73,7 +82,7 @@ $team_id=explode(":", $team_token)[0];
 $team_id="team_".$team_id;
 
 
-//require files depends on the request
+//do actions (require files) depend on the request
 //$action, $game, $ginfo, $team_id, $team_token is set
 
 if($action[0]=="user-panel") {
@@ -96,6 +105,9 @@ if($action[0]=="attachment-dl") {
     exit;
 }
 
+
+//show the help info if no action matches
+
 if($action[0]=="help") {
     echo "notice: use comma(',') to split args\n";
     echo "all available commands:\n";
@@ -103,8 +115,11 @@ if($action[0]=="help") {
     echo "    team-info: show your team info as json\n";
     echo "    challenge-list: list all challenges as json which are defined internally\n";
     echo "    attachment-dl <cid>: download attachment for challenge <cid>, or interact with it\n";
+    echo "    external-flag <cid>: used for dispatching flags for external containers that cannot be changed easily\n";
     exit;
 }
 
+
+
 gen_error_400("unknown action '".$action[0]."'. use 'help' to view help");
 exit;
diff --git a/incl_external_flag.php b/incl_external_flag.php
new file mode 100644
index 0000000..dafad61
--- /dev/null
+++ b/incl_external_flag.php
@@ -0,0 +1,67 @@
+<?php
+
+if(count($action)<2) {
+    gen_error_400("missing argument action[1]");
+    exit;
+}
+
+//change $action[1](cid) based on $alias2cid_l
+
+if(count($action)>1&&strlen($action[1])>0) {
+    require(__DIR__."/phplib/libvar_alias2cid.php");
+    $alias2cid=[];
+    if(array_key_exists($game, $alias2cid_l)) {
+        $alias2cid=$alias2cid_l[$game];
+    }
+    unset($alias2cid_l);
+    if(array_key_exists($action[1], $alias2cid)) {
+        $action[1]=$alias2cid[$action[1]];
+    }
+    unset($alias2cid);
+}
+
+$cid=$action[1];
+
+require(__DIR__."/phplib/libvar_cid2tid.php");
+
+if(!array_key_exists($game, $cid2tid_l)) {
+    gen_error_404("the game ".$game." does not exist");
+    exit;
+}
+$gtid_l=$cid2tid_l[$game];
+unset($cid2tid_l);
+
+if(!array_key_exists($cid, $gtid_l)) {
+    gen_error_404("the cid ".$cid." in game ".$game." does not exist");
+    exit;
+}
+
+$tid=$gtid_l[$cid];
+
+require(__DIR__."/phplib/libvar_tid2proj.php");
+
+if(!array_key_exists($tid, $tid2proj_l)) {
+    gen_error_500("the tid ".$tid." does not exist");
+    exit;
+}
+
+$proj=$tid2proj_l[$tid];
+
+/*
+    $GLOBALS["game"]=$game;
+    $GLOBALS["action"]=$action;
+    $GLOBALS["cid"]=$cid;
+    $GLOBALS["tid"]=$tid;
+    $GLOBALS["proj"]=$proj;
+*/
+
+$pf=realpath(__DIR__."/".$proj["path"]."/handle_external_flag.php");
+
+if(!is_readable($pf)) {
+    gen_error_500("challange ".$proj["name"]." has been found, but the entry handle_external_flag.php does not exist.");
+    exit;
+}
+
+require($pf);
+
+exit;