Integrate with a CTF platform
So you want to integrate chall-manager with a CTF platform ? Good job, you are contributing to the CTF ecosystem !
Here are the known integrations in CTF platforms:
The design
The API is split in two services:
- the
ChallengeStore
to handle the CRUD operations on challenges (ids, scenarios, etc.). - the
InstanceManager
to handle players CRUD operations on instances.
You’ll have to handle both services as part of the chall-manager API if you want proper integration.
We encourage you to add additional efforts around this integration, with for instance:
- management views to monitor which challenge is started for every players.
- pre-provisionning to better handle load spikes at the beginning of the event.
- add rate limiting through a mana.
- the support of OpenTelemetry for distributed tracing.
Use the proto
The chall-manager was conceived using a Model-Based Systems Engineering practice, so API models (the contracts) were written, and then the code was generated.
This makes the .proto
files the first-class citizens you may want to use in order to integrate chall-manager to a CTF platform.
Those could be found in the subdirectories here. Refer the your proto-to-code tool for generating a client from those.
If you are using Golang, you can directly use the generated clients for the ChallengeStore
and InstanceManager
services API.
If you cannot or don’t want to use the proto files, you can use the gateway API.
Use the gateway
Because some languages don’t support gRPC, or you don’t want to, you can simply communicate with chall-manager through its JSON REST API.
To access this gateway, you have to start your chall-manager with the proper configuration:
- either
--gw
as an arg orGATEWAY=true
as a varenv - either
--gw-swagger
as an arg orGATEWAY_SWAGGER=true
as a varenv
You can then reach the Swagger at http://my-chall-manager:9090/swagger/#
, which should show you the following.
Use this Swagger to understand the API, and build your language-specific client in order to integrate chall-manager. We do not provide official language-specific REST JSON API clients.
Feedback
Was this page helpful?