package main import ( "fmt" "html/template" "log" "math/rand" "net/http" "os" "strconv" "strings" "time" "github.com/gorilla/mux" "github.com/radareorg/r2pipe-go" ) type Battle struct { ID int Name string Bots []Bot Owners []User Public bool Archs []Arch Bits []Bit RawOutput string MaxRounds int ArenaSize int } ////////////////////////////////////////////////////////////////////////////// // GENERAL PURPOSE func BattleGetAll() ([]Battle, error) { return globalState.GetAllBattles() } func BattleCreate(battle Battle, owner User) (int, error) { return globalState.InsertBattle(battle, owner) } func BattleLinkBot(botid int, battleid int) error { return globalState.LinkBotBattle(botid, battleid) } func BattleUnlinkAllBotsForUser(userid int, battleid int) error { return globalState.UnlinkAllBotsForUserFromBattle(userid, battleid) } func BattleGetByIdDeep(id int) (Battle, error) { return globalState.GetBattleByIdDeep(id) } func BattleUpdate(battle Battle) error { return globalState.UpdateBattle(battle) } func BattleLinkArchIDs(battleid int, archIDs []int) error { return globalState.LinkArchIDsToBattle(battleid, archIDs) } func BattleLinkBitIDs(battleid int, bitIDs []int) error { return globalState.LinkBitIDsToBattle(battleid, bitIDs) } func BattleLinkOwnerIDs(battleid int, ownerIDs []int) error { return globalState.LinkOwnerIDsToBattle(battleid, ownerIDs) } func BattleSaveRawOutput(battleid int, rawOutput string) error { return globalState.UpdateBattleRawOutput(battleid, rawOutput) } func BattleDeleteID(battleid int) error { return globalState.DeleteBattleByID(battleid) } ////////////////////////////////////////////////////////////////////////////// // DATABASE func (s *State) InsertBattle(battle Battle, owner User) (int, error) { // create the battle res, err := s.db.Exec(` INSERT INTO battles VALUES(NULL,?,?,?,?,?,?) `, time.Now(), battle.Name, battle.Public, battle.RawOutput, battle.MaxRounds, battle.ArenaSize) if err != nil { log.Println(err) return -1, err } var id int64 if id, err = res.LastInsertId(); err != nil { log.Println(err) return -1, err } // insert the owner into the battle_owner rel _, err = s.db.Exec("INSERT INTO owner_battle_rel VALUES (?, ?)", owner.ID, battle.ID) if err != nil { log.Println(err) return -1, err } return int(id), nil } func (s *State) UpdateBattle(battle Battle) error { log.Println("Updating battle:") log.Println(battle.ArenaSize) _, err := s.db.Exec(` UPDATE battles SET name=?, public=?, arena_size=?, max_rounds=? WHERE id=?`, battle.Name, battle.Public, battle.ArenaSize, battle.MaxRounds, battle.ID) if err != nil { log.Println(err) return err } log.Println("Done updating") return nil } func (s *State) LinkBotBattle(botid int, battleid int) error { _, err := s.db.Exec("INSERT INTO bot_battle_rel VALUES (?, ?)", botid, battleid) if err != nil { log.Println(err) return err } else { return nil } } func (s *State) LinkOwnerBattle(battleid int, ownerid int) error { _, err := s.db.Exec("INSERT INTO owner_battle_rel VALUES (?, ?)", ownerid, battleid) if err != nil { log.Println(err) return err } else { return nil } } func (s *State) UnlinkAllBotsForUserFromBattle(userid int, battleid int) error { // get a user with the given id // for all of their bots // delete the bots from the bot_battle relation // there are some joins to get through the following links: // bot_battle_rel.bot_id // -> bot.id // -> user_bot_rel.bot_id // -> user_bot_rel.user_id // -> user.id // delete preexisting links _, err := s.db.Exec(` DELETE FROM bot_battle_rel WHERE bot_id IN (SELECT b.id FROM bot_battle_rel bb_rel JOIN bots b ON b.id = bb_rel.bot_id JOIN user_bot_rel ub_rel ON ub_rel.bot_id = b.id JOIN users u ON u.id = ub_rel.user_id WHERE u.id=?)`, userid) if err != nil { log.Println(err) return err } return nil } func (s *State) LinkArchIDsToBattle(battleid int, archIDs []int) error { // delete preexisting links _, err := s.db.Exec("DELETE FROM arch_battle_rel WHERE battle_id=?", battleid) if err != nil { log.Println(err) return err } // yes, we're building this by hand, but as we only insert int's I'm just confident that whoever // gets some sqli here just deserves it :D query := "INSERT INTO arch_battle_rel (arch_id, battle_id) VALUES" for idx, id := range archIDs { query += fmt.Sprintf("(%d, %d)", id, battleid) if idx != len(archIDs)-1 { query += ", " } } query += ";" log.Println(query) _, err = s.db.Exec(query) if err != nil { log.Println(err) return err } else { return nil } } func (s *State) LinkBitIDsToBattle(battleid int, bitIDs []int) error { // delete preexisting links _, err := s.db.Exec("DELETE FROM bit_battle_rel WHERE battle_id=?", battleid) if err != nil { log.Println(err) return err } // yes, we're building this by hand, but as we only insert int's I'm just confident that whoever // gets some sqli here just deserves it :D query := "INSERT INTO bit_battle_rel (bit_id, battle_id) VALUES" for idx, id := range bitIDs { query += fmt.Sprintf("(%d, %d)", id, battleid) if idx != len(bitIDs)-1 { query += ", " } } query += ";" log.Println(query) _, err = s.db.Exec(query) if err != nil { log.Println(err) return err } else { return nil } } func (s *State) LinkOwnerIDsToBattle(battleid int, ownerIDs []int) error { // delete