Add debug endpoint to help inspect what headers and IP address CTFd s…

…ees (CTFd#2546) * Add the `/debug` endpoint that will show what headers CTFd sees as well as the user's IP address. * `/debug` will only be available when `SAFE_MODE` is enabled
SDKAAA · May 30, 2024 · 40b8813 · 40b8813
1 parent eaaf5ae
commit 40b8813
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/CTFd/views.py b/CTFd/views.py
@@ -65,7 +65,7 @@
     unserialize,
 )
 from CTFd.utils.uploads import get_uploader, upload_file
-from CTFd.utils.user import authed, get_current_team, get_current_user, is_admin
+from CTFd.utils.user import authed, get_current_team, get_current_user, get_ip, is_admin
 
 views = Blueprint("views", __name__)
 
@@ -557,6 +557,23 @@ def healthcheck():
     return "OK", 200
 
 
+@views.route("/debug")
+def debug():
+    if app.config.get("SAFE_MODE") is True:
+        ip = get_ip()
+        headers = dict(request.headers)
+        # Remove Cookie item
+        headers.pop("Cookie", None)
+        resp = ""
+        resp += f"IP: {ip}\n"
+        for k, v in headers.items():
+            resp += f"{k}: {v}\n"
+        r = make_response(resp)
+        r.mimetype = "text/plain"
+        return r
+    abort(404)
+
+
 @views.route("/robots.txt")
 def robots():
     text = get_config("robots_txt", "User-agent: *\nDisallow: /admin\n")