admin: Dex config contains challenge name instead of hardcoded name

fickit: Update linuxkit images
admin: Also import team members from CyberRange
2025-03-26 12:04:43 +01:00 · 2025-03-26 11:55:36 +01:00 · 2025-03-26 11:25:06 +01:00 · 2025-03-26 11:13:09 +01:00 · 2025-03-25 18:54:36 +01:00 · 2025-03-25 18:19:22 +01:00
16 changed files with 235 additions and 106 deletions
--- a/admin/api/export.go
+++ b/admin/api/export.go
@ -3,9 +3,12 @@ package api
 import (
 	"archive/zip"
 	"encoding/json"
+	"io"
+	"log"
 	"net/http"
 	"path"

+	"srs.epita.fr/fic-server/admin/sync"
 	"srs.epita.fr/fic-server/libfic"
 	"srs.epita.fr/fic-server/settings"

@ -59,6 +62,41 @@ func declareExportRoutes(router *gin.RouterGroup) {
 			json.NewEncoder(f).Encode(challengeinfo)
 		}

+		// Include partners' logos from challenge.json
+		if sync.GlobalImporter != nil {
+			if len(challengeinfo.MainLogo) > 0 {
+				for _, logo := range challengeinfo.MainLogo {
+					fd, closer, err := sync.OpenOrGetFile(sync.GlobalImporter, logo)
+					if err != nil {
+						log.Printf("Unable to archive main logo %q: %s", logo, err.Error())
+						continue
+					}
+
+					f, err := w.Create(path.Join("logo", path.Base(logo)))
+					if err == nil {
+						io.Copy(f, fd)
+					}
+					closer()
+				}
+			}
+
+			if len(challengeinfo.Partners) > 0 {
+				for _, partner := range challengeinfo.Partners {
+					fd, closer, err := sync.OpenOrGetFile(sync.GlobalImporter, partner.Src)
+					if err != nil {
+						log.Printf("Unable to archive partner logo %q: %s", partner.Src, err.Error())
+						continue
+					}
+
+					f, err := w.Create(path.Join("partner", path.Base(partner.Src)))
+					if err == nil {
+						io.Copy(f, fd)
+					}
+					closer()
+				}
+			}
+		}
+
 		// my.json
 		f, err = w.Create("my.json")
 		if err == nil {
--- a/admin/api/password.go
+++ b/admin/api/password.go
@ -136,7 +136,7 @@ storage:
 web:
  http: 0.0.0.0:5556
 frontend:
-  issuer: Challenge forensic
+  issuer: {{ .Name }}
  logoURL: {{ .LogoPath }}
  dir: /srv/dex/web/
 oauth2:
--- a/admin/api/team.go
+++ b/admin/api/team.go
@ -3,7 +3,6 @@ package api
 import (
 	"fmt"
 	"log"
-	"math/rand"
 	"net/http"
 	"strconv"
 	"strings"
@ -186,6 +185,9 @@ func declareTeamsRoutes(router *gin.RouterGroup) {
 	declareTeamsPasswordRoutes(apiTeamsRoutes)
 	declareTeamClaimsRoutes(apiTeamsRoutes)
 	declareTeamCertificateRoutes(apiTeamsRoutes)
+
+	// Import teams from cyberrange
+	router.POST("/cyberrange-teams.json", importTeamsFromCyberrange)
 }

 func TeamHandler(c *gin.Context) {
@ -317,6 +319,64 @@ func allAssociations(c *gin.Context) {
 	c.JSON(http.StatusOK, ret)
 }

+func importTeamsFromCyberrange(c *gin.Context) {
+	var ut []fic.CyberrangeTeam
+	err := c.ShouldBindJSON(&fic.CyberrangeAPIResponse{Data: &ut})
+	if err != nil {
+		c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": err.Error()})
+		return
+	}
+
+	teams, err := fic.GetTeams()
+	if err != nil {
+		c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": fmt.Sprintf("Impossible de récupérer la liste des équipes actuelles: %s", err.Error())})
+		return
+	}
+
+	for _, crteam := range ut {
+		var exist_team *fic.Team
+		for _, team := range teams {
+			if team.Name == crteam.Name && team.ExternalId == crteam.UUID {
+				exist_team = team
+				break
+			}
+		}
+
+		if exist_team != nil {
+			exist_team.Name = crteam.Name
+			exist_team.ExternalId = crteam.UUID
+			_, err = exist_team.Update()
+		} else {
+			exist_team, err = fic.CreateTeam(crteam.Name, fic.RandomColor().ToRGB(), crteam.UUID)
+		}
+
+		if err != nil {
+			c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": fmt.Sprintf("Impossible d'ajouter/de modifier l'équipe %v: %s", crteam, err.Error())})
+			return
+		}
+
+		// Import members
+		if c.DefaultQuery("nomembers", "0") != "" && len(crteam.Members) > 0 {
+			exist_team.ClearMembers()
+
+			for _, member := range crteam.Members {
+				_, err = exist_team.AddMember(member.Name, "", member.Nickname, exist_team.Name)
+				if err != nil {
+					log.Printf("Unable to add member %q to team %s (tid=%d): %s", member.UUID, exist_team.Name, exist_team.Id, err.Error())
+				}
+			}
+		}
+	}
+
+	teams, err = fic.GetTeams()
+	if err != nil {
+		c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": fmt.Sprintf("Impossible de récupérer la liste des équipes après import: %s", err.Error())})
+		return
+	}
+
+	c.JSON(http.StatusOK, teams)
+}
+
 func createTeam(c *gin.Context) {
 	var ut fic.Team
 	err := c.ShouldBindJSON(&ut)
@ -326,11 +386,7 @@ func createTeam(c *gin.Context) {
 	}

