Skip to content

CarterPerez-dev/ProxyAuthRequired

BranchesTags

Repository files navigation

HIGH LEVEL OVERVIEW

Below is a comprehensive, wide-ranging overview of my entire codebase and web application, based on the merged repository content. This overview is designed to be extremely detailed so that someone unfamiliar with the project can grasp the context, architecture, goals, data flow, and even the intricacies of the front-end (Redux usage, components) and back-end (database, models, routes, concurrency, Celery tasks, etc.). While it’s called a “high-level overview,” it is intentionally exhaustive—covering most relevant code structures, design decisions, and logic flow.

1. Project Purpose and Goals

This project is a gamified platform centered around cybersecurity, certification practice, daily newsletters, scenario-driven learning, and more. It has multiple services (backend, frontend, database, caching, etc.) that coordinate to deliver:

  1. Practice Test Functionality for certifications (e.g., CompTIA A+, Security+, CySA+, CASP+, etc.).
  2. User Account Management, including registration, login, XP leveling, achievements, and a virtual shop.
  3. Daily Newsletter System to send routine cybersecurity briefs via Celery and SendGrid.
  4. Scenario Generators, GRC question generators, analogy generators, and more, many leveraging OpenAI-based LLM calls.
  5. Streaming endpoints to serve chunked content for real-time updates in the UI.
  6. Gamification elements like XP, coins, daily bonuses, achievements, an in-app store for purchasing items and XP boosts.
  7. Integration with additional modules (Xploitcraft, GRC, daily scenario tasks, etc.) to create an immersive cybersecurity learning environment.

Overall, the site aims to combine an interactive quiz/practice system with daily content, scenario-based question streams, and a robust user experience that fosters repeated engagement and learning.

2. High-Level Architecture

My application is split among these major components:

  • Frontend (React) running at :3000 (or served by the Apache container).
  • Backend (Flask + Socket.IO) running at :5000. This connects to:
    • MongoDB for persistent data (Users, Achievements, Tests, etc.).
    • Redis for caching, Celery message broker, and result backend.
    • Celery worker processes for asynchronous tasks (newsletter emailing, AI generation tasks, etc.).
    • Apache (or Nginx in some config) serving as a reverse proxy, forwarding /api calls to the backend and everything else to the frontend.

2.1 Docker & Container Layout

  • apache/: Contains a Dockerfile.apache referencing httpd:2.4 plus a custom apache_server.conf and httpd.conf.
  • backend/: Contains a Dockerfile.backend that sets up Python (3.11), installs dependencies, and runs the Flask (Gunicorn) server on 0.0.0.0:5000.
  • frontend/my-react-app/: Contains multiple Dockerfiles for dev, audit, production, etc. Builds the React application.

2.2 Services Overview

  1. MongoDB stores user data, test metadata, achievements, newsletter content, subscription info, etc.
  2. Redis used by Celery for message brokering and result storage. Also used for session management (if configured with Flask-Session).
  3. Celery tasks handle:
    • Generating analogies, scenario text, and GRC questions with OpenAI.
    • Sending daily newsletters.
    • Generating exploit payloads or bigger tasks in an asynchronous manner.
  4. Backend (Flask) organizes code in subdirectories such as routes/, helpers/, models/, mongodb/, etc.
  5. Frontend uses React, Redux (with slices for user, achievements, shop, etc.) to orchestrate page navigations, test taking, user sign-in, etc.

3. Backend Structure and Flow

Located in backend/, the backend uses Flask + Socket.IO. Key subdirectories include:

  1. API/

    • AI.py sets up the OpenAI client. It loads the OPENAI_API_KEY from .env and creates a global OpenAI client object for usage across the codebase.

  2. helpers/

    • analogy_helper.py / analogy_stream_helper.py: Generate single/comparison/triple analogies with GPT. There’s streaming support for chunk-based analogy responses.
    • async_tasks.py: Celery tasks that wrap the logic for generating analogies, scenarios, interactive questions, exploit payloads, etc.
    • celery_app.py: The Celery application entry point, loads environment variables, sets schedules (like daily newsletter at midnight), configures broker (Redis) and concurrency.
    • daily_newsletter_helper.py / daily_newsletter_task.py: Manage newsletter content in the database, send daily newsletter to subscribers (via SendGrid).
    • email_helper.py: Uses SendGrid to send emails.
    • grc_helper.py / grc_stream_helper.py: Generate GRC-related multiple-choice questions, or stream them chunk by chunk. The content includes JSON structures with question, options, correct answer index, explanations, exam tips, etc.
    • scenario_helper.py: Generate scenario narratives for cybersecurity incidents, break them down into context/actors/risks, generate interactive questions, etc.
    • xploitcraft_helper.py: Xploits class uses rate limiting and streams content from GPT to produce exploit payloads and thorough code snippet examples.

