feat: init

.dockerignore

@@ -0,0 +1,24 @@
+docker-compose.yml
+docker-compose.yaml
+Dockerfile
+
+.env
+.gitingore
+.gitmodules
+.git
+.github
+.editorconfig
+
+.cache
+.vite
+.astro
+.vscode
+logs
+
+README.md
+README.txt
+
+/flag.txt
+/flag
+
+/exploit

.github/workflows/docker.yml

@@ -0,0 +1,82 @@
+name: Docker
+
+on:
+  push:
+    branches:
+      - master
+      - main
+
+  pull_request:
+    branches:
+      - master
+      - main
+
+  workflow_dispatch:
+    inputs:
+      image_name:
+        description: 'Docker image name'
+        required: false
+        default: ''
+      image_tag:
+        description: 'Docker image tag'
+        required: false
+        default: ''
+
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    env:
+      IMAGE_NAME:
+      IMAGE_TAG:
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Prepare environment
+      run: |
+        function get_name() {
+          if [ -n "${{ inputs.image_name }}" ]; then
+            echo "${{ inputs.image_name }}"
+          else
+            echo "${{ vars.DOCKER_IMAGE_NAME }}"
+          fi
+        }
+        function get_tag() {
+          if [ -n "${{ inputs.image_tag }}" ]; then
+            echo "${{ inputs.image_tag }}"
+          else
+            local tag version
+            tag=$(git describe --tags --abbrev=0 2>/dev/null)
+            if [ -n "$tag" ]; then
+              version=$(echo $tag | grep -oP '^v\d+(\.\d+)*$' | sed 's/^v//')
+              if [ -n "$version" ]; then
+                tag="$version"
+              fi
+            fi
+            if [ -z "$tag" ]; then
+              tag="latest"
+            fi
+            echo "$tag"
+          fi
+        }
+        IMAGE_NAME="$(get_name)"
+        IMAGE_TAG="$(get_tag)"
+        echo "IMAGE_NAME=$IMAGE_NAME" >> "$GITHUB_ENV"
+        echo "IMAGE_TAG=$IMAGE_TAG" >> "$GITHUB_ENV"
+
+    - name: Build image
+      run: |
+        echo "Building image ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}"
+        docker build -t '${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}' .
+
+    - name: Export image
+      run: docker save '${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}' -o image.tar
+
+    - name: Upload Artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: image_${{ env.IMAGE_NAME }}_${{ env.IMAGE_TAG }}
+        path: image.tar
+        retention-days: 1

.github/workflows/test.yml

@@ -0,0 +1,51 @@
+name: Test
+
+on:
+  - push
+  - pull_request
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [20.x]
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - uses: pnpm/action-setup@v4
+      with:
+        version: 8
+        run_install: false
+
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v3
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'pnpm'
+
+    - name: Install dependencies
+      run: pnpm install
+
+    - name: Build
+      run: pnpm build
+
+  dry-run:
+    name: Dry Run
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [20.x]
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: oven-sh/setup-bun@v2
+    - name: Install dependencies
+      run: bun install --production
+    - name: Test dry run
+      run: |
+        timeout 5s bun run start || if [ $? -eq 124 ]; then exit 0; else exit 1; fi