 	if ut.Color == 0 {
-		ut.Color = fic.HSL{
-			H: rand.Float64(),
-			S: 1,
-			L: 0.5,
-		}.ToRGB()
+		ut.Color = fic.RandomColor().ToRGB()
 	}

 	team, err := fic.CreateTeam(strings.TrimSpace(ut.Name), ut.Color, ut.ExternalId)
--- a/admin/sync/file.go
+++ b/admin/sync/file.go
@ -238,3 +238,21 @@ func WriteFileContent(i Importer, URI string, content []byte) error {
 		return fmt.Errorf("%t is not capable of writing", i)
 	}
 }
+
+func OpenOrGetFile(i Importer, URI string) (fd io.Reader, closer func() error, err error) {
+	if strings.HasPrefix(URI, "$FILES$") {
+		var fdc io.ReadCloser
+		fdc, err = os.Open(path.Join(fic.FilesDir, strings.TrimPrefix(URI, "$FILES$/")))
+		fd = fdc
+		closer = fdc.Close
+	} else {
+		fd, err = GlobalImporter.GetFile(URI)
+		if fdcloser, ok := fd.(io.ReadCloser); ok {
+			closer = fdcloser.Close
+		} else {
+			closer = func() error { return nil }
+		}
+	}
+
+	return
+}
--- a/fickit-backend.yml
+++ b/fickit-backend.yml
@ -1,54 +1,54 @@
 kernel:
  #image: nemunaire/kernel:5.10.62-0b705d955f5e283f62583c4e227d64a7924c138f-amd64
-  image: linuxkit/kernel:6.6.13
+  image: linuxkit/kernel:6.6.71
  cmdline: "console=ttyS0 console=tty0"

 init:
-  - linuxkit/init:7135424f6836ee166d1199e88cfb95ee88efaf91
-  - linuxkit/runc:efcece75889aec4e2de0d95ba27ccc46438522b3
-  - linuxkit/containerd:ce79d5d4ab9c46f4763735c6e4ab5c51c3feb5d8
-  - linuxkit/ca-certificates:d4cc1b82c73d272e94d0e71ea375fe56b0c0626a
-  - linuxkit/getty:bae9e3d4861173bacf78f14a4fe44997a430d13b
+  - linuxkit/init:8eea386739975a43af558eec757a7dcb3a3d2e7b
+  - linuxkit/runc:667e7ea2c426a2460ca21e3da065a57dbb3369c9
+  - linuxkit/containerd:a988a1a8bcbacc2c0390ca0c08f949e2b4b5915d
+  - linuxkit/ca-certificates:7b32a26ca9c275d3ef32b11fe2a83dbd2aee2fdb
+  - linuxkit/getty:05eca453695984a69617f1f1f0bcdae7f7032967
  - nemunaire/mdadm:04814350d71ba9417e1f861be1685de26adf7a67
  - nemunaire/kexec:839b4eedfce02a56c581dec2383dc6faff120855

 onboot:
  - name: mod
-    image: linuxkit/modprobe:e3de97ac10970edee33faa78d9780117174bd1ac
+    image: linuxkit/modprobe:773ee174006ecbb412830e48889795bae40b62f9
    command: ["/bin/sh", "-c", "modprobe xhci_pci ahci intel_lpss_pci i2c_i801 megaraid_sas tg3 bnxt_en"]

  - name: sysctl
-    image: linuxkit/sysctl:c5f4b4895844b993dce4e8b35fd8263a6b557807
+    image: linuxkit/sysctl:5f56434b81004b50b47ed629b222619168c2bcdf
    binds:
      - /etc/sysctl.d/01-fic.conf:/etc/sysctl.d/01-fic.conf:ro

