Skip to content
Permalink
Fetching contributors…
Cannot retrieve contributors at this time
251 lines (228 sloc) 7.26 KB
// main.go
package main
import (
"strconv"
"math"
"github.com/astaxie/beego"
"html/template"
"io/ioutil"
"net/http"
"github.com/dgrijalva/jwt-go"
"math/rand"
)
func main() {
beego.SetStaticPath("/static","static")
beego.Router("/", &mainController{}, "get:Get")
beego.Router("/deposit", &mainController{}, "get:Deposit")
beego.Router("/withdraw", &mainController{}, "get:Withdraw")
beego.Router("/source", &mainController{}, "get:Source")
beego.Router("/flag", &mainController{}, "get:Flag")
beego.ErrorHandler("404",page_not_found)
beego.Run()
}
var (
source, _ = ioutil.ReadFile("main.go")
privateKey, _ = ioutil.ReadFile("keys.rsa")
publicKey, _ = ioutil.ReadFile("keys.rsa.pub")
)
// This is the controller that this application uses
type mainController struct {
beego.Controller
}
func Round(x, unit float64) float64 {
return math.Round(x/unit) * unit
}
func page_not_found(rw http.ResponseWriter, r *http.Request){
t,_:= template.ParseFiles(beego.BConfig.WebConfig.ViewsPath +"/error.html")
data :=make(map[string]interface{})
data["message"] = "Page not found!"
t.Execute(rw, data)
}
func (this *mainController) Source() {
this.TplName = "source.html"
this.Data["message"] = template.HTML(string(source))
}
func (this *mainController) Flag() {
walletString := this.Ctx.GetCookie("wallet_2")
if walletString == "" {
walletString, err := GenerateNewWallet()
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Something Went Wrong."
return
}
this.Ctx.SetCookie("wallet_2", walletString)
}
wallet, bank, err := ParseWallet(walletString, publicKey)
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Die Hax0r!!! My Crypto is the most secure eva!"
return
}
if wallet < 1337 {
this.TplName = "error.html"
this.Data["message"] = "Insufficient GoCoin! in wallet to buy flag."
return
}
wallet = wallet - 1337
wallet = Round(wallet, 0.01)
walletString, err = Wallet(wallet, bank, privateKey)
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Something Went Wrong."
return
}
this.Ctx.SetCookie("wallet_2", walletString)
this.TplName = "flag.html"
}
func (this *mainController) Withdraw() {
amount, err := strconv.ParseFloat(this.GetString("amount"), 64)
if err != nil || amount < 0 {
this.TplName = "error.html"
this.Data["message"] = "Invalid value in query string 'amount'."
return
}
walletString := this.Ctx.GetCookie("wallet_2")
if walletString == "" {
walletString, err := GenerateNewWallet()
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Something Went Wrong."
return
}
this.Ctx.SetCookie("wallet_2", walletString)
}
wallet, bank, err := ParseWallet(walletString, publicKey)
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Die Hax0r!!! My Crypto is the most secure eva!"
return
}
amount = Round(amount, 0.01)
if bank >= amount {
wallet = wallet + amount
wallet = Round(wallet, 0.01)
bank = bank - amount
bank = Round(bank, 0.01)
} else {
this.TplName = "error.html"
this.Data["message"] = "Insufficient GoCoin! in wallet."
return
}
walletString, err = Wallet(wallet, bank, privateKey)
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Something Went Wrong."
return
}
this.Ctx.SetCookie("wallet_2", walletString)
this.Data["wallet"] = wallet
this.Data["bank"] = bank
this.Data["amount"] = amount
this.TplName = "withdraw.html"
}
func (this *mainController) Deposit() {
amount, err := strconv.ParseFloat(this.GetString("amount"), 64)
if err != nil || amount < 0 {
this.TplName = "error.html"
this.Data["message"] = "Invalid value in query string 'amount'."
return
}
walletString := this.Ctx.GetCookie("wallet_2")
if walletString == "" {
walletString, err := GenerateNewWallet()
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Something Went Wrong."
return
}
this.Ctx.SetCookie("wallet_2", walletString)
}
wallet, bank, err := ParseWallet(walletString, publicKey)
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Die Hax0r!!! My Crypto is the most secure eva!"
return
}
amount = Round(amount,0.01)
if wallet >= amount {
wallet = wallet - amount
wallet = Round(wallet, 0.01)
bank = bank + amount
bank = Round(bank, 0.01)
} else {
this.TplName = "error.html"
this.Data["message"] = "Insufficient GoCoin! in wallet."
return
}
walletString, err = Wallet(wallet, bank, privateKey)
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Something Went Wrong."
return
}
this.Ctx.SetCookie("wallet_2", walletString)
this.Data["wallet"] = wallet
this.Data["bank"] = bank
this.Data["amount"] = amount
this.TplName = "deposit.html"
}
func Wallet(wallet float64, bank float64, mySigningKey []byte) (string, error) {
token := jwt.New(jwt.GetSigningMethod("RS256"))
claims := make(jwt.MapClaims)
claims["wallet"] = wallet
claims["bank"] = bank
claims["rand"] = rand.Uint64()
token.Claims = claims
key, err := jwt.ParseRSAPrivateKeyFromPEM(mySigningKey)
tokenString, err := token.SignedString(key)
return tokenString, err
}
func ParseWallet(myToken string, myKey []byte) (float64, float64, error) {
token, err := jwt.Parse(myToken, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
key, err := jwt.ParseRSAPublicKeyFromPEM(myKey)
return key, err
}
return myKey, nil
})
if err == nil && token.Valid {
claims := token.Claims.(jwt.MapClaims)
wallet, ok := claims["wallet"].(float64)
if !ok {
return 0, 0, err
}
bank, ok := claims["bank"].(float64)
if !ok {
return 0, 0, err
}
return wallet, bank, err
} else {
return 0, 0, err
}
}
func GenerateNewWallet() (string, error) {
walletString, err := Wallet(10, 0, privateKey)
return walletString, err
}
func (this *mainController) Get() {
walletString := this.Ctx.GetCookie("wallet_2")
if walletString == "" {
walletString, err := GenerateNewWallet()
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Something Went Wrong."
return
}
this.Ctx.SetCookie("wallet_2", walletString)
}
wallet, bank, err := ParseWallet(walletString, publicKey)
if err != nil {
this.TplName = "error.html"
this.Data["message"] = "Die Hax0r!!! My Crypto is the most secure eva!"
return
}
this.Data["wallet"] = wallet
this.Data["bank"] = bank
this.TplName = "index.html"
}
You can’t perform that action at this time.