preexisting links _, err := s.db.Exec("DELETE FROM owner_battle_rel WHERE battle_id=?", battleid) if err != nil { log.Println(err) return err } // yes, we're building this by hand, but as we only insert int's I'm just confident that whoever // gets some sqli here just deserves it :D query := "INSERT INTO owner_battle_rel (user_id, battle_id) VALUES" for idx, id := range ownerIDs { query += fmt.Sprintf("(%d, %d)", id, battleid) if idx != len(ownerIDs)-1 { query += ", " } } query += ";" log.Println(query) _, err = s.db.Exec(query) if err != nil { log.Println(err) return err } else { return nil } } func (s *State) GetAllBattles() ([]Battle, error) { rows, err := s.db.Query("SELECT id, name FROM battles;") defer rows.Close() if err != nil { log.Println(err) return nil, err } var battles []Battle for rows.Next() { var battle Battle if err := rows.Scan(&battle.ID, &battle.Name); err != nil { log.Println(err) return battles, err } battles = append(battles, battle) } if err = rows.Err(); err != nil { log.Println(err) return battles, err } return battles, nil } func (s *State) GetBattleByIdDeep(id int) (Battle, error) { var battleid int var battlename string var battlepublic bool var battlerawoutput string var battlemaxrounds int var battlearenasize int var botids string var botnames string var userids string var usernames string var archids string var archnames string var bitids string var bitnames string var ownerids string var ownernames string // battles have associated bots and users, we're fetching 'em all! // This fetches the battles and relates the associated bots, users, archs and bits // TODO(emile): go deeper! we could fetch battle -> bot -> arch (so fetching the linked arch // for the given bot) // COALESCE is used to set default values // TODO(emile): do fancy migrations instead of the COALESCE stuff for setting defaults if // no value is set beforehand err := s.db.QueryRow(` SELECT DISTINCT ba.id, ba.name, ba.public, COALESCE(ba.raw_output, ""), COALESCE(ba.max_rounds, 100), COALESCE(ba.arena_size, 4096), COALESCE(group_concat(DISTINCT bb.bot_id), ""), COALESCE(group_concat(DISTINCT bo.name), ""), COALESCE(group_concat(DISTINCT ub.user_id), ""), COALESCE(group_concat(DISTINCT us.name), ""), COALESCE(group_concat(DISTINCT ab.arch_id), ""), COALESCE(group_concat(DISTINCT ar.name), ""), COALESCE(group_concat(DISTINCT bitbat.bit_id), ""), COALESCE(group_concat(DISTINCT bi.name), ""), COALESCE(group_concat(DISTINCT ownerbat.user_id), ""), COALESCE(group_concat(DISTINCT owner.name), "") FROM battles ba LEFT JOIN bot_battle_rel bb ON bb.battle_id = ba.id LEFT JOIN bots bo ON bo.id = bb.bot_id LEFT JOIN user_battle_rel ub ON ub.battle_id = ba.id LEFT JOIN users us ON us.id = ub.user_id LEFT JOIN arch_battle_rel ab ON ab.battle_id = ba.id LEFT JOIN archs ar ON ar.id = ab.arch_id LEFT JOIN bit_battle_rel bitbat ON bitbat.battle_id = ba.id LEFT JOIN bits bi ON bi.id = bitbat.bit_id LEFT JOIN owner_battle_rel ownerbat ON ownerbat.battle_id = ba.id LEFT JOIN users owner ON owner.id = ownerbat.user_id WHERE ba.id=? GROUP BY ba.id; `, id).Scan(&battleid, &battlename, &battlepublic, &battlerawoutput, &battlemaxrounds, &battlearenasize, &botids, &botnames, &userids, &usernames, &archids, &archnames, &bitids, &bitnames, &ownerids, &ownernames) if err != nil { log.Println(err) return Battle{}, err } // The below is a wonderful examle of how golang could profit from macros // I should just have done this all in common lisp tbh. // assemble the bots botIDList := strings.Split(botids, ",") botNameList := strings.Split(botnames, ",") // Using strings.Split on an empty string returns a list containing // nothing with a length of one // https://go.dev/play/p/N1D-OcwiVAs var bots []Bot if botIDList[0] != "" { for i := range botIDList { id, err := strconv.Atoi(botIDList[i]) if err != nil { log.Println(err) return Battle{}, err } bots = append(bots, Bot{id, botNameList[i], "", []User{}, []Arch{}, []Bit{}}) } } else { bots = []Bot{} } // assemble the users userIDList := strings.Split(userids, ",") userNameList := strings.Split(usernames, ",") var users []User if userIDList[0] != "" { for i := range userIDList { id, err := strconv.Atoi(userIDList[i]) if err != nil { log.Println(err) return Battle{}, err } users = append(users, User{id, userNameList[i], []byte{}}) } } else { users = []User{} } // assemble the archs archIDList := strings.Split(archids, ",") archNameList := strings.Split(archnames, ",") var archs []Arch if archIDList[0] != "" { for i := range archIDList { id, err := strconv.Atoi(archIDList[i]) if err != nil { log.Println(err) return Battle{}, err } archs = append(archs, Arch{id, archNameList[i], true}) } } else { archs = []Arch{} } // assemble the bits bitIDList := strings.Split(bitids, ",") bitNameList := strings.Split(bitnames, ",") var bits []Bit if bitIDList[0] != "" { for i := range bitIDList { id, err := strconv.Atoi(bitIDList[i]) if err != nil { log.Println(err) return Battle{}, err } bits = append(bits, Bit{id, bitNameList[i], true}) } } else { bits = []Bit{} } // assemble the owners ownerIDList := strings.Split(ownerids, ",") ownerNameList := strings.Split(ownernames, ",") var owners []User if ownerIDList[0] != "" { for i := range