### Create Challenge Container Source: https://context7.com/gztimewalker/gzctf/llms.txt Starts a Docker/Kubernetes container for a dynamic challenge. This endpoint is rate-limited and returns connection information for the container. ```APIDOC ## POST /api/game/{id}/container/{challengeId} — Create challenge container ### Description Starts a Docker/Kubernetes container for a dynamic challenge; returns connection information. Rate-limited. ### Method POST ### Endpoint /api/game/{id}/container/{challengeId} ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game. - **challengeId** (integer) - Required - The ID of the challenge. ### Response #### Success Response (200) - **containerId** (string) - The ID of the created container. - **ip** (string) - The IP address of the container. - **port** (integer) - The port number for connecting to the container. - **expectStopAt** (string) - The expected time when the container will stop (ISO 8601 format). #### Error Response (400 Bad Request) - **title** (string) - Error message (e.g., "Container already running", "Container count limit exceeded"). - **status** (integer) - HTTP status code (400). #### Error Response (429 Too Many Requests) - Indicates that the operation is too frequent. ### Request Example ```bash curl -b cookies.txt -X POST \ https://ctf.example.com/api/game/1/container/7 ``` ### Response Example ```json { "containerId": "d3f1...", "ip": "10.0.0.5", "port": 31337, "expectStopAt": "2024-10-02T16:30:00Z" } ``` ``` -------------------------------- ### Get Global Configuration Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves the full platform configuration, including account policies, global settings, and container policies. ```APIDOC ## GET /api/admin/config — Get global configuration Returns the full platform configuration: account policy, global settings, and container policy. ### Method GET ### Endpoint /api/admin/config ### Response #### Success Response (200) - **object** - The global configuration object. - **accountPolicy** (object) - Settings related to user accounts. - **allowRegister** (boolean) - Whether registration is allowed. - **activeOnRegister** (boolean) - Whether users are active upon registration. - **useCaptcha** (boolean) - Whether to use CAPTCHA for registration. - **emailConfirmationRequired** (boolean) - Whether email confirmation is required. - **emailDomainList** (string) - A comma-separated list of allowed email domains. - **globalConfig** (object) - General platform settings. - **title** (string) - The title of the platform. - **slogan** (string) - The slogan of the platform. - **apiEncryption** (boolean) - Whether API encryption is enabled. - **footerInfo** (string) - Information displayed in the footer. - **containerPolicy** (object) - Settings related to container management. - **autoDestroyOnLimitReached** (boolean) - Whether to automatically destroy containers when limits are reached. - **maxExerciseContainerCountPerUser** (integer) - Maximum number of exercise containers per user. - **defaultLifetime** (integer) - Default lifetime of containers in minutes. - **extensionDuration** (integer) - Duration for extending container lifetime in minutes. - **renewalWindow** (integer) - Window for container renewal in minutes. ``` -------------------------------- ### Create Challenge Container Source: https://context7.com/gztimewalker/gzctf/llms.txt Starts a Docker or Kubernetes container for a dynamic challenge. Returns connection details like IP, port, and expected stop time. This endpoint is rate-limited. ```bash curl -b cookies.txt -X POST \ https://ctf.example.com/api/game/1/container/7 ``` -------------------------------- ### Get Global Configuration Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves the platform's global configuration, including account policies, general settings, and container policies. This is an admin-only endpoint. ```bash curl -b admin_cookies.txt https://ctf.example.com/api/admin/config ``` -------------------------------- ### Get Challenge Details Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves detailed information about a specific challenge, including its description, attachments, container status, hints, and submission attempts. Requires authentication. ```bash curl -b cookies.txt https://ctf.example.com/api/game/1/challenges/5 ``` -------------------------------- ### GET /api/game Source: https://context7.com/gztimewalker/gzctf/llms.txt Returns games with poster, time range, and participation metadata. Responses are cached for 60 seconds. ```APIDOC ## GET /api/game — List games (paginated) ### Description Returns games with poster, time range, and participation metadata. Responses are cached for 60 seconds. ### Method GET ### Endpoint /api/game ### Parameters #### Query Parameters - **count** (integer) - Optional - The number of games to return per page. - **skip** (integer) - Optional - The number of games to skip. ### Response #### Success Response (200) ```json { "total": 5, "data": [ { "id": 1, "title": "Autumn CTF 2024", "summary": "A challenging CTF", "poster": "/assets/poster1.../poster", "teamCount": 