Docs (CTFd#1001)

* Copy over and update content from the Wiki to CTFd Sphinx docs
* Closes CTFd#947
* Closes CTFd#742

Author: ColdHeat

development.txt

@@ -13,3 +13,4 @@ bandit==1.5.1
 flask_profiler==1.8.1
 pytest-xdist==1.28.0
 pytest-cov==2.6.1
+sphinx_rtd_theme==0.4.3

docs/api.rst

@@ -0,0 +1,2 @@
+API
+===

docs/conf.py

@@ -20,13 +20,13 @@
 # -- Project information -----------------------------------------------------
 
 project = u'CTFd'
-copyright = u'2019, Kevin Chung'
+copyright = u'2019, CTFd LLC'
 author = u'Kevin Chung'
 
 # The short X.Y version
 version = u''
 # The full version, including alpha/beta/rc tags
-release = u'2.1.0'
+release = u'2.1.2'
 
 
 # -- General configuration ---------------------------------------------------
@@ -78,7 +78,7 @@
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
 #
-html_theme = 'alabaster'
+html_theme = 'sphinx_rtd_theme'
 
 # Theme options are theme-specific and customize the look and feel of a theme
 # further.  For a list of options available for each theme, see the
@@ -154,7 +154,7 @@
 #  dir menu entry, description, category)
 texinfo_documents = [
     (master_doc, 'CTFd', u'CTFd Documentation',
-     author, 'CTFd', 'One line description of project.',
+     author, 'CTFd', 'A Capture The Flag framework focusing on ease of use and customizability.',
      'Miscellaneous'),
 ]
 