ownerIDList { id, err := strconv.Atoi(ownerIDList[i]) if err != nil { log.Println(err) return Battle{}, err } owners = append(owners, User{id, ownerNameList[i], nil}) } } else { owners = []User{} } return Battle{ ID: battleid, Name: battlename, Bots: bots, Owners: owners, Public: battlepublic, Archs: archs, Bits: bits, RawOutput: battlerawoutput, MaxRounds: battlemaxrounds, ArenaSize: battlearenasize, }, nil } func (s *State) UpdateBattleRawOutput(battleid int, rawOutput string) error { _, err := s.db.Exec("UPDATE battles SET raw_output=? WHERE id=?", rawOutput, battleid) if err != nil { log.Println(err) return err } return nil } // This deletes a battle and all links to users, bots, architectures and bits func (s *State) DeleteBattleByID(battleid int) error { _, err := s.db.Exec(` DELETE FROM battles WHERE battleid = ?; DELETE FROM user_battle_rel WHERE battleid = ?; DELETE FROM bot_battle_rel WHERE battleid = ?; DELETE FROM arch_battle_rel WHERE battleid = ?; DELETE FROM bit_battle_rel WHERE battleid = ?; `, battleid, battleid, battleid, battleid, battleid) if err != nil { log.Println(err) return err } _, err = s.db.Exec(` DELETE FROM battles WHERE battleid = ? `, battleid) if err != nil { log.Println(err) return err } return nil } ////////////////////////////////////////////////////////////////////////////// // HTTP func battlesHandler(w http.ResponseWriter, r *http.Request) { switch r.Method { case "GET": // define data data := map[string]interface{}{} data["version"] = os.Getenv("VERSION") data["pagelink1"] = Link{Name: "battle", Target: "/battle"} data["pagelink1options"] = []Link{ {Name: "bot", Target: "/bot"}, {Name: "user", Target: "/user"}, } data["pagelinknext"] = []Link{ {Name: "new", Target: "/new"}, {Name: "quick", Target: "/quick"}, } // sessions session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"] if username == nil { http.Redirect(w, r, "/login", http.StatusSeeOther) return } else { // get the user user, err := UserGetUserFromUsername(username.(string)) if err != nil { log.Println(err) http.Redirect(w, r, "/login", http.StatusSeeOther) return } data["user"] = user } // get all battles battles, err := BattleGetAll() data["battles"] = battles // get the template t, err := template.ParseGlob(fmt.Sprintf("%s/*.html", templatesPath)) if err != nil { log.Println(err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("500 - Error reading template file")) http.Error(w, err.Error(), http.StatusInternalServerError) return } // exec! t.ExecuteTemplate(w, "battles", data) default: http.Redirect(w, r, "/", http.StatusMethodNotAllowed) } } func battleNewHandler(w http.ResponseWriter, r *http.Request) { switch r.Method { case "GET": // define data data := map[string]interface{}{} data["version"] = os.Getenv("VERSION") // breadcrumb foo session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"].(string) data["pagelink1"] = Link{Name: "battle", Target: "/battle"} data["pagelink1options"] = []Link{ {Name: "user", Target: "/user"}, {Name: "bot", Target: "/bot"}, } data["pagelink2"] = Link{Name: "new", Target: "/new"} data["pagelink2options"] = []Link{ {Name: "list", Target: ""}, {Name: "quick", Target: "/quick"}, } // display errors passed via query parameters queryres := r.URL.Query().Get("err") if queryres != "" { data["res"] = queryres } // get data needed user, err := UserGetUserFromUsername(username) if err != nil { log.Println(err) data["err"] = "Could not fetch the user" } else { data["user"] = user } archs, err := ArchGetAll() if err != nil { log.Println(err) data["err"] = "Could not fetch the archs" } else { data["archs"] = archs } bits, err := BitGetAll() if err != nil { log.Println(err) data["err"] = "Could not fetch the bits" } else { data["bits"] = bits } users, err := UserGetAll() if err != nil { log.Println(err) data["err"] = "Could not fetch all users" } else { data["users"] = users } // get the template t, err := template.ParseGlob(fmt.Sprintf("%s/*.html", templatesPath)) if err != nil { log.Println(err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("500 - Error reading template file")) http.Error(w, err.Error(), http.StatusInternalServerError) return } // exec! err = t.ExecuteTemplate(w, "battleNew", data) if err != nil { log.Println(err) } case "POST": data := map[string]interface{}{} session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"].(string) // get data needed user, err := UserGetUserFromUsername(username) if err != nil { log.Println(err) data["err"] = "Could not fetch the user" } else { data["user"] = user } // parse the post parameters r.ParseForm() name := r.Form.Get("name") arenasize, err := strconv.Atoi(r.Form.Get("arena-size")) if err != nil { // TODO(emile): use the log_and_redir function in here (and the surrounding code) log.Println(err) msg := "ERROR: Invalid arch id" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } maxrounds, err := strconv.Atoi(r.Form.Get("max-rounds")) if err != nil { // TODO(emile): use the log_and_redir function in here (and the surrounding code) log.Println(err) msg := "ERROR: Invalid arch id" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } var public bool query_public := r.Form.Get("public") if query_public == "on" { public = true } // gather the information from the arch and bit selection var archIDs []int var bitIDs []int for k := range r.Form { if strings.HasPrefix(k, "arch-") { id, err := strconv.Atoi(strings.TrimPrefix(k, "arch-")) if err != nil { log.Println(err) msg := "ERROR: Invalid arch id" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } archIDs = append(archIDs, id) } if strings.HasPrefix(k, "bit-") { id, err := strconv.Atoi(strings.TrimPrefix(k, "bit-")) if err != nil { log.Println(err) msg := "ERROR: Invalid bit id" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } bitIDs = append(bitIDs, id) } } if name != "" { // create the battle itself log.Println("Creating battle") newbattle := Battle{ 0, name, nil, nil, public, nil, nil, "", maxrounds, arenasize, } battleid, err := BattleCreate(newbattle, user) if err != nil { log.Println(err) msg := "ERROR: Could not create due to internal reasons" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } // link archs to battle err = BattleLinkArchIDs(battleid, archIDs) if err != nil { log.Println(err) msg := "ERROR: Could not create due to internal reasons" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } // link bits to battle err = BattleLinkBitIDs(battleid, bitIDs) if err != nil { log.Println(err) msg := "ERROR: Could not create due to internal reasons" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } // link owner to battle err = BattleLinkOwnerIDs(battleid, []int{user.ID}) if err != nil { log.Println(err) msg := "ERROR: Could not create due to internal reasons" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } } else { msg := "ERROR: Please provide a name" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } http.Redirect(w, r, "/battle", http.StatusSeeOther) return default: http.Redirect(w, r, "/", http.StatusMethodNotAllowed) } } func battleQuickHandler(w http.ResponseWriter, r *http.Request) { switch r.Method { case "GET": // define data data := map[string]interface{}{} data["version"] = os.Getenv("VERSION") // breadcrumb foo session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"].(string) data["pagelink1"] = Link{Name: "battle", Target: "/battle"} data["pagelink1options"] = []Link{ {Name: "user", Target: "/user"}, {Name: "bot", Target: "/bot"}, } data["pagelink2"] = Link{Name: "quick", Target: "/quick"} data["pagelink2options"] = []Link{ {Name: "new", Target: "/new"}, {Name: "list", Target: ""}, } // display errors passed via query parameters queryres := r.URL.Query().Get("err") if queryres != "" { data["res"] = queryres } // get data needed user, err := UserGetUserFromUsername(username) if err != nil { log.Println(err) data["err"] = "Could not fetch the user" } else { data["user"] = user } // essentiall... ...the list of all bots from which the user can select two that shall // battle! bots, err := globalState.GetAllBotsWithUsers() data["bots"] = bots // get the template t, err := template.ParseGlob(fmt.Sprintf("%s/*.html", templatesPath)) if err != nil { log.Println(err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("500 - Error reading template file")) http.Error(w, err.Error(), http.StatusInternalServerError) return } // exec! t.ExecuteTemplate(w, "battleQuick", data) case "POST": data := map[string]interface{}{} session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"].(string) // get data needed user, err := UserGetUserFromUsername(username) if err != nil { log.Println(err) data["err"] = "Could not fetch the user" } else { data["user"] = user } // parse the post parameters r.ParseForm() var public bool query_public := r.Form.Get("public") if query_public == "on" { public = true } arenasize, err := strconv.Atoi(r.Form.Get("arena-size")) if err != nil { // TODO(emile): use the log_and_redir function in here (and the surrounding code) log.Println(err) msg := "ERROR: Invalid arch id" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } maxrounds, err := strconv.Atoi(r.Form.Get("max-rounds")) if err != nil { // TODO(emile): use the log_and_redir function in here (and the surrounding code) log.Println(err) msg := "ERROR: Invalid arch id" http.Redirect(w, r, fmt.Sprintf("/battle/new?res=%s", msg), http.StatusSeeOther) return } // gather the information from the arch and bit selection var botIDs []int for k := range r.Form { if strings.HasPrefix(k, "bot-") { id, err := strconv.Atoi(strings.TrimPrefix(k, "bot-")) if err != nil { log.Println(err) msg := "ERROR: Invalid bot id" http.Redirect(w, r, fmt.Sprintf("/battle/quick?res=%s", msg), http.StatusSeeOther) return } botIDs = append(botIDs, id) } } // create the battle itself log.Println("Creating battle") newbattle := Battle{ 0, fmt.Sprintf("quick-%d", rand.Intn(10000)), nil, nil, public, nil, nil, "", maxrounds, arenasize, } battleid, err := BattleCreate(newbattle, user) if err != nil { log.Println(err) msg := "ERROR: Could not create due to internal reasons" http.Redirect(w, r, fmt.Sprintf("/battle/quick?res=%s", msg), http.StatusSeeOther) return } // allow all archs and all bits // link bots to battle http.Redirect(w, r, fmt.Sprintf("/battle/%d", battleid), http.StatusSeeOther) // // link archs to battle // err = BattleLinkArchIDs(battleid, archIDs) // if err != nil { // log.Println(err) // msg := "ERROR: Could not create due to internal reasons" // http.Redirect(w, r, fmt.Sprintf("/battle/quick?res=%s", msg), http.StatusSeeOther) // return // } // // link bits to battle // err = BattleLinkBitIDs(battleid, bitIDs) // if err != nil { // log.Println(err) // msg := "ERROR: Could not create due to internal reasons" // http.Redirect(w, r, fmt.Sprintf("/battle/quick?res=%s", msg), http.StatusSeeOther) // return // } // http.Redirect(w, r, "/battle", http.StatusSeeOther) return default: http.Redirect(w, r, "/", http.StatusMethodNotAllowed) } } func battleSingleHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) battleid, err := strconv.Atoi(vars["id"]) if err != nil { w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("500 - Invalid battle id")) http.Error(w, err.Error(), http.StatusInternalServerError) return } // A partially filled format string (the reason for the redirect is still to be filled later) redir_target := fmt.Sprintf("/battle/%d?res=%%s", battleid) switch r.Method { case "GET": // define data data := map[string]interface{}{} data["version"] = os.Getenv("VERSION") data["pagelink1"] = Link{"battle", "/battle"} data["pagelink1options"] = []Link{ {Name: "user", Target: "/user"}, {Name: "bot", Target: "/bot"}, } // display errors passed via query parameters queryres := r.URL.Query().Get("res") if queryres != "" { data["res"] = queryres } session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"] if username == nil { http.Redirect(w, r, "/login", http.StatusSeeOther) return } viewer, err := UserGetUserFromUsername(username.(string)) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not get the id for your username") return } data["user"] = viewer users, err := UserGetAll() if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not get the users") return } data["users"] = users // get the battle including it's users, bots, archs, bits battle, err := BattleGetByIdDeep(int(battleid)) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not get the battle given the id provided") return } data["battle"] = battle data["botAmount"] = len(battle.Bots) data["battleCount"] = (len(battle.Bots) * len(battle.Bots)) * 2 // define the breadcrumbs data["pagelink2"] = Link{battle.Name, fmt.Sprintf("/%d", battle.ID)} allbattleNames, err := BattleGetAll() var opts []Link for _, battle := range allbattleNames { opts = append(opts, Link{Name: battle.Name, Target: fmt.Sprintf("/%d", battle.ID)}) } data["pagelink2options"] = opts // get the bots of the user viewing the page, as they might want to submit them myBots, err := UserGetBotsUsingUsername(username.(string)) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not get your bots") return } data["myBots"] = myBots // get all architectures and set the enable flag on the ones that are enabled in the battle archs, err := ArchGetAll() if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not get your bots") return } else { data["archs"] = archs } for i, a := range archs { for _, b := range battle.Archs { if a.ID == b.ID { archs[i].Enabled = true } } } // get all bits and set the enable flag on the ones that are enabled in the battle bits, err := BitGetAll() if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not fetch the bits") return } else { data["bits"] = bits } for i, a := range bits { for _, b := range battle.Bits { if a.ID == b.ID { bits[i].Enabled = true } } } // check if we're allowed to edit editable := false for _, owner := range battle.Owners { if owner.ID == viewer.ID { editable = true } } if editable == true { data["editable"] = true } // get the template t, err := template.ParseGlob(fmt.Sprintf("%s/*.html", templatesPath)) if err != nil { log.Printf("Error reading the template Path: %s/*.html", templatesPath) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("500 - Error reading template file")) http.Error(w, err.Error(), http.StatusInternalServerError) return } // exec! err = t.ExecuteTemplate(w, "battleSingle", data) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "err rendering template") } case "POST": log.Println("POST!") // checking if the user submitting the battle information is allowed to do so // session, _ := globalState.sessions.Get(r, "session") // username := session.Values["username"].(string) // get the user submitting // log.Println("Getting the user submitting the change request...") // requesting_user, err := UserGetUserFromUsername(username) // if err != nil { // log.Println("err: ", err) // http.Redirect(w, r, fmt.Sprintf("/battle/%d", battleid), http.StatusSeeOther) // return // } // get the users the battle belongs to // log.Println("Getting the user the battle belongs to...") // orig_battle, err := BattleGetByIdDeep(int(battleid)) // if err != nil { // log.Println("err: ", err) // http.Redirect(w, r, fmt.Sprintf("/battle/%d", battleid), http.StatusSeeOther) // return // } // check if the user submitting the change request is within the users the battle belongs to // log.Println("Checking if edit is allowed...") // allowed_to_edit := false // for _, user := range orig_battle.Owners { // if user.ID == requesting_user.ID { // allowed_to_edit = true // } // } // if allowed_to_edit == false { // msg := "ERROR: You aren't allowed to edit this battle!" // http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s", battleid, msg), http.StatusSeeOther) // return // } // at this point, we're sure the user is allowed to edit the battle data := map[string]interface{}{} session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"].