128, "startTimeUtc": "2024-10-01T09:00:00Z", "endTimeUtc": "2024-10-03T09:00:00Z", "status": "OnGoing" } ] } ``` ``` -------------------------------- ### Get Game Notices Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves a list of notices for the game, which can include system-generated alerts like new challenges or hints. Supports pagination with `count` and `skip` parameters. ```bash curl "https://ctf.example.com/api/game/1/notices?count=50&skip=0" ``` -------------------------------- ### GET /api/game/{id}/details Source: https://context7.com/gztimewalker/gzctf/llms.txt Returns challenges visible to the current team, with solve/attempt state per challenge. ```APIDOC ## GET /api/game/{id}/details — Get team's challenge details ### Description Returns challenges visible to the current team, with solve/attempt state per challenge. ### Method GET ### Endpoint /api/game/{id}/details ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game. ### Response #### Success Response (200) ```json { "teamToken": "abc...xyz", "writeupRequired": true, "writeupDeadline": "2024-10-05T09:00:00Z", "challengeCount": 15, "challenges": { "Pwn": [{"id":3, "title":"bof101", "score":200, "isSolved": false, ...}] } } ``` ``` -------------------------------- ### Get Team Information Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves basic information about a team, including its members and avatar. Use the team ID in the URL. ```bash curl https://ctf.example.com/api/team/42 ``` -------------------------------- ### GET /api/team/{id} Source: https://context7.com/gztimewalker/gzctf/llms.txt Returns basic team info including members and avatar. ```APIDOC ## GET /api/team/{id} — Get team information ### Description Returns basic team info including members and avatar. ### Method GET ### Endpoint /api/team/{id} ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the team. ### Response #### Success Response (200) ```json { "id": 42, "name": "BinaryNinjas", "bio": "We love pwn", "avatar": "/assets/xyz.../avatar", "captain": {"userName": "player1", ...}, "members": [...] } ``` ``` -------------------------------- ### GET /api/game/recent Source: https://context7.com/gztimewalker/gzctf/llms.txt Returns games within the last/next three weeks, with ETag-based cache support. ```APIDOC ## GET /api/game/recent — Get recent games ### Description Returns games within the last/next three weeks, with ETag-based cache support. ### Method GET ### Endpoint /api/game/recent ### Parameters #### Query Parameters - **limit** (integer) - Optional - The maximum number of recent games to return. ### Response #### Success Response (200) Array of BasicGameInfoModel. #### Error Response (304) Not Modified — if ETag matches. ``` -------------------------------- ### GET /api/game/{id} Source: https://context7.com/gztimewalker/gzctf/llms.txt Returns full game details including divisions, rules, participation status, and invite code requirements. ```APIDOC ## GET /api/game/{id} — Get detailed game info ### Description Returns full game details including divisions, rules, participation status, and invite code requirements. ### Method GET ### Endpoint /api/game/{id} ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game. ### Response #### Success Response (200) ```json { "id": 1, "title": "Autumn CTF 2024", "content": "# Rules\n...", "acceptWithoutReview": false, "writeupRequired": true, "writeupDeadline": "2024-10-05T09:00:00Z", "teamMemberCountLimit": 4, "containerCountLimit": 3, "divisions": [...], "participated": true, "status": "Accepted" } ``` ``` -------------------------------- ### Get Submissions (Monitor) Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves all flag submissions for a game, including their result codes. This endpoint requires the Monitor role. ```APIDOC ## GET /api/game/{id}/submissions — Get submissions (Monitor) ### Description Returns all flag submissions with result codes. Requires Monitor role. ### Method GET ### Endpoint /api/game/{id}/submissions ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game. #### Query Parameters - **type** (string) - Optional - Filters submissions by result type (e.g., "Accepted"). - **count** (integer) - Optional - The maximum number of submissions to retrieve. Defaults to 50. ### Response #### Success Response (200) - An array of `Submission` records. ### Request Example ```bash curl -b admin_cookies.txt \ "https://ctf.example.com/api/game/1/submissions?type=Accepted&count=50" ``` ### Response Example ``` // array of Submission records ``` ``` -------------------------------- ### Get Detailed Game Info Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves comprehensive details for a specific game, including divisions, rules, and participation status. Requires authentication via cookies. ```bash curl -b cookies.txt https://ctf.example.com/api/game/1 ``` -------------------------------- ### Get Game Scoreboard Source: https://context7.com/gztimewalker/gzctf/llms.txt Fetches the real-time scoreboard for a game, including team rankings, solve counts, and first/second/third solve information. ETag-cached. ```bash curl https://ctf.example.com/api/game/1/scoreboard ``` -------------------------------- ### Get All Submissions (Monitor) Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves all flag submissions for a game, including their results. This endpoint requires the Monitor role and supports filtering by submission type. ```bash curl -b admin_cookies.txt \ "https://ctf.example.com/api/game/1/submissions?type=Accepted&count=50" ``` -------------------------------- ### Get Game Notices Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves a list of game notices, including administrative messages and system-generated alerts such as new challenges or hints. ```APIDOC ## GET /api/game/{id}/notices — Get game notices ### Description Returns the list of admin and system-generated notices (new challenge, new hint, etc.) for the game. ### Method GET ### Endpoint /api/game/{id}/notices ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game. #### Query Parameters - **count** (integer) - Optional - The maximum number of notices to retrieve. Defaults to 50. - **skip** (integer) - Optional - The number of notices to skip from the beginning. Defaults to 0. ### Response #### Success Response (200) - An array of `GameNotice` objects, each containing `type`, `content`, and `publishTime`. ### Request Example ```bash curl "https://ctf.example.com/api/game/1/notices?count=50&skip=0" ``` ### Response Example ``` // array of GameNotice with type, content, and publishTime ``` ``` -------------------------------- ### Get Recent Games Source: https://context7.com/gztimewalker/gzctf/llms.txt Fetches games played within the last or next three weeks. Supports ETag-based caching for efficiency. ```bash curl "https://ctf.example.com/api/game/recent?limit=5" ``` -------------------------------- ### Get Team's Challenge Details Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves challenges visible to the current team within a game, along with their solve and attempt status. Requires authentication via cookies. ```bash curl -b cookies.txt https://ctf.example.com/api/game/1/details ``` -------------------------------- ### Get Cheat Detection Info (Monitor) Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves information about detected flag-sharing events between teams. This endpoint requires the Monitor role. ```APIDOC ## GET /api/game/{id}/cheatinfo — Get cheat detection info (Monitor) ### Description Returns detected flag-sharing events between teams. Requires Monitor role. ### Method GET ### Endpoint /api/game/{id}/cheatinfo ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game. ### Response #### Success Response (200) - An array of objects, each containing `submission` and `source` details of detected cheating events. ### Request Example ```bash curl -b admin_cookies.txt https://ctf.example.com/api/game/1/cheatinfo ``` ### Response Example ```json [ { "submission": {"teamName": "TeamA", "flag": "flag{...}", ...}, "source": {"teamName": "TeamB", ...} } ] ``` ``` -------------------------------- ### Get Challenge Details Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves detailed information about a specific challenge, including its description, attachments, container status, hints, and the number of submission attempts made by the current team. ```APIDOC ## GET /api/game/{id}/challenges/{challengeId} — Get challenge details ### Description Returns challenge description, attachments, container status, hints, and submission attempt count for the current team. ### Method GET ### Endpoint /api/game/{id}/challenges/{challengeId} ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game. - **challengeId** (integer) - Required - The ID of the challenge. ### Response #### Success Response (200) - **id** (integer) - The challenge ID. - **title** (string) - The challenge title. - **content** (string) - The challenge description. - **score** (integer) - The score awarded for solving the challenge. - **type** (string) - The type of the challenge. - **attachment** (object) - Information about the challenge attachment. - **type** (string) - The type of attachment (e.g., "Remote"). - **url** (string) - The URL of the attachment. - **hints** (array) - A list of hints for the challenge. - **submissionCount** (integer) - The number of submission attempts for the current team. ### Request Example ```bash curl -b cookies.txt https://ctf.example.com/api/game/1/challenges/5 ``` ### Response Example ```json { "id": 5, "title": "SQLi101", "content": "Can you bypass the login?", "score": 200, "type": "StaticAttachment", "attachment": {"type": "Remote", "url": "https://..."}, "hints": ["Try UNION-based injection"], "submissionCount": 3 } ``` ``` -------------------------------- ### GET /api/game/{id}/scoreboard Source: https://context7.com/gztimewalker/gzctf/llms.txt Returns the full real-time scoreboard with team rankings, solve counts per challenge, and blood (first/second/third solve) information. ETag-cached. ```APIDOC ## GET /api/game/{id}/scoreboard — Get scoreboard ### Description Returns the full real-time scoreboard with team rankings, solve counts per challenge, and blood (first/second/third solve) information. ETag-cached. ### Method GET ### Endpoint /api/game/{id}/scoreboard ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game. ### Response #### Success Response (200) ```json { "updateTimeUtc": "2024-10-02T14:30:00Z", "challenges": { "Web": [{"id": 5, "title": "SQLi101", "score": 500, "solvedCount": 12, ...