    # Metadata
  - name: metadata
-    image: linuxkit/metadata:f35b5aafc7d19bb6a44a900840727902dad78e44
+    image: linuxkit/metadata:4f81c0c3a2b245567fd7d32d799018c9614a9907
    command: ["/usr/bin/metadata", "-v", "cdrom"]

    # Filesystem
  - name: swap
-    image: linuxkit/swap:8a1fd15d56b6ddf67d6d8ce25361178e1f36128b
+    image: linuxkit/swap:f4b8ffef87c8c72165bd8a92b790ac252ccf1821
    command: ["/sbin/swapon", "/dev/sda3"]
  - name: dm-crypt
-    image: linuxkit/dm-crypt:19fa6affe9da03afc91694e36d72a4924c65a0e0
+    image: linuxkit/dm-crypt:981fde241bb84616a5ba94c04cdefa1489431a25
    command: ["/usr/bin/crypto", "-l", "crypt_fic", "/dev/sda4"]
    binds:
      - /dev:/dev
      - /run/config/dm-crypt:/etc/dm-crypt
  - name: mount
-    image: linuxkit/mount:4413ebd50bfbe026058e4a60463259cece2b8bb5
+    image: linuxkit/mount:cb8caa72248f7082fc2074ce843d53cdc15df04a
    command: ["/usr/bin/mountie", "-device", "/dev/mapper/crypt_fic", "/var/lib/fic" ]

    # Network
 #  - name: dhcpcd
-#    image: linuxkit/dhcpcd:330839488cd122db3c44738e265c035c9729a963
+#    image: linuxkit/dhcpcd:157df9ef45a035f1542ec2270e374f18efef98a5
 #    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
 #  - name: ntp
-#    image: linuxkit/openntpd:da26954c2f98a274091e5ed0bbdd2079a77a47c1
+#    image: linuxkit/openntpd:f99c4117763480815553b72022b426639a13ce86
  - name: synchro-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 10.10.10.1/29 dev eth2; ip link set eth2 up;" ]
    net: new
    runtime:
@ -57,7 +57,7 @@ onboot:
      bindNS:
        net: /run/netns/synchro
  - name: qa-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip link show eth1 2> /dev/null && { ip a add 10.10.10.1/29 dev eth1; ip link set eth1 up; }; ip a add 172.17.0.6/24 dev vethin-qa; ip link set vethin-qa up" ]
    net: new
    runtime:
@ -69,7 +69,7 @@ onboot:
      bindNS:
        net: /run/netns/fic-qa
  - name: admin-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    #command: ["/bin/sh", "-c", "ip link add link eth3 name adminiface type vlan id 99; ip a add 172.16.99.219/24 dev adminiface; ip link set eth3 up; ip link set adminiface up; ip r add default via 172.16.99.1; ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up; ping -W 10 -c 1 172.16.99.1;" ]
    command: ["/bin/sh", "-c", "ip link set eth3 up; while read IP; do ip a add ${IP} dev eth3; done < /run/config/ip_config/backend-admin; ip r add default via $(cat /run/config/ip_config/backend-router); ip a add 172.17.0.2/24 dev vethin-admin; ip link set vethin-admin up; echo 'Waiting for' $(cat /run/config/ip_config/backend-router); ping -W 10 -c 1 $(cat /run/config/ip_config/backend-router); ip link show eth1 2> /dev/null && { ip a add 10.0.0.1/24 dev eth1; ip link set eth1 up; };" ]
    net: new
@ -85,7 +85,7 @@ onboot:
      bindNS:
        net: /run/netns/fic-admin
  - name: checker-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 172.17.0.3/24 dev vethin-checker; ip link set vethin-checker up;" ]
    net: new
    runtime:
@ -96,7 +96,7 @@ onboot:
      bindNS:
        net: /run/netns/fic-checker
  - name: generator-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 172.17.0.5/24 dev vethin-generat; ip link set vethin-generat up;" ]
    net: new
    runtime:
@ -107,7 +107,7 @@ onboot:
      bindNS:
        net: /run/netns/fic-generator
  - name: mysql-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 172.17.0.4/24 dev vethin-db; ip link set vethin-db up;" ]
    net: new
    runtime:
@ -118,7 +118,7 @@ onboot:
      bindNS:
        net: /run/netns/db
  - name: bridge-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 172.17.0.1/24 dev br0; ip link set veth-admin master br0; ip link set veth-checker master br0; ip link set veth-generator master br0; ip link set veth-db master br0; ip link set veth-qa master br0; ip link set br0 up; ip link set veth-admin up; ip link set veth-checker up; ip link set veth-generator up; ip link set veth-db up; ip link set veth-qa up;" ]
    runtime:
      interfaces:
@ -126,7 +126,7 @@ onboot:
          add: bridge