(string) // get data needed user, err := UserGetUserFromUsername(username) if err != nil { log.Println(err) data["err"] = "Could not fetch the user" } else { data["user"] = user } r.ParseForm() log.Println("r.Form: ", r.Form) form_name := r.Form.Get("name") arenasize, err := strconv.Atoi(r.Form.Get("arena-size")) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Invalid Arena size") return } var public bool if r.Form.Get("public") == "on" { public = true } // gather the information from the arch and bit selection var archIDs []int var bitIDs []int var ownerIDs []int log.Println(r.Form) for k := range r.Form { if strings.HasPrefix(k, "arch-") { id, err := strconv.Atoi(strings.TrimPrefix(k, "arch-")) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Invalid Arch ID") return } archIDs = append(archIDs, id) } if strings.HasPrefix(k, "bit-") { id, err := strconv.Atoi(strings.TrimPrefix(k, "bit-")) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Invalid Bit ID") return } bitIDs = append(bitIDs, id) } if strings.HasPrefix(k, "owner-") { id, err := strconv.Atoi(strings.TrimPrefix(k, "owner-")) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Invalid Owner ID") return } ownerIDs = append(ownerIDs, id) } } // CHECK THAT THE USER REQUESTING CHANGES IS ALREADY PART OF THE OWNERS allowedToEdit := false for _, ownerID := range ownerIDs { if user.ID == ownerID { allowedToEdit = true } } if allowedToEdit == false { log_and_redir_with_msg(w, r, err, redir_target+"#settings", "You aren't an owner and aren't allowed to edit the settings") return } // DATABASE MANIPUTLATION BELOW // link archs to battle err = BattleLinkArchIDs(battleid, archIDs) if err != nil { log_and_redir_with_msg(w, r, err, redir_target+"#settings", "Could not link arch id to battle") return } // link bits to battle err = BattleLinkBitIDs(battleid, bitIDs) if err != nil { log_and_redir_with_msg(w, r, err, redir_target+"#settings", "Could not link bit id to battle") return } // link bits to battle err = BattleLinkOwnerIDs(battleid, ownerIDs) if err != nil { log_and_redir_with_msg(w, r, err, redir_target+"#settings", "Could not link owner id to battle") return } new_battle := Battle{int(battleid), form_name, []Bot{}, []User{user}, public, []Arch{}, []Bit{}, "", 100, arenasize} log.Println("Updating battle...") err = BattleUpdate(new_battle) if err != nil { log_and_redir_with_msg(w, r, err, redir_target+"#settings", "Could not insert battle into db") return } http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=Success!#settings", battleid), http.StatusSeeOther) default: http.Redirect(w, r, "/", http.StatusMethodNotAllowed) } } func battleSubmitHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) battleid, err := strconv.Atoi(vars["id"]) if err != nil { w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("500 - Invalid battle id")) http.Error(w, err.Error(), http.StatusInternalServerError) return } redir_target := fmt.Sprintf("/battle/%d?res=%%s", battleid) switch r.Method { case "POST": r.ParseForm() log.Println("Someone submitted the following form:") log.Println(r.Form) session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"] if username == nil { http.Redirect(w, r, "/login", http.StatusSeeOther) return } user, err := UserGetUserFromUsername(username.(string)) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not get the id for your username") return } // get all the form values that contain the bot that shall be submitted var botIDs []int for k := range r.Form { if strings.HasPrefix(k, "bot-") { id, err := strconv.Atoi(strings.TrimPrefix(k, "bot-")) if err != nil { msg := "ERROR: Invalid bot supplied" http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s", battleid, msg), http.StatusSeeOther) return } botIDs = append(botIDs, id) } } battle, err := BattleGetByIdDeep(battleid) if err != nil { msg := "ERROR: Couln't get the battle with the given id" http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s", battleid, msg), http.StatusSeeOther) return } // clear all bots from that user for that battle before readding them here BattleUnlinkAllBotsForUser(user.ID, battleid) // for all bots, get their bits and arch and compare them to the one of the battle for _, id := range botIDs { bot, err := BotGetById(id) if err != nil { msg := fmt.Sprintf("ERROR: Couldn't get bot with id %d", id) http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s", battleid, msg), http.StatusSeeOther) return } var archValid bool = false for _, battle_arch := range battle.Archs { for _, bot_arch := range bot.Archs { if battle_arch.ID == bot_arch.ID { archValid = true } } } var bitValid bool = false for _, battle_bit := range battle.Bits { for _, bot_bit := range bot.Bits { if battle_bit.ID == bot_bit.ID { bitValid = true } } } if archValid && bitValid { log.Printf("arch and bit valid, adding bot with id %d to battle with id %d\n", id, battleid) BattleLinkBot(id, battleid) } else { if archValid == false { msg := "Bot has an invalid architecture!" http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s", battleid, msg), http.StatusSeeOther) return } if bitValid == false { msg := "Bot has an invalid 'bit-ness'!" http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s", battleid, msg), http.StatusSeeOther) return } } log.Println(bot) } msg := "Success!" http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s", battleid, msg), http.StatusSeeOther) default: http.Redirect(w, r, "/", http.StatusMethodNotAllowed) } } // actually run the battle func battleRunHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) battleid, err := strconv.Atoi(vars["id"]) if err != nil { w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("500 - Invalid battle id")) http.Error(w, err.Error(), http.StatusInternalServerError) return } redir_target := fmt.Sprintf("/battle/%d?res=%%s", battleid) switch r.Method { case "POST": r.ParseForm() log.Printf("running the battle with the id %d", battleid) log.Println("Someone submitted the following form:") log.Println(r.Form) // fetch the session and get the user session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"] if username == nil { http.Redirect(w, r, "/login", http.StatusSeeOther) return } user, err := UserGetUserFromUsername(username.(string)) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not get the id for your username") return } // Fetch the battle information // This includes all bots linked to the battle log.Printf("user %+v wants to run the battle", user) fullDeepBattle, err := BattleGetByIdDeep(battleid) // open radare without input for building the bot // TODO(emile): configure a variable memsize for the arena cmd := fmt.Sprintf("malloc://%d", fullDeepBattle.ArenaSize) r2p1, err := r2pipe.NewPipe(cmd) if err != nil { panic(err) } defer r2p1.Close() var botSources []string var rawOutput string cmd = fmt.Sprintf("pxc %d @ 0x0", fullDeepBattle.ArenaSize) output, _ := r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n%s\n", cmd, output) // TODO(emile): currently hardcoded to two bots, extract this anonymous struct into a named struct and make this work with > 2 bots runtimeBots := []struct { Name string Regs string BaseAddr int ArchName string BitsName string }{ {Name: "", Regs: "", BaseAddr: 0, ArchName: "", BitsName: ""}, {Name: "", Regs: "", BaseAddr: 0, ArchName: "", BitsName: ""}, } rawOutput += "[0x00000000]> # Assembling the bots\n" // for each bot involved within the battle, we need to fetch it again, as the deep battle // fech doesn't fetch that deep (it fetches the batle and the corresponding bots, but only // their ids and names and not the archs and bits associated) for i, b := range fullDeepBattle.Bots { bot, err := BotGetById(b.ID) if err != nil { log.Println(err) } runtimeBots[i].Name = bot.Name // TODO(emile): a bot can have multiple archs/bits, figure out what to do then // I've just gone and used the first one, as a bot alwas has at least one... // ...it has right? runtimeBots[i].ArchName = bot.Archs[0].Name runtimeBots[i].BitsName = bot.Bits[0].Name // define the command used to assemble the bot src := strings.ReplaceAll(bot.Source, "\r\n", "; ") radareCommand := fmt.Sprintf("rasm2 -a %s -b %s \"%+v\"", bot.Archs[0].Name, bot.Bits[0].Name, src) rawOutput += fmt.Sprintf("; %s\n", radareCommand) // assemble the bot bytecode, err := r2cmd(r2p1, radareCommand) if err != nil { http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s", battleid, "err building bot"), http.StatusSeeOther) return } botSources = append(botSources, bytecode) } // TODO(emile): [L] implement some kind of queue // TODO(emile): [S] use the information given from the battle, such as the right arch and bits rawOutput += "[0x00000000]> # initializing the vm and the stack\n" cmd = "aei" output, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n%s", cmd, output) cmd = "aeim" output, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n%s", cmd, output) // TODO(emile): random offsets // place bots for i, s := range botSources { // the address to write the bot to addr := 50 * (i + 1) // store it runtimeBots[i].BaseAddr = addr msg := fmt.Sprintf("# writing bot %d to 0x%d", i, addr) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", msg) cmd := fmt.Sprintf("wx %s @ 0x%d", s, addr) _, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) // define the instruction point and the stack pointer rawOutput += "[0x00000000]> # Setting the program counter and the stack pointer\n" cmd = fmt.Sprintf("aer PC=0x%d", addr) _, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) cmd = fmt.Sprintf("aer SP=SP+0x%d", addr) _, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) // dump the registers of the bot for being able to switch inbetween them // This is done in order to be able to play one step of each bot at a time, // but sort of in parallel rawOutput += "[0x00000000]> # Storing registers\n" cmd = "aerR" regs, _ := r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) initialRegisers := strings.Replace(regs, "\n", ";", -1) runtimeBots[i].Regs = initialRegisers } for i := range botSources { // print the memory for some pleasing visuals cmd = fmt.Sprintf("pxc 100 @ 