}] }, "items": [ {"rank": 1, "name": "BinaryNinjas", "score": 2400, "solves": 8, ...} ] } ``` ``` -------------------------------- ### Get User Profile with cURL Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves the profile information for the currently authenticated user. This includes their user ID, username, email, avatar URL, role, registration time, and last sign-in time. ```bash curl -b cookies.txt https://ctf.example.com/api/account/profile # 200 OK # { # "userId": "3f2504e0-4f89-11d3-9a0c-0305e82c3301", # "userName": "player1", # "email": "player1@university.edu", # "avatar": "/assets/abc123.../avatar", # "role": "User", # "registerTime": "2024-09-01T10:00:00Z", # "lastSignedIn": "2024-10-15T08:30:00Z" # } ``` -------------------------------- ### Get Cheat Detection Info (Monitor) Source: https://context7.com/gztimewalker/gzctf/llms.txt Fetches information about detected instances of flag sharing between teams. This requires the Monitor role and provides details on the submitting team and the source of the shared flag. ```bash curl -b admin_cookies.txt https://ctf.example.com/api/game/1/cheatinfo ``` -------------------------------- ### GET /api/account/profile Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves the profile information for the currently authenticated user. This includes their user ID, username, email, avatar URL, role, registration time, and last sign-in time. ```APIDOC ## GET /api/account/profile ### Description Returns the authenticated user's profile including role, avatar URL, registration time, and custom fields. ### Method GET ### Endpoint /api/account/profile ### Response #### Success Response (200) - **userId** (string) - The unique identifier for the user. - **userName** (string) - The user's chosen username. - **email** (string) - The user's email address. - **avatar** (string) - The URL to the user's avatar. - **role** (string) - The user's role within the platform (e.g., "User", "Admin"). - **registerTime** (string) - The timestamp when the user registered. - **lastSignedIn** (string) - The timestamp of the user's last sign-in. #### Response Example ```json { "userId": "3f2504e0-4f89-11d3-9a0c-0305e82c3301", "userName": "player1", "email": "player1@university.edu", "avatar": "/assets/abc123.../avatar", "role": "User", "registerTime": "2024-09-01T10:00:00Z", "lastSignedIn": "2024-10-15T08:30:00Z" } ``` ``` -------------------------------- ### Create Game Source: https://context7.com/gztimewalker/gzctf/llms.txt Creates a new CTF game with full configuration, including title, summary, content, start/end times, and limits. ```APIDOC ## POST /api/edit/games — Create a game Creates a new CTF game with full configuration. ### Method POST ### Endpoint /api/edit/games ### Request Body - **title** (string) - Required - The title of the game. - **summary** (string) - Required - A brief summary of the game. - **content** (string) - Required - Detailed content or rules for the game. - **startTimeUtc** (string) - Required - The start time of the game in UTC. - **endTimeUtc** (string) - Required - The end time of the game in UTC. - **teamMemberCountLimit** (integer) - Required - The maximum number of members per team. - **containerCountLimit** (integer) - Required - The maximum number of containers per team. - **acceptWithoutReview** (boolean) - Required - Whether to accept submissions without review. - **writeupRequired** (boolean) - Required - Whether a writeup is required. - **writeupDeadline** (string) - Optional - The deadline for submitting writeups. - **practiceMode** (boolean) - Required - Whether the game is in practice mode. ### Request Example ```json { "title": "Winter CTF 2024", "summary": "A winter-themed CTF", "content": "# Rules\nTeams of up to 4 players...", "startTimeUtc": "2024-12-01T09:00:00Z", "endTimeUtc": "2024-12-03T09:00:00Z", "teamMemberCountLimit": 4, "containerCountLimit": 3, "acceptWithoutReview": false, "writeupRequired": true, "writeupDeadline": "2024-12-07T09:00:00Z", "practiceMode": false } ``` ### Response #### Success Response (200) - **GameInfoModel** - The created game information, including a generated ID. ``` -------------------------------- ### Create CTF Game Source: https://context7.com/gztimewalker/gzctf/llms.txt Use this endpoint to create a new CTF game with all its configuration details. Ensure all required fields like title, start/end times, and limits are provided. ```bash curl -b admin_cookies.txt -X POST https://ctf.example.com/api/edit/games \ -H "Content-Type: application/json" \ -d '{ "title": "Winter CTF 2024", "summary": "A winter-themed CTF", "content": "# Rules\nTeams of up to 4 players...", "startTimeUtc": "2024-12-01T09:00:00Z", "endTimeUtc": "2024-12-03T09:00:00Z", "teamMemberCountLimit": 4, "containerCountLimit": 