  - name: firewall-synchro
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-synchro.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6" ]
    binds:
      - /etc/iptables/rules-synchro.v4:/etc/iptables/rules-synchro.v4:ro
@ -136,7 +136,7 @@ onboot:
      mkdir:
        - /var/lib/fic/teams
  - name: firewall-admin
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-admin.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6" ]
    binds:
      - /etc/iptables/rules-admin.v4:/etc/iptables/rules-admin.v4:ro
@ -164,15 +164,15 @@ onboot:

 services:
 #  - name: getty
-#    image: linuxkit/getty:bae9e3d4861173bacf78f14a4fe44997a430d13b
+#    image: linuxkit/getty:05eca453695984a69617f1f1f0bcdae7f7032967
 #    env:
 #      - INSECURE=true

  # Enable acpi to shutdown on power events
  - name: acpid
-    image: linuxkit/acpid:6379700e2f3341250432e37a4cac36e35c7caac8
+    image: linuxkit/acpid:6cb5575e487a8fcbd4c3eb6721c23299e6ea452f
  - name: rngd
-    image: linuxkit/rngd:814d1a3a76e84eae01a94575c038fd22652f94e3
+    image: linuxkit/rngd:1a18f2149e42a0a1cb9e7d37608a494342c26032
  - name: db
    image: mariadb:11
    command: ["/bin/bash", "/usr/local/bin/docker-entrypoint.sh", "mariadbd"]
--- a/fickit-boot.yml
+++ b/fickit-boot.yml
@ -1,6 +1,6 @@
 kernel:
  #image: nemunaire/kernel:5.10.62-0b705d955f5e283f62583c4e227d64a7924c138f-amd64
-  image: linuxkit/kernel:6.6.13
+  image: linuxkit/kernel:6.6.71
  cmdline: "console=ttyS0 console=tty0"

 init:
--- a/fickit-frontend.yml
+++ b/fickit-frontend.yml
@ -1,50 +1,50 @@
 kernel:
  #image: nemunaire/kernel:5.10.62-0b705d955f5e283f62583c4e227d64a7924c138f-amd64
-  image: linuxkit/kernel:6.6.13
+  image: linuxkit/kernel:6.6.71
  cmdline: "console=ttyS0 console=tty0"

 init:
-  - linuxkit/init:7135424f6836ee166d1199e88cfb95ee88efaf91
-  - linuxkit/runc:efcece75889aec4e2de0d95ba27ccc46438522b3
-  - linuxkit/containerd:ce79d5d4ab9c46f4763735c6e4ab5c51c3feb5d8
-  - linuxkit/ca-certificates:d4cc1b82c73d272e94d0e71ea375fe56b0c0626a
-  - linuxkit/getty:bae9e3d4861173bacf78f14a4fe44997a430d13b
+  - linuxkit/init:8eea386739975a43af558eec757a7dcb3a3d2e7b
+  - linuxkit/runc:667e7ea2c426a2460ca21e3da065a57dbb3369c9
+  - linuxkit/containerd:a988a1a8bcbacc2c0390ca0c08f949e2b4b5915d
+  - linuxkit/ca-certificates:7b32a26ca9c275d3ef32b11fe2a83dbd2aee2fdb
+  - linuxkit/getty:05eca453695984a69617f1f1f0bcdae7f7032967
  - nemunaire/mdadm:04814350d71ba9417e1f861be1685de26adf7a67
  - nemunaire/kexec:839b4eedfce02a56c581dec2383dc6faff120855
  - nemunaire/fic-frontend-ui:latest

 onboot:
  - name: mod
-    image: linuxkit/modprobe:e3de97ac10970edee33faa78d9780117174bd1ac
+    image: linuxkit/modprobe:773ee174006ecbb412830e48889795bae40b62f9
    command: ["/bin/sh", "-c", "modprobe xhci_pci ahci intel_lpss_pci i2c_i801 megaraid_sas tg3 bnxt_en"]

  - name: sysctl
-    image: linuxkit/sysctl:c5f4b4895844b993dce4e8b35fd8263a6b557807
+    image: linuxkit/sysctl:5f56434b81004b50b47ed629b222619168c2bcdf

    # Metadata
  - name: metadata
-    image: linuxkit/metadata:f35b5aafc7d19bb6a44a900840727902dad78e44
+    image: linuxkit/metadata:4f81c0c3a2b245567fd7d32d799018c9614a9907
    command: ["/usr/bin/metadata", "-v", "cdrom"]

