Welcome to the CTF Platform documentation. This directory contains comprehensive documentation for understanding, setting up, and deploying the platform.
Complete system architecture documentation including:
- High-level system design
- Component breakdown
- Data flow diagrams
- Technology stack
- Security considerations
- Deployment architecture (current and planned)
Read this first to understand how the system works.
Complete API reference including:
- All available endpoints
- Request/response formats
- Authentication flow
- Error handling
- Status codes
- Rate limiting notes (currently missing)
Use this when integrating with the API.
Step-by-step setup instructions for:
- Prerequisites installation
- Backend setup
- Frontend setup (when available)
- Environment configuration
- Database setup
- Docker configuration
- Development workflow
- Common issues and solutions
Follow this to get the project running locally.
Security considerations including:
- Current security measures
- Critical security gaps (CORS, rate limiting, database exposure)
- Security recommendations
- Security checklist
- Incident response procedures
- Best practices
Review this before production deployment.
- Start with Setup Guide to get the project running
- Read Architecture to understand the system
- Reference API Documentation when building features
- Review Architecture for deployment architecture
- Check Security Documentation for security requirements
- Follow Setup Guide for production setup
- Read Security Documentation for security gaps
- Review Architecture for security architecture
- Check API Documentation for API security
Before Production Deployment:
- CORS: Not configured - must be added for frontend communication
- Rate Limiting: Not implemented - critical for preventing abuse
- Database Security: Database is exposed until AWS migration
See Security Documentation for details and mitigation steps.
Frontend (React, S3 + CloudFront) → Backend API (EC2) → MongoDB + Docker
The platform consists of:
- Frontend: React user interface
- Backend: Express.js API server
- Database: MongoDB for persistent storage
- Docker: Container orchestration for CTF challenges
- JWT-based authentication
- Dynamic Docker container management
- Flag submission
- Automatic cleanup of expired instances
- Read the Setup Guide
- Follow the installation steps
- Configure your environment
- Start the backend server
- (When available) Start the frontend
When adding new features:
- Update relevant documentation files
- Update API documentation for new endpoints
- Review security implications
If you have questions or find issues in the documentation:
- Check the relevant documentation file
- Review the code comments
- Check the main README