3, "acceptWithoutReview": false, "writeupRequired": true, "writeupDeadline": "2024-12-07T09:00:00Z", "practiceMode": false }' ``` -------------------------------- ### Download All Traffic (Monitor) Source: https://context7.com/gztimewalker/gzctf/llms.txt Downloads all network traffic captured for a specific team's challenge container as a `.tar` archive. This requires the Monitor role and is useful for post-game analysis. ```bash curl -b admin_cookies.txt \ "https://ctf.example.com/api/game/captures/7/99/all" \ -o traffic_team99_ch7.tar ``` -------------------------------- ### Register New User with cURL Source: https://context7.com/gztimewalker/gzctf/llms.txt Use this endpoint to register a new user account. It supports optional captcha and email domain whitelisting. The response indicates immediate activation, email confirmation requirement, or if registration is disabled. ```bash # Register with username/email/password curl -X POST https://ctf.example.com/api/account/register \ -H "Content-Type: application/json" \ -d '{ "userName": "player1", "email": "player1@university.edu", "password": "S3cur3P@ssw0rd!" }' # 200 OK — immediately logged in (ActiveOnRegister = true) # {"title":"Registration successful","data":"LoggedIn","status":200} # 200 OK — email confirmation required # {"title":"A verification email has been sent","data":"EmailConfirmationRequired","status":200} # 400 Bad Request — registration disabled # {"title":"Registration is not enabled","status":400} ``` -------------------------------- ### Batch Create Users Source: https://context7.com/gztimewalker/gzctf/llms.txt Creates multiple users simultaneously. This is useful for pre-registering participants and can optionally assign them to specific teams. ```bash curl -b admin_cookies.txt -X POST https://ctf.example.com/api/admin/users \ -H "Content-Type: application/json" \ -d '[ { "userName": "alice", "email": "alice@university.edu", "password": "TempPass123!", "realName": "Alice Smith", "stdNumber": "20240001", "teamName": "Team Alpha" }, { "userName": "bob", "email": "bob@university.edu", "password": "TempPass456!", "realName": "Bob Jones", "stdNumber": "20240002", "teamName": "Team Alpha" } ]' # 200 OK — users created, Team Alpha created and both members added ``` -------------------------------- ### Create Team Source: https://context7.com/gztimewalker/gzctf/llms.txt Creates a new team. A user can captain a maximum of 3 teams. Requires authentication via cookies. ```bash curl -b cookies.txt -X POST https://ctf.example.com/api/team \ -H "Content-Type: application/json" \ -d '{"name": "BinaryNinjas", "bio": "We love pwn"}' ``` -------------------------------- ### Join Team via Invite Source: https://context7.com/gztimewalker/gzctf/llms.txt Allows a user to join a team using a provided invite token. Requires authentication via cookies. The invite token is passed as a query parameter. ```bash curl -b cookies.txt -X POST \ "https://ctf.example.com/api/team/42/invite?inviteToken=abc123def456" ``` -------------------------------- ### Batch create users Source: https://context7.com/gztimewalker/gzctf/llms.txt Creates multiple users at once, optionally assigning them to named teams. Ideal for pre-registering participants. ```APIDOC ## POST /api/admin/users — Batch create users ### Description Creates multiple users at once, optionally assigning them to named teams. Ideal for pre-registering participants. ### Method POST ### Endpoint /api/admin/users ### Request Body - **array** (object) - Required - An array of user objects to create. - **userName** (string) - Required - The desired username. - **email** (string) - Required - The user's email address. - **password** (string) - Required - The user's password. - **realName** (string) - Optional - The user's real name. - **stdNumber** (string) - Optional - The user's student number. - **teamName** (string) - Optional - The name of the team to assign the user to. ### Request Example ```json [ { "userName": "alice", "email": "alice@university.edu", "password": "TempPass123!", "realName": "Alice Smith", "stdNumber": "20240001", "teamName": "Team Alpha" }, { "userName": "bob", "email": "bob@university.edu", "password": "TempPass456!", "realName": "Bob Jones", "stdNumber": "20240002", "teamName": "Team Alpha" } ] ``` ### Response #### Success Response (200) - **message** (string) - Confirmation message indicating users were created and teams were assigned. ``` -------------------------------- ### Submit Writeup PDF Source: https://context7.com/gztimewalker/gzctf/llms.txt Uploads a post-game writeup in PDF format, with a maximum file size of 20 MB. The submission must occur before the writeup deadline. ```bash curl -b cookies.txt -X POST https://ctf.example.com/api/game/1/writeup \ -F "file=@writeup.pdf;type=application/pdf" ``` -------------------------------- ### Submit Writeup PDF Source: https://context7.com/gztimewalker/gzctf/llms.txt Uploads a post-game writeup PDF file. The file size is limited to 20 MB and must be uploaded before the writeup deadline. ```APIDOC ## POST /api/game/{id}/writeup — Submit writeup PDF ### Description Uploads a post-game writeup PDF (max 20 MB) before the writeup