0x%d", runtimeBots[i].BaseAddr) output, _ = r2cmd(r2p1, cmd) // print rawOutput += fmt.Sprintf("[0x00000000]> %s\n%s\n", cmd, output) } output, _ = r2cmd(r2p1, "pxc 100 @ 0x50") // print fmt.Println(output) // define end conditions rawOutput += "[0x00000000]> # Defining the end conditions\n" cmd = "e cmd.esil.todo=t theend=1" _, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) cmd = "e cmd.esil.trap=t theend=1" _, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) cmd = "e cmd.esil.intr=t theend=1" _, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) cmd = "e cmd.esil.ioer=t theend=1" _, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) // set the end condition to 0 initially rawOutput += "[0x00000000]> # Initializing the end condition variable\n" cmd = "f theend=0" _, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) currentBotId := 0 // TODO(emile): find a sensible default for the max amount of rounds for i := 0; i < fullDeepBattle.MaxRounds; i++ { currentBotId = i % 2 rawOutput += fmt.Sprintf("[0x00000000]> ########################################################################\n") // this is architecture agnostic and just gets the program counter pc, _ := r2cmd(r2p1, "aer~$(arn PC)~[1]") arch, _ := r2cmd(r2p1, "e asm.arch") bits, _ := r2cmd(r2p1, "e asm.bits") rawOutput += fmt.Sprintf("[0x00000000]> # ROUND %d, BOT %d (%s), PC=%s, arch=%s, bits=%s\n", i, currentBotId, runtimeBots[currentBotId].Name, pc, arch, bits) rawOutput += "[0x00000000]> # setting the architecture accordingly\n" cmd = fmt.Sprintf("e asm.arch=%s", runtimeBots[currentBotId].ArchName) output, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n%s", cmd, output) cmd = fmt.Sprintf("e asm.bits=%s", runtimeBots[currentBotId].BitsName) output, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n%s", cmd, output) // load registers rawOutput += "[0x00000000]> # Loading the registers\n" r2cmd(r2p1, runtimeBots[currentBotId].Regs) // rawOutput += fmt.Sprintf("%+v\n", runtimeBots[currentBotId].Regs) // cmd = "dr" // output, _ = r2cmd(r2p1, cmd) // rawOutput += fmt.Sprintf("[0x00000000]> %s\n%s\n", cmd, output) // _, _ = r2cmd(r2p1, "aes") // step rawOutput += "[0x00000000]> # Stepping\n" cmd = "aes" _, _ = r2cmd(r2p1, cmd) rawOutput += fmt.Sprintf("[0x00000000]> %s\n", cmd) // store the regisers rawOutput += "[0x00000000]> # Storing the registers\n" registers, _ := r2cmd(r2p1, "aerR") registersStripped := strings.Replace(registers, "\n", ";", -1) runtimeBots[currentBotId].Regs = registersStripped // print the arena rawOutput += "[0x00000000]> # Printing the arena\n" cmd := fmt.Sprintf("pxc 100 @ 0x%d", runtimeBots[currentBotId].BaseAddr) output, _ := r2cmd(r2p1, cmd) // print rawOutput += fmt.Sprintf("[0x00000000]> %s\n%s\n", cmd, output) // fmt.Println(output) // predicate - the end? rawOutput += "[0x00000000]> # Checking if we've won\n" pend, _ := r2cmd(r2p1, "?v theend") status := strings.TrimSpace(pend) // fixme: on Windows, we sometimes get output *from other calls to r2* if status == "0x1" { log.Printf("[!] Bot %d has died", currentBotId) } if status != "0x0" { log.Printf("[!] Got invalid status '%s' for bot %d", status, currentBotId) } } BattleSaveRawOutput(battleid, rawOutput) msg := "Success!" http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s#output", battleid, msg), http.StatusSeeOther) default: http.Redirect(w, r, "/", http.StatusMethodNotAllowed) } } // delete a battle // TODO(emile): finish implementing the deletion of battles func battleDeleteHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) battleid, err := strconv.Atoi(vars["id"]) if err != nil { w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("500 - Invalid battle id")) http.Error(w, err.Error(), http.StatusInternalServerError) return } redir_target := fmt.Sprintf("/battle/%d?res=%%s", battleid) switch r.Method { case "POST": // can't send a DELETE with pure HTML... // get the current user session, _ := globalState.sessions.Get(r, "session") username := session.Values["username"] if username == nil { http.Redirect(w, r, "/login", http.StatusSeeOther) return } viewer, err := UserGetUserFromUsername(username.(string)) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not get the id for your username") return } // get the battle battle, err := BattleGetByIdDeep(int(battleid)) if err != nil { log_and_redir_with_msg(w, r, err, redir_target, "Could not get the battle given the id provided") return } battle_owned_by_requesting_user := false for _, owner := range battle.Owners { // if the requesting users id is equal to an owners id, we're allowed to delete // the battle if viewer.ID == owner.ID { battle_owned_by_requesting_user = true break } } // check that the user that created the battle is the current user, if not, return if battle_owned_by_requesting_user == false { msg := "You aren't in the owners list of the battle, so you can't delete this battle" log_and_redir_with_msg(w, r, err, redir_target, msg) return } BattleDeleteID(battleid) msg := "Successfully deleted the battle" http.Redirect(w, r, fmt.Sprintf("/battle/%d?res=%s", battleid, msg), http.StatusSeeOther) default: log.Println("expected POST, got ", r.Method) http.Redirect(w, r, "/", http.StatusMethodNotAllowed) } }