docs/configuration.rst

@@ -0,0 +1,147 @@
+Configuration
+=============
+
+CTFd provides a number of configuration options which are used to configure server behavior. CTFd makes a distinction between configuration values which can be configured only with server-level access and values which can be configured by those with administrative priveleges on CTFd.
+
+Server Level Configuration
+--------------------------
+Server level configuration can be modified from the ``config.py`` file in CTFd.
+
+SECRET_KEY
+~~~~~~~~~~
+The secret value used to creation sessions and sign strings. This should be set to a random string. In the
+interest of ease, CTFd will automatically create a secret key file for you. If you wish to add this secret key
+to your instance you should hard code this value to a random static value.
+
+You can also remove .ctfd_secret_key from the .gitignore file and commit this file into whatever repository
+you are using.
+
+http://flask.pocoo.org/docs/latest/quickstart/#sessions
+
+
+DATABASE_URL
+~~~~~~~~~~~~
+The URI that specifies the username, password, hostname, port, and database of the server
+used to hold the CTFd database.
+
+e.g. ``mysql+pymysql://root:<YOUR_PASSWORD_HERE>@localhost/ctfd``
+
+REDIS_URL
+~~~~~~~~~
+The URI to connect to a Redis server.
+
+e.g. ``redis://user:password@localhost:6379``
+
+http://pythonhosted.org/Flask-Caching/#configuring-flask-caching
+
+
+MAILFROM_ADDR
+~~~~~~~~~~~~~
+The email address that emails are sent from if not overridden in the configuration panel.
+
+MAIL_SERVER
+~~~~~~~~~~~
+The mail server that emails are sent from if not overriden in the configuration panel.
+
+MAIL_PORT
+~~~~~~~~~
+The mail port that emails are sent from if not overriden in the configuration panel.
+
+MAIL_USEAUTH
+~~~~~~~~~~~~
+Whether or not to use username and password to authenticate to the SMTP server
+
+MAIL_USERNAME
+~~~~~~~~~~~~~
+The username used to authenticate to the SMTP server if MAIL_USEAUTH is defined
+
+MAIL_PASSWORD
+~~~~~~~~~~~~~
+The password used to authenticate to the SMTP server if MAIL_USEAUTH is defined
+
+MAIL_TLS
+~~~~~~~~
+Whether to connect to the SMTP server over TLS
+
+MAIL_SSL
+~~~~~~~~
+Whether to connect to the SMTP server over SSL
+
+MAILGUN_API_KEY
+~~~~~~~~~~~~~~~
+Mailgun API key to send email over Mailgun
+
+MAILGUN_BASE_URL
+~~~~~~~~~~~~~~~~
+Mailgun base url to send email over Mailgun
+
+LOG_FOLDER
+~~~~~~~~~~
+The location where logs are written. These are the logs for CTFd key submissions, registrations, and logins.
+The default location is the CTFd/logs folder.
+
+UPLOAD_PROVIDER
+~~~~~~~~~~~~~~~
+Specifies the service that CTFd should use to store files.
+
+UPLOAD_FOLDER
+~~~~~~~~~~~~~
+The location where files are uploaded. The default destination is the CTFd/uploads folder.
+
+AWS_ACCESS_KEY_ID
+~~~~~~~~~~~~~~~~~
+AWS access token used to authenticate to the S3 bucket.
+
+AWS_SECRET_ACCESS_KEY
+~~~~~~~~~~~~~~~~~~~~~
+AWS secret token used to authenticate to the S3 bucket.
+
+AWS_S3_BUCKET
+~~~~~~~~~~~~~
+The unique identifier for your S3 bucket.
+
+AWS_S3_ENDPOINT_URL
+~~~~~~~~~~~~~~~~~~~
+A URL pointing to a custom S3 implementation.
+
+
+REVERSE_PROXY
+~~~~~~~~~~~~~
+Specifies whether CTFd is behind a reverse proxy or not. Set to ``True`` if using a reverse proxy like nginx.
+
+See `Flask documentation <https://werkzeug.palletsprojects.com/en/0.15.x/middleware/proxy_fix/#werkzeug.middleware.proxy_fix.ProxyFix.>`_ for full details.
+
+.. Tip::
+    You can also specify a comma seperated set of numbers specifying the reverse proxy configuration settings. For example to configure `x_for=1, x_proto=1, x_host=1, x_port=1, x_prefix=1` specify `1,1,1,1,1`. By setting the value to ``True``, CTFd will default to the above behavior with all proxy settings set to 1.
+
+TEMPLATES_AUTO_RELOAD
+~~~~~~~~~~~~~~~~~~~~~
+Specifies whether Flask should check for modifications to templates and reload them automatically.
+
+SQLALCHEMY_TRACK_MODIFICATIONS
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Automatically disabled to suppress warnings and save memory. You should only enable this if you need it.
+
+SWAGGER_UI
+~~~~~~~~~~
+Enable the Swagger UI endpoint at ``/api/v1/``
+
+UPDATE_CHECK
+~~~~~~~~~~~~
+Specifies whether or not CTFd will check whether or not there is a new version of CTFd
+
+APPLICATION_ROOT
+~~~~~~~~~~~~~~~~
+Specifies what path CTFd is mounted under. It can be used to run CTFd in a subdirectory.
+Example: /ctfd
+
+OAUTH_CLIENT_ID
+~~~~~~~~~~~~~~~
+
+
+OAUTH_CLIENT_SECRET
+~~~~~~~~~~~~~~~~~~~
+
+
+Application Level Configuration
+-------------------------------