deadline. ### Method POST ### Endpoint /api/game/{id}/writeup ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game. #### Request Body - **file** (file) - Required - The writeup PDF file to upload. Must be of type `application/pdf` and max 20 MB. ### Request Example ```bash curl -b cookies.txt -X POST https://ctf.example.com/api/game/1/writeup \ -F "file=@writeup.pdf;type=application/pdf" ``` ### Response #### Success Response (200) - Indicates successful writeup submission. #### Error Response (400 Bad Request) - **title** (string) - Error message (e.g., "Writeup deadline has passed", "File is not a PDF"). - **status** (integer) - HTTP status code (400). ``` -------------------------------- ### List All Users Source: https://context7.com/gztimewalker/gzctf/llms.txt Retrieves a paginated list of users, including their roles and metadata. Supports `count` and `skip` query parameters for pagination. ```bash curl -b admin_cookies.txt \ "https://ctf.example.com/api/admin/users?count=50&skip=0" # 200 OK # { # "total": 312, # "data": [ # {"id": "...", "userName": "player1", "email": "...", "role": "User", ...} # ] # } ``` -------------------------------- ### Download All Traffic (Monitor) Source: https://context7.com/gztimewalker/gzctf/llms.txt Downloads all captured network packets for a team's challenge container as a `.tar` archive. This endpoint requires the Monitor role. ```APIDOC ## GET /api/game/captures/{challengeId}/{partId}/all — Download all traffic (Monitor) ### Description Downloads all captured network packets for a team's challenge container as a `.tar` archive. Requires Monitor role. ### Method GET ### Endpoint /api/game/captures/{challengeId}/{partId}/all ### Parameters #### Path Parameters - **challengeId** (integer) - Required - The ID of the challenge. - **partId** (integer) - Required - The ID of the part. ### Response #### Success Response (200) - A streaming `.tar` archive containing the captured network packets. ### Request Example ```bash curl -b admin_cookies.txt \ "https://ctf.example.com/api/game/captures/7/99/all" \ -o traffic_team99_ch7.tar ``` ``` -------------------------------- ### POST /api/team Source: https://context7.com/gztimewalker/gzctf/llms.txt Creates a new team. A user may captain at most 3 teams. ```APIDOC ## POST /api/team — Create a team ### Description Creates a new team; a user may captain at most 3 teams. ### Method POST ### Endpoint /api/team ### Request Body - **name** (string) - Required - The name of the team. - **bio** (string) - Optional - A short biography for the team. ### Request Example ```json { "name": "BinaryNinjas", "bio": "We love pwn" } ``` ### Response #### Success Response (200) TeamInfoModel with teamId, captain, members, invite token. #### Error Response (400) Bad Request — team creation limit exceeded ``` -------------------------------- ### Export Game Package Source: https://context7.com/gztimewalker/gzctf/llms.txt This endpoint exports an entire game, including challenges, flags, and divisions, into a ZIP file. This is useful for backups or migrating games. ```bash curl -b admin_cookies.txt -X POST \ https://ctf.example.com/api/edit/games/1/export \ -o "WinterCTF2024-export.zip" ``` -------------------------------- ### Configure GZCTF Application Settings Source: https://context7.com/gztimewalker/gzctf/llms.txt This JSON file defines the core configuration for the GZCTF server, including database and cache connection strings, email server details, container provider settings, captcha configuration, and telemetry options. Ensure sensitive information like passwords and keys are managed securely, potentially through environment variables. ```json { "ConnectionStrings": { "Database": "Host=db:5432;Database=gzctf;Username=gzctf;Password=strongpassword", "RedisCache": "redis:6379,password=redispassword" }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "EmailConfig": { "UserName": "ctf@university.edu", "Password": "smtp_password", "SenderAddress": "ctf@university.edu", "SenderName": "UniCTF Platform", "Smtp": { "Host": "smtp.university.edu", "Port": 587, "BypassCertVerify": false } }, "ContainerProvider": { "Type": "Docker", "PortMappingType": "Default", "EnableTrafficCapture": false, "PublicEntry": "ctf.university.edu", "DockerConfig": { "Uri": "unix:///var/run/docker.sock", "ChallengeNetwork": "gzctf_challenges" } }, "CaptchaConfig": { "Provider": "CloudflareTurnstile", "SiteKey": "0x4AAAAAAAxxxxxx", "SecretKey": "0x4AAAAAAAyyyyyy" }, "Telemetry": { "Prometheus": { "Enable": true, "TotalNameSuffixForCounters": false } }, "GrafanaLoki": { "Enable": false, "EndpointUri": "http://loki:3100" }, "ForwardedOptions": { "ForwardedHeaders": "XForwardedFor, XForwardedProto", "TrustedNetworks": ["10.0.0.0/8", "172.16.0.0/12"] } } ``` -------------------------------- ### Test Challenge Container Source: https://context7.com/gztimewalker/gzctf/llms.txt Admins can use this endpoint to create and test a challenge's container before making it available to participants. It returns container details and expected stop time. ```bash curl -b admin_cookies.txt -X POST \ https://ctf.example.com/api/edit/games/1/challenges/7/container ``` -------------------------------- ### Update Global Configuration Source: https://context7.com/gztimewalker/gzctf/llms.txt Use this endpoint to update platform-wide settings. Enabling `apiEncryption` will auto-generate a new X25519 key pair. ```bash curl -b admin_cookies.txt -X PUT https://ctf.example.com/api/admin/config \ -H "Content-Type: application/json" \ -d '{ "accountPolicy": { "allowRegister": true, "activeOnRegister": false, "useCaptcha": true, "emailConfirmationRequired": true, "emailDomainList": "university.edu" }, "globalConfig": { "title": "UniCTF", "slogan": "Where logic meets creativity", "apiEncryption": true }, "containerPolicy": { "defaultLifetime": 180, "extensionDuration": 60, "renewalWindow": 15 } }' # 200 OK ``` -------------------------------- ### Join Game Source: https://context7.com/gztimewalker/gzctf/llms.txt Registers the current user's team in a game. Optionally specify a division ID and invite code. Requires authentication via cookies. Subject to game status, division validity, and team limits. ```bash curl -b cookies.txt -X POST https://ctf.example.com/api/game/1 \ -H "Content-Type: application/json" \ -d '{"teamId": 42, "divisionId": 2, "inviteCode": "AUTUMN2024"}' ``` -------------------------------- ### Upload Platform Logo Source: https://context7.com/gztimewalker/gzctf/llms.txt Uploads a new platform logo, with a maximum size of 3 MB. The image will be automatically resized to 640px for the logo and 256px for the favicon. ```bash curl -b admin_cookies.txt -X POST \ https://ctf.example.com/api/admin/config/logo \ -F "file=@logo.png;type=image/png" # 200 OK ``` -------------------------------- ### List all users Source: https://context7.com/gztimewalker/gzctf/llms.txt Returns paginated user list with roles and metadata. Supports `count` and `skip` query parameters. ```APIDOC ## GET /api/admin/users — List all users ### Description Returns paginated user list with roles and metadata. Supports `count` and `skip` query parameters. ### Method GET ### Endpoint /api/admin/users ### Query Parameters - **count** (integer) - Optional - The number of users to return per page. - **skip** (integer) - Optional - The number of users to skip from the beginning of the list. ### Response #### Success Response (200) - **total** (integer) - The total number of users. - **data** (array) - An array of user objects. - **id** (string) - The unique identifier for the user. - **userName** (string) - The username of the user. - **email** (string) - The email address of the user. - **role** (string) - The role of the user (e.g., "User", "Admin"). - **...** (any) - Other user metadata. ``` -------------------------------- ### Create Division Source: https://context7.com/gztimewalker/gzctf/llms.txt Adds a competition division to a game, with options for a name, description, invite code, and default permissions. ```APIDOC ## POST /api/edit/games/{id}/divisions — Create a division Adds a competition division (e.g., undergraduate, graduate) with its own permissions and optional invite code. ### Method POST ### Endpoint /api/edit/games/{id}/divisions ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game to which the division will be added. ### Request Body - **name** (string) - Required - The name of the division. - **description** (string) - Optional - A description for the division. - **inviteCode** (string) - Optional - An invite code for the division. - **defaultPermissions** (array of strings) - Optional - Default permissions for division members. ### Request Example ```json { "name": "Undergraduate", "description": "For undergraduate students only", "inviteCode": "UG2024", "defaultPermissions": ["JoinGame", "ViewChallenge", "SubmitFlags"] } ``` ### Response #### Success Response (200) - **Division object** - The created division object. ``` -------------------------------- ### Create Game Division Source: https://context7.com/gztimewalker/gzctf/llms.txt Use this endpoint to create a new division within a game, allowing for segmented competitions. You can specify permissions and an optional invite code. ```bash curl -b admin_cookies.txt -X POST \ https://ctf.example.com/api/edit/games/1/divisions \ -H "Content-Type: application/json" \ -d '{ "name": "Undergraduate", "description": "For undergraduate students only", "inviteCode": "UG2024", "defaultPermissions": ["JoinGame", "ViewChallenge", "SubmitFlags"] }' ``` -------------------------------- ### Log in User with cURL Source: https://context7.com/gztimewalker/gzctf/llms.txt Authenticates a user with their username (or email) and password. A successful login establishes a session cookie. Banned users will receive a 401 Unauthorized response. ```bash curl -c cookies.txt -X POST https://ctf.example.com/api/account/login \ -H "Content-Type: application/json" \ -d '{"userName": "player1", "password": "S3cur3P@ssw0rd!"