    # Filesystem
  - name: swap
-    image: linuxkit/swap:8a1fd15d56b6ddf67d6d8ce25361178e1f36128b
+    image: linuxkit/swap:f4b8ffef87c8c72165bd8a92b790ac252ccf1821
    command: ["/sbin/swapon", "/dev/sda3"]
  - name: dm-crypt
-    image: linuxkit/dm-crypt:19fa6affe9da03afc91694e36d72a4924c65a0e0
+    image: linuxkit/dm-crypt:981fde241bb84616a5ba94c04cdefa1489431a25
    command: ["/usr/bin/crypto", "-l", "crypt_fic", "/dev/sda4"]
    binds:
      - /dev:/dev
      - /run/config/dm-crypt:/etc/dm-crypt
  - name: mount
-    image: linuxkit/mount:4413ebd50bfbe026058e4a60463259cece2b8bb5
+    image: linuxkit/mount:cb8caa72248f7082fc2074ce843d53cdc15df04a
    command: ["/usr/bin/mountie", "-device", "/dev/mapper/crypt_fic", "/var/lib/fic" ]

    # Network
 #  - name: ntp
-#    image: linuxkit/openntpd:da26954c2f98a274091e5ed0bbdd2079a77a47c1
+#    image: linuxkit/openntpd:f99c4117763480815553b72022b426639a13ce86
  - name: nginx-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 172.17.1.2/24 dev vethin-nginx; ip link set vethin-nginx up;" ]
    net: new
    runtime:
@ -55,7 +55,7 @@ onboot:
      bindNS:
        net: /run/netns/nginx
  - name: frontal-ip-setup # without bonding
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip link set name bond-frontal eth3; ip link set bond-frontal up; while read IP; do ip a add ${IP} dev bond-frontal; done < /run/config/ip_config/frontend-players; ip r add default via $(cat /run/config/ip_config/frontend-router); ip link add link bond-frontal name internet type vlan id 4; ip a add 10.10.10.2/29 dev internet; ip link set internet up;" ]
    net: /run/netns/nginx
    binds:
@ -67,7 +67,7 @@ onboot:
        - name: eth3
 #        - name: eth4
 #  - name: frontal-ip-setup # with bonding
-#    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+#    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
 #    command: ["/bin/sh", "-c", "ip link set dev bond-frontal type bond mode balance-alb; ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; while read IP; do ip a add ${IP} dev bond-frontal; done < /run/config/ip_config/frontend-players; ip r add default via $(cat /run/config/ip_config/frontend-router); ip link add link bond-frontal name internet type vlan id 4; ip link set internet up; sysctl -w net.ipv4.ip_forward=1;" ]
 #    net: /run/netns/nginx
 #    binds:
@ -81,7 +81,7 @@ onboot:
 #        - name: bond-frontal
 #          add: bond
  - name: receiver-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 172.17.1.3/24 dev vethin-receiver; ip link set vethin-receiver up;" ]
    net: new
    runtime:
@ -92,7 +92,7 @@ onboot:
      bindNS:
        net: /run/netns/fic-receiver
  - name: sshd-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 10.10.10.2/29 dev eth2; ip link set eth2 up;" ]
    net: new
    runtime:
@ -101,7 +101,7 @@ onboot:
      bindNS:
        net: /run/netns/sshd
  - name: auth-ip-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 172.17.1.4/24 dev vethin-auth; ip link set vethin-auth up;" ]
    net: new
    runtime:
@ -112,7 +112,7 @@ onboot:
      bindNS:
        net: /run/netns/auth
  - name: bridge-setup
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/sh", "-c", "ip a add 172.17.1.1/24 dev br0; ip link set veth-nginx master br0; ip link set veth-receiver master br0; ip link set veth-auth master br0; ip link set br0 up; ip link set veth-nginx up; ip link set veth-receiver up; ip link set veth-auth up;" ]
    runtime:
      interfaces:
@ -120,7 +120,7 @@ onboot:
          add: bridge

  - name: firewall-frontal
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-frontal.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6; [ -f /run/config/remote_sync/destination ] && /sbin/iptables -I OUTPUT 7 -o bond-frontal -d $(cat /run/config/remote_sync/destination | tr -d '\n') -p tcp -m tcp --dport https -j ACCEPT;" ]
    binds:
      - /etc/iptables/rules-frontal.v4:/etc/iptables/rules-frontal.v4:ro
@ -129,7 +129,7 @@ onboot:
      - /run/config/remote_sync/:/run/config/remote_sync/:ro
    net: /run/netns/nginx
  - name: firewall-sshd
-    image: linuxkit/ip:af77c3f93143ff352a07ad5233d25a665012bcce
+    image: linuxkit/ip:9696394a7d57b384ae919662ae162c9152029156
    command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-sshd.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6" ]
    binds:
      - /etc/iptables/rules-sshd.v4:/etc/iptables/rules-sshd.v4:ro
@ -147,17 +147,17 @@ onboot:

 services:
 #  - name: getty
-#    image: linuxkit/getty:bae9e3d4861173bacf78f14a4fe44997a430d13b
+#    image: linuxkit/getty:05eca453695984a69617f1f1f0bcdae7f7032967
 #    env:
 #      - INSECURE=true