docs/contributing.rst

@@ -0,0 +1,86 @@
+Contributing
+============
+
+Developing on CTFd
+~~~~~~~~~~~~~~~~~~
+Developing new code for CTFd is easy and fun! CTFd is organized into components which each serve a distinct purpose.
+
+
+Core Routes/Controllers
+-----------------------
+The core routes are identified in blueprints in the main CTFd folder for user facing routes and in the CTFd/admin folder for the admin panel. These core routes are used to display theme content and render the main server response that the user will receive.
+
+API Routes/Controllers
+----------------------
+The API routes are implemented in the ``CTFd/api`` folder as seperate blueprints for each type of resource used in CTFd. Most behavior that manipulates data should be implemented at the API level and seperated by method and resource level. The most common API methods are ``GET``, ``POST``, ``PATCH``, ``DELETE``.
+
+Models
+------
+CTFd makes heavy usage of the SQLAlchemy ORM to access database contents. The core CTFd models are defined here. Plugins are however capable of adding their own models.
+
+CTFd makes use of ``alembic`` and ``Flask-Migrate`` to perform database migrations between versions.
+
+Schemas
+-------
+Schemas provide an abstraction layer on top of the database models for permissioning and filtering of data. Schemas and the API work together to make distinctions about what data to show users and what data a user can edit.
+
+Jinja2
+------
+Jinja2 is used by the CTFd server to render HTML content with data. In some cases (i.e. JavaScript challenge rendering), Mozilla Nunjucks templates are used as a mostly compatible alternative. Any templates written in Nunjucks must still be compatible with Jinja2.
+
+JavaScript & CSS
+----------------
+JavaScript & CSS are used to style the front end of CTFd.
+
+
+Linting
+~~~~~~~
+
+Python
+------
+Python code in CTFd is linted with `flake8` and `black`.
+
+Javascript & CSS
+----------------
+JavaScript and CSS are linted with `prettier`.
+
+.. Tip::
+    The recommendation is to integrate all linters into your editor as your changes will fail to pass if the lint checks fail. See the ``Makefile`` for ``make lint``
+
+
+Testing
+~~~~~~~
+
+Python
+------
+
+Python tests are run using ``pytest`` on Travis. To run the test suite you can run `make test`. By default tests run against sqlite but this can be configured by setting the `TESTING_DATABASE_URL` environment variable.
+
+CTFd will support both Python 2 and 3 until Python 2's EOL in 2020.
+
+Tests are run in parallel with ``pytest-xdist`` and each test is run in its own database.
+
+
+Documentation
+~~~~~~~~~~~~~
+
+CTFd's documentation is written using Sphinx and hosted by `Read the Docs <https://readthedocs.org/>`_.
+
+To build the documentation, you should go into the ``docs`` folder and run `make html`. The content output into the `docs/_build` folder will be the resulting hosted output.
+
+
+Tips & Tricks
+~~~~~~~~~~~~~
+Typically while developing CTFd, developers use the provided ``serve.py`` script or its ``make serve`` wrapper and access CTFd at ``http://localhost:4000``.
+
+Very often you will need to generate testing data so that you can exercise CTFd's behavior. The included ``populate.py`` script will insert randomized testing data into the CTFd database.
+
+The ``export.py`` script can be used to create a CTFd export on the command line.
+
+The ``import.py`` script can be used to load in a CTFd export on the command line.
+
+If you need to wipe CTFd completely, you should:
+
+* delete the database (CTFd/ctfd.db by default)
+* empty the cache. By default it will be stored in the ``.data`` folder if Redis is unavailable
+* (optional) remove the contents of the `CTFd/uploads` folder

