tempus is a fully functional todolist with a beautiful UI and a vulnerable flask backend.
A great learning opportunity, I was inspired by friends to make this and learned plenty of new skills and solidified existing ones along the way.
This was created as a challenge in cybersecurity Capture the Flag (CTF) competitions. Initially created for GHCHS's Cybersecurity Club CTF, trevzCTF.
tempus uses python's flask as the backend, rendering pages using Jinja2. It can be deployed safely using Docker.
Python Flask-SocketIO on the backend communicates with the frontend javascript socket.io on every new todo item. It stores the rendered data into the browser's local storage for future viewing. It also stores viewing done items preference, list of all todos and dones, and color preference.
Note: You can remove parts of script.js, that fetch to the backend, to have a secure standalone todolist. In that case, run the todolist with gunicorn using the same command in the Dockerfile but standalone.
- Clone and move into this repository:
git clone https://github.com/trevor-trinh/tempus..git
cd tempus.(OPTIONAL) Use python venv to make a virtual environment:
python3 -m venv env
source env/bin/activate- Install the Python requirements with pip:
pip install -r requirements.txt- To test run the app (if you're not using python
venv, do not include thesourceanddeactivatecommands):
source "env/bin/activate"
export FLASK_APP=app.py
export FLASK_ENV=development
flask run -p 8015 -h "0.0.0.0"
deactivate- To run in production with
Docker:
docker pull trevortrinh/trevzctf
# Edit build.sh with your docker image tag like: your-name/tempus.
./build.sh
./start.shWhile I don't really know how to use github and accept changes just yet, pull requests are welcome!