}' # 200 OK — session cookie set # 401 Unauthorized — {"title":"Incorrect username or password","status":401} ``` -------------------------------- ### Update global configuration Source: https://context7.com/gztimewalker/gzctf/llms.txt Updates platform-wide settings. Enabling `apiEncryption` auto-generates a new X25519 key pair. ```APIDOC ## PUT /api/admin/config — Update global configuration ### Description Updates platform-wide settings. Enabling `apiEncryption` auto-generates a new X25519 key pair. ### Method PUT ### Endpoint /api/admin/config ### Request Body - **accountPolicy** (object) - Required - Policy for user accounts. - **allowRegister** (boolean) - Required - Whether registration is allowed. - **activeOnRegister** (boolean) - Required - Whether new accounts are active by default. - **useCaptcha** (boolean) - Required - Whether to use CAPTCHA for registration. - **emailConfirmationRequired** (boolean) - Required - Whether email confirmation is required. - **emailDomainList** (string) - Required - Allowed email domains. - **globalConfig** (object) - Required - Global platform settings. - **title** (string) - Required - The title of the platform. - **slogan** (string) - Required - The slogan of the platform. - **apiEncryption** (boolean) - Required - Whether to enable API encryption. - **containerPolicy** (object) - Required - Policy for challenge containers. - **defaultLifetime** (integer) - Required - Default lifetime of containers in minutes. - **extensionDuration** (integer) - Required - Duration for extending container lifetime in minutes. - **renewalWindow** (integer) - Required - Window for renewing container lifetime in minutes. ### Request Example ```json { "accountPolicy": { "allowRegister": true, "activeOnRegister": false, "useCaptcha": true, "emailConfirmationRequired": true, "emailDomainList": "university.edu" }, "globalConfig": { "title": "UniCTF", "slogan": "Where logic meets creativity", "apiEncryption": true }, "containerPolicy": { "defaultLifetime": 180, "extensionDuration": 60, "renewalWindow": 15 } } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation message. ``` -------------------------------- ### Export Game Package Source: https://context7.com/gztimewalker/gzctf/llms.txt Exports the entire game, including challenges, flags, attachments, and divisions, as a ZIP file. ```APIDOC ## POST /api/edit/games/{id}/export — Export game package Exports the entire game (challenges, flags, attachments, divisions) as a ZIP file for archival or migration. ### Method POST ### Endpoint /api/edit/games/{id}/export ### Parameters #### Path Parameters - **id** (integer) - Required - The ID of the game to export. ### Response #### Success Response (200) - **ZIP file stream download** - The exported game package as a ZIP file. #### Error Response (404) - **Not Found** - If the specified game is not found. ``` -------------------------------- ### Reset Password with Token Source: https://context7.com/gztimewalker/gzctf/llms.txt Completes the password-reset flow using a Base64-encoded token and email. Ensure the email and token are correctly encoded. ```bash curl -X POST https://ctf.example.com/api/account/passwordreset \ -H "Content-Type: application/json" \ -d '{ "email": "", "rToken": "", "password": "N3wP@ssw0rd#2024" }' ``` -------------------------------- ### POST /api/account/register Source: https://context7.com/gztimewalker/gzctf/llms.txt Registers a new user account. The response indicates the account status: immediately activated, awaiting admin approval, or requiring email confirmation. It supports optional captcha and email domain whitelisting. ```APIDOC ## POST /api/account/register ### Description Registers a user account. Returns a `RegisterStatus` indicating whether the account was immediately activated, is waiting for admin approval, or requires email confirmation. Supports optional captcha and email domain whitelisting. ### Method POST ### Endpoint /api/account/register ### Request Body - **userName** (string) - Required - The desired username. - **email** (string) - Required - The user's email address. - **password** (string) - Required - The user's password. ### Request Example ```json { "userName": "player1", "email": "player1@university.edu", "password": "S3cur3P@ssw0rd!" } ``` ### Response #### Success Response (200) - **title** (string) - A message indicating the registration outcome. - **data** (string) - The registration status (e.g., "LoggedIn", "EmailConfirmationRequired"). - **status** (integer) - HTTP status code. #### Response Example (Success) ```json { "title": "Registration successful", "data": "LoggedIn", "status": 200 } ``` #### Error Response (400) - **title** (string) - Error message. - **status** (integer) - HTTP status code. #### Response Example (Error) ```json { "title": "Registration is not enabled", "status": 400 } ``` ``` -------------------------------- ### Add Challenge to Game Source: https://context7.com/gztimewalker/gzctf/llms.txt This endpoint adds a new challenge to an existing game. Specify the game ID and provide challenge details like title, type, and category. ```bash curl -b admin_cookies.txt -X POST \ https://ctf.example.com/api/edit/games/1/challenges \ -H "Content-Type: application/json" \ -d '{ "title": "Buffer Overflow 101", "type": "DynamicContainer", "category": "Pwn" }' ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.