  # Enable acpi to shutdown on power events
  - name: acpid
-    image: linuxkit/acpid:6379700e2f3341250432e37a4cac36e35c7caac8
+    image: linuxkit/acpid:6cb5575e487a8fcbd4c3eb6721c23299e6ea452f
  - name: rngd
-    image: linuxkit/rngd:814d1a3a76e84eae01a94575c038fd22652f94e3
+    image: linuxkit/rngd:1a18f2149e42a0a1cb9e7d37608a494342c26032
  - name: dhcpcd
-    image: linuxkit/dhcpcd:330839488cd122db3c44738e265c035c9729a963
+    image: linuxkit/dhcpcd:157df9ef45a035f1542ec2270e374f18efef98a5
    net: /run/netns/nginx
    binds:
      - /etc/dhcpcd.conf:/dhcpcd.conf:ro
@ -288,7 +288,7 @@ services:
 #    net: /run/netns/nginx

  - name: dexidp
-    image: ghcr.io/dexidp/dex:v2.41.1
+    image: ghcr.io/dexidp/dex:v2.42.0
    net: /run/netns/auth
    binds:
      - /etc/hosts:/etc/hosts:ro
@ -302,7 +302,7 @@ services:
      mkdir:
        - /var/lib/fic/dex
  - name: vouch-proxy
-    image: quay.io/vouch/vouch-proxy:alpine-0.39
+    image: quay.io/vouch/vouch-proxy:alpine-0.41
    env:
      - VOUCH_CONFIG=/etc/vouch/config.yml
    net: /run/netns/auth
--- a/fickit-prepare.yml
+++ b/fickit-prepare.yml
@ -1,15 +1,15 @@
 kernel:
  #image: nemunaire/kernel:5.10.62-0b705d955f5e283f62583c4e227d64a7924c138f-amd64
-  image: linuxkit/kernel:6.6.13
+  image: linuxkit/kernel:6.6.71
  cmdline: "console=ttyS0 console=tty0"


 init:
  - nemunaire/mdadm:04814350d71ba9417e1f861be1685de26adf7a67
  - nemunaire/syslinux:086f221f281d577d300949aa1094fb20c5cd90dc
-  - linuxkit/format:8f487d728959192289e0783784fc2b185eadbc82
-  - linuxkit/dm-crypt:ad2a05dcffa28ef809a61aa27ba230c82f02f603
-  - linuxkit/metadata:83cda7b43112b201613084ea8b7fab585b6e5549
+  - linuxkit/format:3fb088f60ed73ba4a15be41e44654b74112fd3f9
+  - linuxkit/dm-crypt:981fde241bb84616a5ba94c04cdefa1489431a25
+  - linuxkit/metadata:4f81c0c3a2b245567fd7d32d799018c9614a9907
  - alpine:latest

 files:
--- a/fickit-update.yml
+++ b/fickit-update.yml
@ -1,12 +1,12 @@
 kernel:
  #image: nemunaire/kernel:5.10.62-0b705d955f5e283f62583c4e227d64a7924c138f-amd64
-  image: linuxkit/kernel:6.6.13
+  image: linuxkit/kernel:6.6.71
  cmdline: "console=ttyS0 console=tty0"


 init:
  - nemunaire/mdadm:04814350d71ba9417e1f861be1685de26adf7a67
-  - linuxkit/metadata:f35b5aafc7d19bb6a44a900840727902dad78e44
+  - linuxkit/metadata:4f81c0c3a2b245567fd7d32d799018c9614a9907
  - alpine:latest


--- a/libfic/cyberrange.go
+++ b/libfic/cyberrange.go
@ -0,0 +1,26 @@
+package fic
+
+import ()
+
+type CyberrangeAPIResponse struct {
+	Data        interface{}
+	CurrentPage int `json:"current_page"`
+	PerPage     int `json:"per_page"`
+	LastPage    int `json:"last_page"`
+	Total       int `json:"total"`
+}
+
+type CyberrangeTeam struct {
+	UUID    string                 `json:"session_uuid"`
+	Members []CyberrangeTeamMember `json:"members"`
+	Name    string                 `json:"name"`
+	Score   int64                  `json:"score"`
+	Rank    int                    `json:"rank"`
+}
+
+type CyberrangeTeamMember struct {
+	UUID     string `json:"session_uuid"`
+	Name     string `json:"name"`
+	Nickname string `json:"nickname"`
+	EMail    string `json:"email"`
+}
--- a/libfic/utils.go
+++ b/libfic/utils.go
@ -3,6 +3,7 @@ package fic
 import (
 	"bytes"
 	"crypto/md5"
+	"math/rand"
 	"regexp"
 	"strings"
 )
@ -187,3 +188,11 @@ func (c HSL) ToRGB() (rgb uint32) {

 	return r*65536 + g*256 + b
 }
+
+func RandomColor() HSL {
+	return HSL{
+		H: rand.Float64(),
+		S: 1,
+		L: 0.5,
+	}
+}
--- a/remote/challenge-sync-airbus/api.go
+++ b/remote/challenge-sync-airbus/api.go
@ -9,6 +9,8 @@ import (
 	"log"
 	"net/http"
 	"strconv"
+
+	"srs.epita.fr/fic-server/libfic"
 )

 type AirbusAPI struct {
@ -18,14 +20,6 @@ type AirbusAPI struct {
 	InsecureSkipVerify bool
 }