docs/deployment.rst

@@ -0,0 +1,108 @@
+Deployment
+==========
+
+CTFd is a standard WSGI application so most if not all `Flask documentation`_ on deploying a Flask based application should apply. This page will focus on the recommended ways to deploy CTFd.
+
+.. Important::
+   Fully managed and maintained CTFd deployments are available at https://ctfd.io.
+
+Docker
+------
+
+CTFd provides automatically generated `Docker images`_ and one of the simplest means of deploying a CTFd instance is to use Docker Compose.
+
+.. Caution:: While Docker can be a very simple means of deploying CTFd, it can make debugging and receiving support more complicated. Before deploying using Docker, be sure you have a cursory understanding of how Docker works.
+
+1. Install `Docker`_
+2. Install `Docker Compose`_
+3. Clone the CTFd repository with ``git clone https://github.com/CTFd/CTFd.git``
+4. Modify the ``docker-compose.yml`` file from the repository to specify a ``SECRET_KEY`` environment for the CTFd service. ::
+
+    environment:
+      - SECRET_KEY=<SPECIFY_RANDOM_VALUE>
+      - UPLOAD_FOLDER=/var/uploads
+      - LOG_FOLDER=/var/log/CTFd
+      - DATABASE_URL=mysql+pymysql://root:ctfd@db/ctfd
+      - REDIS_URL=redis://cache:6379
+      - WORKERS=4
+
+.. Tip::
+    You can also run ``python -c "import os; f=open('.ctfd_secret_key', 'a+'); f.write(os.urandom(64)); f.close()"`` within the CTFd repo to generate a .ctfd_secret_key file.
+
+5. Run ``docker-compose up``
+6. You should now be able to access CTFd at http://localhost:8000
+
+.. Note::
+    The default Docker Compose configuration files do not provide a reverse proxy server or configure SSL/TLS. This is left as an exercise to the reader by design.
+
+Standard WSGI Deployment
+------------------------
+
+As a web application, CTFd has a few dependencies which require installation.
+
+1. WSGI server
+2. Database server
+3. Caching server
+
+WSGI Server
+~~~~~~~~~~~
+
+While CTFd is a standard WSGI application and most WSGI servers (e.g. gunicorn, UWSGI, waitress) will likely suffice, CTFd is most commonly deployed with gunicorn. This is because of its simplicity and reasonable performance. It is installed by default and used by other deployment methods discussed on this page. By default it is configured to use gevent as a worker class.
+
+
+Database Server
+~~~~~~~~~~~~~~~
+
+CTFd makes use of SQLAlchemy and as such supports a number of SQL databases. As of CTFd 2.0, the recommended database type is MySQL. CTFd is tested and has been installed against SQLite, Postgres, and MariaDB but this could change in the future.
+
+By default CTFd will create a SQLite database if no database server has been configured.
+
+.. Note::
+    CTFd makes use of the JSON data type. MySQL >= 5.7.8 implements a proper JSON type while MariaDB does not. Small differences like these could eventually result in CTFd only supporting a few database servers.
+
+Caching Server
+~~~~~~~~~~~~~~
+
+CTFd makes heavy use of caching servers to store configuration values, user sessions, and page content. It is important to deploy CTFd with a caching server. The preferred caching server option is Redis.
+
+By default if no cache server is configured,  CTFd will attempt to use the filesystem as a cache and store values in the ``.data`` folder. This type of caching is not very performant thus it is highly recommended that you configure a Redis server.
+
+Vagrant
+-------
+
+CTFd provides a basic Vagrantfile for use with Vagrant. To run using Vagrant run the following commands:
+
+::
+
+    vagrant up
+
+Visit http://localhost:8000 where CTFd will be running.
+
+To access the internal gunicorn terminal session inside Vagrant run:
+
+::
+
+    vagrant ssh
+    tmux attach ctfd
+
+.. Note::
+
+    CTFd's Vagrantfile is not commonly used and is only community supported
+
+Debug Server
+------------
+
+The absolute simplest way to deploy CTFd merely involves running `python serve.py` to start Flask's built-in debugging server. This isn't recommended for anything but debugging and should not be used for any kind of load. It is discussed here because the debugging server can make identifying bugs and misconfigurations easier. In addition, development mostly occurs using the debug server.
+
+.. Important::
+   CTFd makes every effort to be an easy to setup application.
+   However, deploying CTFd for large amounts of users can be difficult.
+
+   Fully managed and maintained CTFd deployments are available at https://ctfd.io. If you're interested in a specialized CTFd deployment with custom features please `contact us <https://ctfd.io/contact/>`_.
+
+
+.. _Flask documentation: http://flask.pocoo.org/docs/latest/deploying/
+.. _Docker images: https://hub.docker.com/r/ctfd/ctfd/
+.. _Docker: https://docs.docker.com/install/
+.. _Docker Compose: https://docs.docker.com/compose/install/
+.. _contact us: https://ctfd.io/contact/