  3. models/

    • newsletter_content.py: Basic CRUD with a newsletter collection in Mongo for storing a single doc with the current newsletter content.
    • test.py: A central, large file containing numerous helper functions for user creation, validation, test attempts, achievements, leveling, daily bonus, shop logic, etc.
      • Contains the advanced input sanitization for username, password, and email.
      • Defines the XP leveling logic (progressing from level to level with certain XP thresholds).
      • Achievement unlocking logic: checks total tests, perfect tests, consecutive perfect streaks, categories, etc.
    • user_subscription.py: Manages creation and removal of user subscriptions (for daily briefs). Has separate users collection from main user system (some duplication possible).

  4. mongodb/

    • database.py: Instantiates a Flask PyMongo object, references environment’s MONGO_URI, sets up mainusers_collection, shop_collection, achievements_collection, tests_collection, plus new testAttempts_collection, correctAnswers_collection, dailyQuestions_collection, dailyAnswers_collection.

  5. routes/

    • analogy_routes.py: 2 endpoints:
      1. /generate_analogy (uses Celery tasks for single/comparison/triple).
      2. /stream_analogy streams analogy in real time to the client.
    • daily_brief_routes.py: Subscribing to daily briefs, scheduling them, etc. (some references to a schedule_email_task).
    • grc_routes.py: Accepts category and difficulty, generates GRC question JSON via Celery.
    • scenario_routes.py: Streams scenario text chunk-by-chunk; streams interactive scenario-based questions chunk-by-chunk.
    • subscribe_routes.py / unsubscribe_routes.py: Basic routes for subscription and unsubscribing user emails. Includes email validation, uses require_api_key for admin route, etc.
    • test_routes.py: Very large file containing:
      • User Endpoints: register, login, retrieving user doc, updating XP, coins, etc.
      • Shop: listing items, purchase flow, equipping items, XP boosts, etc.
      • Tests: fetching a test by ID + category, finishing an attempt, listing attempts, storing user’s answers, awarding XP/coins for correct answers (only first time).
      • Achievements: endpoint for retrieving all achievements from DB.
      • Leaderboard: caching top 1000 users in memory for 15 seconds, serving data with skip/limit for pagination.
      • Daily Bonus: awarding 1000 coins once every 24 hours (plus daily question logic).
      • Username/Email/Password changes: includes password validation again, etc.
    • xploit_routes.py: Generating exploit payload (GPT-based) with optional streaming, returning code examples that highlight vulnerabilities, with commentary in code comments.

  6. app.py

    • The main Flask entry point, sets up CORS, Session, SocketIO, logs requests, registers all blueprint routes, and runs via Gunicorn.

3.1 Database Structure

In database.py, you define multiple collections in a single MongoDB instance:

  • mainusers: The primary user storage (username, email, password, xp, level, coins, purchasedItems, achievements, subscriptionActive, xpBoost, lastDailyClaim).
  • shopItems: Items in the in-app shop (avatars, XP boosts, color changes, etc.).
  • achievements: Documents describing achievements, each with achievementId, criteria, etc.
  • tests: The stored test questions (some references to “aplus,” “security+,” “cissp,” etc.). Each doc has testId, category, and an array of questions or some structure.
  • testAttempts: Tracks a user’s attempt on a specific test, storing answers, the current question index, the final score, and whether finished.
  • correctAnswers: Tracks which specific question a user has gotten correct for the first time (so awarding XP/coins is only given once).
  • dailyQuestions / dailyAnswers: For daily question logic. Each day can have a special question. dailyAnswers stores who answered what, awarding coin bonuses if correct.

3.2 Back-End Key Points

  • Rate Limiting: The exploit generation route uses a simple token bucket in xploitcraft_helper.py.
  • Celery:
    • Scheduled tasks (app.conf.beat_schedule) for daily newsletters at midnight.
    • async_tasks.py wraps generating analogies, GRC questions, scenario text, etc.
  • OpenAI usage: A single client object is imported from API/AI.py. LLM calls happen for scenario generation, GRC question creation, exploit code, etc.
  • Security: Basic request validation in user registration, password checks, etc. Some potential duplication across front-end validation. Rate limiting for exploit endpoints. Achievements logic ensures no duplication of awarding.
  • Routing: Divided by blueprint for organizational clarity.

4. Frontend (React + Redux) Structure

In frontend/my-react-app/, you have a typical Create React App folder layout:

  1. public/
    • Some static files like xp_mongo.js, index.html, manifest.json, robots.txt.
    • Possibly images for XP boost items, logos, etc.
  2. src/
    • App.js, index.js, etc. typical React bootstrapping.
    • global.css, index.css for global styles.
    • components/: The heart of the front-end, subdivided into pages, store slices, etc.
      • pages/: Contains many subfolders, each representing a set of tests or pages:
        • AnalogyPage (with AnalogyHub.js, .css).
        • aplus/ (with APlusTestList.js, APlusTestPage.js).
        • aplus2/, auth/, awscloud/, casp/, cissp/, cloudplus/, cysa/, DailyPage/, dataplus/, GRCpage/, Info/, linuxplus/, nplus/, penplus/, ResourcesPage/, ScenarioPage/, secplus/, serverplus/, etc.
      • The pattern: each certification has two components: XYZTestList.js for listing tests, and XYZTestPage.js to handle a single test instance (some use the new universal GlobalTestPage.js).
      • store/: Redux slices for achievements, shop, user, etc., plus a store.js combining them.
      • Sidebar/Sidebar.js, ProtectedRoute.js, etc. shared components.