-type AirbusAPIResponse struct {
-	Data        interface{}
-	CurrentPage int `json:"current_page"`
-	PerPage     int `json:"per_page"`
-	LastPage    int `json:"last_page"`
-	Total       int `json:"total"`
-}
-
 func (a *AirbusAPI) request(method, endpoint string, data io.Reader, out interface{}) error {
 	var req *http.Request
 	var err error
@ -59,7 +53,7 @@ func (a *AirbusAPI) request(method, endpoint string, data io.Reader, out interfa
 		if out != nil {
 			jdec := json.NewDecoder(resp.Body)

-			if err := jdec.Decode(&AirbusAPIResponse{Data: out}); err != nil {
+			if err := jdec.Decode(&fic.CyberrangeAPIResponse{Data: out}); err != nil {
 				return fmt.Errorf("an error occurs when trying to decode response: %w", err)
 			}
 		}
@ -164,7 +158,7 @@ func (a *AirbusAPI) GetChallengeFromName(name string) (*AirbusChallenge, error)
 	return nil, fmt.Errorf("unable to find challenge %q", name)
 }

-func (a *AirbusAPI) ValidateChallengeFromUser(team *AirbusTeam, challengeId AirbusChallengeId) (err error) {
+func (a *AirbusAPI) ValidateChallengeFromUser(team *fic.CyberrangeTeam, challengeId AirbusChallengeId) (err error) {
 	log.Printf("ValidateChallenge: %s, %s, %s", a.SessionUUID, challengeId.String(), team.Members[0].UUID)
 	if dryRun {
 		return
@ -179,7 +173,7 @@ type AirbusUserAwards struct {
 	Value   int64  `json:"value"`
 }

-func (a *AirbusAPI) AwardUser(team *AirbusTeam, value int64, message string) (err error) {
+func (a *AirbusAPI) AwardUser(team *fic.CyberrangeTeam, value int64, message string) (err error) {
 	awards := AirbusUserAwards{
 		Message: message,
 		Value:   value,
--- a/remote/challenge-sync-airbus/main.go
+++ b/remote/challenge-sync-airbus/main.go
@ -16,6 +16,8 @@ import (
 	"time"

 	"gopkg.in/fsnotify.v1"
+
+	"srs.epita.fr/fic-server/libfic"
 )

 var (
@ -152,7 +154,6 @@ func main() {
 				log.Println("Unable to retrieve teams:", err)
 				os.Exit(1)
 			}
-			log.Println(teams)

 			fmt.Println("## Airbus' registered teams:")
 			fmt.Println("----------------------------------------------------------------------------------")
@ -168,7 +169,7 @@ func main() {
 				os.Exit(1)
 			}

-			ranking := []*AirbusTeam{}
+			ranking := []*fic.CyberrangeTeam{}
 			for _, team := range teams {
 				tmp := team
 				ranking = append(ranking, &tmp)
--- a/remote/challenge-sync-airbus/team.go
+++ b/remote/challenge-sync-airbus/team.go
@ -2,27 +2,12 @@ package main

 import (
 	"fmt"
+
+	"srs.epita.fr/fic-server/libfic"
 )

-type AirbusTeam struct {
-	UUID    string       `json:"session_uuid"`
-	Members []TeamMember `json:"members"`
-	Name    string       `json:"name"`
-	Score   int64        `json:"score"`
-	Rank    int          `json:"rank"`
-}
-
-type TeamMember struct {
-	UUID     string `json:"session_uuid"`
-	Name     string `json:"name"`
-	Nickname string `json:"nickname"`
-	EMail    string `json:"email"`
-}
-
-type airbusDataTeam []AirbusTeam
-
-func (a *AirbusAPI) GetTeams() ([]AirbusTeam, error) {
-	var data airbusDataTeam
+func (a *AirbusAPI) GetTeams() ([]fic.CyberrangeTeam, error) {
+	var data []fic.CyberrangeTeam
 	err := a.request("GET", fmt.Sprintf("/v1/sessions/%s/teams", a.SessionUUID), nil, &data)
 	if err != nil {
 		return nil, err
@ -31,13 +16,13 @@ func (a *AirbusAPI) GetTeams() ([]AirbusTeam, error) {
 	}
 }

