Merging Issue-1 into develop

Author: EnderHubris

.gitignore

@@ -4,12 +4,14 @@
 
 /coverage
 /build
+/docker/resumes
 
-/src/backend/challenge_archives/*.zip
+backend/challenge_archives/*.zip
 
 .DS_Store
 .env
 .env.*
+/docker/.env
 
 npm-debug.log*
 yarn-debug.log*

README.md

@@ -4,43 +4,39 @@ Website repo for the Kent Hack It CTF
 ## What is this?
 The frontend uses ReactJS that communicates to a ExpressJS backend that handles: user login/registration, team creation/joining, and flag submission.
 
-## :hammer: Install Dependencies
+## :computer: Development Installation
+### :hammer: Install Dependencies
 ```bash
 # if you do not have NodeJS installed
 sudo apt update && sudo apt install nodejs npm
-
-# use npm to install latest node
-sudo npm install -g n && sudo n stable
-
-# if you do not want to keep the older nodejs binary on the system:
-# replace old nodejs for new nodejs
-$oldNode = $(which nodejs)
-sudo rm -f $oldNode
-
-# create a symlink named nodejs to execute the node binary
-sudo ln -s $(which node) $oldNode
 ```
 
-## :wrench: Build
+### :wrench: Build
 ```bash
 # installs dependencies/packages tracked by this project
 npm install .
 # compile and run the frontend locally
 npm start
 ```
 
-Move the `.env` file into the project root directory, then run the following to run the backend locally.
+Move the web related `.env` file into the project root directory, then run the following to run the backend locally.
 ```bash
-# if you want to use the latest node binary replace nodejs -> node
-nodejs ./src/backend/server.js
+nodejs backend/server.mjs
 ```
 
 ## :chart_with_upwards_trend: Production
-You will need to install a dependency to use `serve`, this is recommended after running `npm run build`.
+This project uses Docker :whale: for production set-up
+```bash
+sudo apt update && sudo apt install docker.io docker-compose
+```
+The following commands will build the docker via compose which builds the multi-docker system.
+You will need to move the `.env` into the project root folder before running the following:
 ```bash
-sudo npm install -g serve
+docker network create traefik
+docker-compose --env-file .env -p khi -f docker/docker-compose.yml up --build
 ```
-Prepare production build and serve as a static server.
+The following commands will build ONLY the khi website docker image that you later start via `docker run -d ...`.
 ```bash
-npm run build && server -s build
+docker build -f docker/Dockerfile -t image_name .
+docker run -d -p 8080:80 --name docker_name image_name
 ```

src/backend/challenge_archives/README.txt backend/challenge_archives/README.txtsrc/backend/challenge_archives/README.txt renamed to backend/challenge_archives/README.txt

@@ -12,9 +12,10 @@ function MongoURI() {
     const db_pass = process.env.DB_PASS;
     const db_name = process.env.DB_NAME;
 
-    return "mongodb://" + db_user + ":" + db_pass + "@localhost:27017/" + db_name;
+    return "mongodb://" + db_user + ":" + db_pass + "@khi_db:27017/" + db_name + "?authSource=admin";
 }
 
+console.log(`[*] Attempting to Connect to: ${MongoURI()}`);
 // Connect to MongoDB
 mongoose.connect(MongoURI()).then(() => {
     console.log('Connected to MongoDB');

src/backend/db.js backend/db.mjssrc/backend/db.js renamed to backend/db.mjs

@@ -6,7 +6,7 @@ import GetChallenges, { LoginUser, LoginAdmin, RegisterUser,
     GetAllUsers, GetAllTeams, RemoveTeam, RemoveUser,
     UpdateChallenge, AdminGetChallenges, CreateChallenge,
     DeleteChallenge, RegisterAdmin, RemoveAdmin, GetAdmins,
-    ValidateAdmin, GetLeaderboardData } from './db.js';
+    ValidateAdmin, GetLeaderboardData } from './db.mjs';
 import rateLimit from 'express-rate-limit';
 import cookieParser from 'cookie-parser';
 import sanitize from 'sanitize-filename';
@@ -67,16 +67,16 @@ const app = express();
 #################################################################
 */
 const host = "0.0.0.0"
-const port = process.env.REACT_APP_BACKEND_PORT;
+const port = 4000;
 
 // Allows data to be sent from post requests
 app.use(express.urlencoded({ extended: true }));
 app.use(express.json()); // middleware to handle JSON
 app.use(cookieParser()); // Access cookies
 
 const allowedOrigins = [
-    `http://localhost:${process.env.FRONT_END_PORT}`,                  // local dev
-    `http://${process.env.LAN_HOST}:${process.env.FRONT_END_PORT}`,   // LAN live frontend
+    `http://localhost:80`,                  // local dev
+    `http://localhost:8080`,
     // 'https://khi.io'                     // production site
 ];
 

src/backend/server.js backend/server.mjssrc/backend/server.js renamed to backend/server.mjs

