Implemented some features

[gehaxelt]

Hi, I've implemented some featuers:

• CSRF protection
• JSON Scoreboard
• before_end and after_start annotations which restrict some actions before/during/after the CTF
• Added start/end time to footer
• Added `username_regex`` to validate usernames

That are more or less the changes I made for our CTF.

All the best, gehaxelt

[gehaxelt]

PS: Closes #9 #8 #6

[yeuchimse]

In my opinion, CSRF protection is not needed, and in your CTF it was inconvenient for my team. Normally in a CTF, you open the challenges page, click on some challenges to open them in new tabs, then open each tab, solve the challenge and submit the flag. With your CSRF protection, once you open the second tab, you could not submit the flag for the challenge in the first tab, because the CSRF token has been changed and is no longer valid.

[gehaxelt]

Hi @yeuchimse Thanks for the feedback! I've pushed a fix for this by providing a enable_csrf_protection configuration option :)

[yeuchimse]

Nice fix :D I though you would remove that protection, but giving an option to disable it seems better for all people :D

[balidani]

Hi all,

I'm still here, but a bit busy at the moment. I'll get back to these PRs later, and hopefully merge them. Thanks for your interest in the project.