-type ByRank []*AirbusTeam
+type ByRank []*fic.CyberrangeTeam

 func (a ByRank) Len() int           { return len(a) }
 func (a ByRank) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
 func (a ByRank) Less(i, j int) bool { return a[i].Rank < a[j].Rank }

-type ByScore []*AirbusTeam
+type ByScore []*fic.CyberrangeTeam

 func (a ByScore) Len() int           { return len(a) }
 func (a ByScore) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
--- a/remote/challenge-sync-airbus/timestamp.go
+++ b/remote/challenge-sync-airbus/timestamp.go
@ -5,6 +5,8 @@ import (
 	"log"
 	"os"
 	"time"
+
+	"srs.epita.fr/fic-server/libfic"
 )

 type TSValue struct {
@ -32,7 +34,7 @@ func loadTS(tspath string) (timestamp map[string]*TSValue, err error) {
 	}
 }

-func loadTSFromAPI(teams map[string]*AirbusTeam) (timestamp map[string]*TSValue, err error) {
+func loadTSFromAPI(teams map[string]*fic.CyberrangeTeam) (timestamp map[string]*TSValue, err error) {
 	now := time.Now()
 	timestamp = map[string]*TSValue{}

--- a/remote/challenge-sync-airbus/treat.go
+++ b/remote/challenge-sync-airbus/treat.go
@ -23,7 +23,7 @@ type Walker struct {
 	Exercices    AirbusExercicesBindings
 	Teams        map[string]fic.ExportedTeam
 	RevTeams     map[string]string
-	TeamBindings map[string]*AirbusTeam
+	TeamBindings map[string]*fic.CyberrangeTeam
 	API          AirbusAPI
 	Coeff        float64
 }
@ -35,7 +35,7 @@ func (w *Walker) fetchTeams() error {
 	}

 	w.RevTeams = map[string]string{}
-	w.TeamBindings = map[string]*AirbusTeam{}
+	w.TeamBindings = map[string]*fic.CyberrangeTeam{}

 	for tid, team := range w.Teams {
 		for i, t := range teams {
@ -143,7 +143,7 @@ func (w *Walker) WalkScore(path string, d os.DirEntry, err error) error {
 	return nil
 }

-func (w *Walker) TreatScoreGrid(path string, airbusTeam *AirbusTeam) error {
+func (w *Walker) TreatScoreGrid(path string, airbusTeam *fic.CyberrangeTeam) error {
 	// Read score grid
 	fdscores, err := os.Open(path)
 	if err != nil {
Author	SHA1	Message	Date
Pierre-Olivier Mercier	dadb84e8f9	admin: Dex config contains challenge name instead of hardcoded name All checks were successful continuous-integration/drone/push Build is passing Details	2025-03-26 12:04:43 +01:00
Pierre-Olivier Mercier	801042e5cf	fickit: Update linuxkit images	2025-03-26 11:55:36 +01:00
Pierre-Olivier Mercier	fca27b07fe	admin: Also import team members from CyberRange	2025-03-26 11:25:06 +01:00
Pierre-Olivier Mercier	3fc765ccfa	admin: Export logos present in challenge.json	2025-03-26 11:13:09 +01:00
Pierre-Olivier Mercier	590a55c395	libfic: Create a color randomization function	2025-03-25 18:54:36 +01:00
Pierre-Olivier Mercier	b62369f89f	admin: New route to import teams from CyberRange format	2025-03-25 18:19:22 +01:00
Pierre-Olivier Mercier	cb4ceecbf5	challenge-sync-airbus: Refactor and prefer calling it cyberrange	2025-03-25 18:02:11 +01:00
Pierre-Olivier Mercier	98d9f2daf3	Keep repochecker on 3.19 (needed for grammalecte)	2025-03-25 12:04:09 +01:00
Renovate Bot	db1e2603fc	chore(deps): update alpine docker tag to v3.21	2025-03-25 12:04:09 +01:00
Renovate Bot	0730a22daa	chore(deps): update dependency @sveltejs/kit to v2.20.2	2025-03-25 12:04:09 +01:00
Renovate Bot	3467ca6db5	chore(deps): update dependency sass to v1.86.0	2025-03-25 12:04:09 +01:00
Renovate Bot	910adb123a	chore(deps): update dependency prettier to v3.5.3	2025-03-25 12:04:09 +01:00
Renovate Bot	1551c11a00	chore(deps): update dependency eslint to v9.23.0	2025-03-25 12:04:09 +01:00
Renovate Bot	ed3e6b66de	chore(deps): update dependency @sveltestrap/sveltestrap to v7.1.0	2025-03-25 12:04:09 +01:00
Pierre-Olivier Mercier	c21fd098a0	Remove useless file	2025-03-25 12:04:09 +01:00