@@ -0,0 +1,46 @@
+FROM nginx:latest
+WORKDIR /
+
+# setup for mongo container manually:
+# docker run -d --name khi_db -e MONGO_INITDB_ROOT_USERNAME=env.user -e MONGO_INITDB_ROOT_PASSWORD=env.password -e MONGO_INITDB_DATABASE=env.db -v mongodb_data:/data/db -p 27017:27017 mongo:latest
+RUN apt-get update && apt-get install -y supervisor sudo nodejs npm net-tools
+
+# ensure directories exist
+RUN mkdir /var/www
+RUN mkdir /var/www/khi
+RUN mkdir /var/www/project
+
+# give www-data ability to run commands and interact with web-root
+RUN chsh -s /bin/bash www-data
+RUN chown -R www-data:www-data /var/www
+
+# move production build into docker and move
+# nginx conf file into the docker
+COPY public /var/www/project/public
+COPY src /var/www/project/src
+COPY .env /var/www/project/.env
+COPY package.json /var/www/project/package.json
+
+# create symlink to .env
+RUN ln -s /var/www/project/.env /var/www/khi/.env
+RUN ln -s /var/www/project/package.json /var/www/khi/package.json
+
+# build react app
+RUN su www-data -s /bin/sh -c "cd /var/www/project && npm install . && npm run build && cp -r build/* -t /var/www/khi"
+
+COPY docker/khi /etc/nginx/conf.d/khi.conf
+
+# move backend to web root
+COPY backend /var/www/khi/backend
+
+# remove default nginx config
+RUN rm /etc/nginx/conf.d/default.conf
+
+# install needed nodejs packages to allow the backend to run
+RUN su www-data -s /bin/sh -c "cd /var/www/khi && npm install ."
+
+EXPOSE 80
+
+# start an auto restart service for the backend
+COPY docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

docker/Dockerfile

@@ -0,0 +1,51 @@
+services:
+  db:
+    image: mongo:latest
+    container_name: khi_db
+    restart: always
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=${DB_USER}
+      - MONGO_INITDB_ROOT_PASSWORD=${DB_PASS}
+      - MONGO_INITDB_DATABASE=khi2025
+    volumes:
+      - db_data:/data/db
+      - ./init_mongo.sh:/docker-entrypoint-initdb.d/init.sh:ro
+    healthcheck:
+      test: ["CMD", "mongosh", "--eval", "db.adminCommand('ping')"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - app_internal
+
+  app:
+    depends_on:
+      db:
+        condition: service_healthy
+    build:
+      context: ../
+      dockerfile: docker/Dockerfile
+    ports:
+      - "8080:80"
+    environment:
+      - DATABASE_URL=mongodb://${DB_USER}:${DB_PASS}@khi_db:27017/khi2025?authSource=admin
+      - ORIGIN=http://0.0.0.0:80
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.khi.rule=Host(`khi.io`)"
+      - "traefik.http.routers.khi.entrypoints=websecure"
+      - "traefik.http.routers.khi.tls.certresolver=letsencrypt"
+      - "traefik.http.services.khi.loadbalancer.server.port=80"
+    volumes:
+      - ./resumes:/app/resumes
+    networks:
+      - app_internal
+      - traefik
+
+networks:
+  app_internal:
+  traefik:
+    external: true
+
+volumes:
+  db_data:

docker/docker-compose.yml

@@ -0,0 +1,18 @@
+#!/bin/bash
+# THIS SCRIPT IS RESPONSIBLE FOR CREATING THE SUPER ADMIN
+# FOR THE KHI WEBSITE (THIS ADMIN CANNOT BE REMOVED FROM THE ADMIN PANEL)
+
+username="admin" # OPTIONAL to change
+password="admin" # CHANGE THIS IN PRODUCTION
+
+salt="" # SALT .env
+hashed=$(echo -n "${salt}${password}" | sha256sum | awk '{print $1}')
+
+mongosh -u "$MONGO_INITDB_ROOT_USERNAME" -p "$MONGO_INITDB_ROOT_PASSWORD" --authenticationDatabase admin "$MONGO_INITDB_DATABASE" <<EOF
+db.admins.insertOne({
+  username: "$username",
+  password: "$hashed",
+  isProtected: true,
+  created_at: new Date()
+});
+EOF > /root/init_mongo.log

docker/init_mongo.sh

@@ -0,0 +1,20 @@
+server {
+    listen 80;
+    server_name khi;
+
+    root /var/www/khi;
+    index index.html;
+
+    location / {
+        try_files $uri /index.html;
+    }
+
+    # points to backend (reverse proxy)
+    location /api/ {
+        client_max_body_size 25M;
+        proxy_pass http://127.0.0.1:4000/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}

docker/khi

@@ -0,0 +1,14 @@
+[supervisord]
+nodaemon=true
+
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+autorestart=true
+
+[program:backend]
+command=/usr/bin/nodejs /var/www/khi/backend/server.mjs
+directory=/var/www/khi
+autorestart=true
+user=www-data
+stdout_logfile=/var/log/backend.log
+stderr_logfile=/var/log/backend_err.log