.gitignore

@@ -0,0 +1,3 @@
+node_modules/
+.cache/
+dist/

Dockerfile

@@ -0,0 +1,44 @@
+FROM node:20.11.0-slim AS base
+
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable
+RUN pnpm config set registry https://registry.npmjs.org/
+
+RUN mkdir -p /app/
+COPY . /app
+WORKDIR /app
+
+FROM base AS prod-deps
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile
+
+FROM base AS build
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
+ENV NODE_ENV=production
+RUN NODE_OPTIONS="--max_old_space_size=2048" pnpm build
+
+FROM oven/bun:1.1.20-slim
+
+ENV FLAG="flag{test_flag}"
+
+RUN useradd -m ctf
+
+RUN mkdir -p /app
+COPY . /app
+WORKDIR /app
+
+RUN mkdir -p /app/public
+COPY --from=prod-deps /app/node_modules /app/node_modules
+COPY --from=build /app/public/dist /app/public/dist
+RUN rm -rf public-src content.js webpack.config.js pnpm-lock.yaml package-lock.json
+
+RUN mv /app/mvval.sh /usr/local/bin/mvval.sh
+RUN chmod +x /usr/local/bin/mvval.sh
+
+# Use mvval.sh to switch user
+USER root
+
+EXPOSE 3000
+ENV NODE_ENV=production
+ENTRYPOINT [ "/usr/local/bin/mvval.sh", "--type=env", "--name=ICQ_FLAG:FLAG", "--user=ctf", "--", "/usr/local/bin/docker-entrypoint.sh" ]
+CMD [ "bun", "start" ]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Jevon Wang
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,48 @@
+# PangBai-HTTP
+
+This is the challenge for NewStarCTF 2024 in the category of Web, Week1.
+
+This challenge requires participants to complete several levels related to HTTP.
+
+The challenge doesn't provide source code to participants.
+
+## Deployment
+
+> [!IMPORTANT]
+> The FLAG is initialy given by the environment variable `ICQ_FLAG`.
+
+Docker is provided. You can run the following command to start the environment quickly:
+
+```bash
+docker compose build # Build the image
+docker compose up -d # Start the container
+```
+
+For manual installation, you can follow the steps below.
+
+Install the dependencies:
+
+```bash
+pnpm install
+```
+
+Build the frontend:
+
+```bash
+pnpm build
+```
+
+Start the server:
+
+```bash
+bun start
+```
+
+> [!NOTE]
+> The `bun` runtime is required. For more information, please refer to the [bun.sh](https://bun.sh).
+
+## License
+
+Copyright (c) Cnily03. All rights reserved.
+
+Licensed under the [MIT](LICENSE) License.

content.js

@@ -0,0 +1,9 @@
+import fs from 'node:fs';
+
+export default `
+
+点击屏幕任意位置开始游戏
+${fs.readFileSync('./public-src/start.js')}
+${fs.readFileSync('./public-src/index.lv0.js')}
+
+`

docker-compose.yml

@@ -0,0 +1,11 @@
+version: '3.8'
+name: pangbai-http
+
+services:
+  web:
+    build: .
+    image: ctf-pangbai-http:latest
+    environment:
+      - ICQ_FLAG=flag{test_real_flag}
+    ports:
+      - '53000:3000'

font-plugin.js

@@ -0,0 +1,44 @@
+import runner from 'font-spider'
+import fs from 'node:fs';
+import path from 'node:path';
+
+export default class FontPlugin {
+    constructor(options) {
+        this.options = options;
+    }
+
+    apply(compiler) {
+        compiler.hooks.beforeCompile.tapAsync('FontPlugin', async (stats, callback) => {
+            let { copy, clean, html, beforeRun } = this.options;
+
+            copy = copy || []
+            html = html || []
+            beforeRun = beforeRun || (() => Promise.resolve())
+            if (!Array.isArray(copy[0])) copy = [copy];
+            if (!Array.isArray(html)) html = [html];
+
+            let pool = []
+            for (let i = 0; i < copy.length; i++) {
+                pool.push(
+                    new Promise((resolve, reject) => {
+                        if (clean) try { fs.rmSync(path.resolve(copy[i][1]), { recursive: true }) } catch (e) { };
+                        fs.cp(path.resolve(copy[i][0]), path.resolve(copy[i][1]), { recursive: true }, e => {
+                            if (e) {
+                                console.error(e);
+                                callback(e)
+                                reject(e)
+                            } else {
+                                resolve()
+                            }
+                        })
+                    })
+                )
+            }
+            await Promise.all(pool)
+            await beforeRun();
+            runner(html, {
+                backup: false
+            }, callback);
+        });
+    }
+}

global.d.ts

@@ -0,0 +1,4 @@
+interface EnvHono<T extends import("hono/types").Variables = {}> {
+    Bindings: Env;
+    Variables: T;
+}