4.1 React/Redux Data Flow

  • store/userSlice.js (found in the user’s directory mention, typically) manages login, registration, user state. Possibly also caches tokens or user data in localStorage.
  • store/shopSlice.js might fetch or store the user’s coins, purchase actions, items.
  • store/achievementsSlice.js tracks achievements unlocked, shows toasts, etc.

Key Note: Some test pages are fully localStorage-based (like awscloud, caspplus, cissp, etc.), while others (like aplus, aplus2) demonstrate fetching attempts from the server. This indicates a partial migration from local-only test progress to server-based progress.

4.2 Major UI Flows

  1. Registration/Login:
    • Uses forms that dispatch Redux actions (like loginUser, registerUser).
    • Validations are done on the front-end (like not allowing certain usernames or trivial passwords) and also re-validated on the server.
    • On success, the store is updated with userId and other user info. Then localStorage is updated for persistence.
  2. Test Taking:
    • The user navigates to a “Test List” page for a specific category (A+, CASP+, etc.).
    • Each test card can be started, resumed, or restarted.
    • If it’s a “server-based” category (like A+), the system calls backend endpoints to upsert attempt docs in testAttempts_collection.
    • If it’s a “local-based” category (like AWSCloud or CASP+), the system uses localStorage to store progress.
  3. Shop:
    • The user can see available items. The store fetches from the /shop endpoint.
    • Purchasing triggers a server call that decrements coins and marks the item as purchased. Some items might apply xpBoost or change the user’s nameColor or currentAvatar.
  4. Achievements:
    • When finishing tests or gaining coins/XP, the front-end might re-check achievements from the server. The server automatically calls check_and_unlock_achievements.
    • The front-end can display a toast or modal if new achievements are unlocked.
  5. Daily Features:
    • A “Daily Bonus” button awarding 1000 coins once per 24 hours is done by calling /user/<user_id>/daily-bonus.
    • The “Daily Question” is fetched from dailyQuestions_collection, awarding bonus coins if correct.
  6. Analogy / GRC / Scenario pages:
    • Send POST requests to the relevant “/stream_... ” or “/generate_...” endpoints. The UI streams the chunked text from GPT’s response, showing partial output in real time.
    • For example, the “AnalogyHub.js” fetches /analogy/stream_analogy and uses a ReadableStream to accumulate text chunks.

5. Key Data Models and JSON Examples

  1. User Document (in mainusers_collection): 
    {
  "_id": ObjectId("..."),
  "username": "alice",
  "email": "[email protected]",
  "password": "...",
  "coins": 500,
  "xp": 3400,
  "level": 5,
  "achievements": ["first_test_complete", "coin_collector"],
  "subscriptionActive": false,
  "purchasedItems": [ObjectId("..."), ...],
  "xpBoost": 1.0,
  "currentAvatar": ObjectId("..."),
  "nameColor": null,
  "lastDailyClaim": Date(),
  // etc.
}
  2. Test Document (in tests_collection): 
    {
  "_id": ObjectId("..."),
  "testId": 1,
  "category": "aplus",
  "questions": [
    {
      "question": "Which tool would you use to check file system integrity?",
      "options": ["CHKDSK", "FORMAT", "DISKPART", "FDISK"],
      "correctIndex": 0,
      "explanation": "CHKDSK verifies the file system..."
    },
    ...
  ]
}
  3. Test Attempts (in testAttempts_collection): 
    {
  "_id": ObjectId("..."),
  "userId": ObjectId("..."),
  "testId": 1,
  "category": "aplus",
  "answers": [
    {
      "questionId": "...some question ID or index...",
      "userAnswerIndex": 2,
      "correctAnswerIndex": 0
    }
  ],
  "score": 10,
  "totalQuestions": 100,
  "currentQuestionIndex": 15,
  "finished": false,
  "finishedAt": null
}
  4. Achievement (in achievements_collection): 
    {
  "_id": ObjectId("..."),
  "achievementId": "coin_collector",
  "title": "Coin Collector",
  "description": "Accumulate 10,000 coins",
  "criteria": { "coins": 10000 },
  "iconUrl": "/icons/coinCollector.png"
}

6. Special Features and Modules

  1. Analogy Generation:

    • analogy_helper.py and routes let the user input concepts or categories, which calls GPT with a prompt. The reply is a fun analogy, used for educational or entertainment value. Streams partial text if desired.

  2. Scenario Generation:

    • The user picks an industry, attack type, skill level, threat intensity. The system produces a multi-paragraph scenario with detailed context. Then breaks it into structured data or generates interactive questions with GPT.

  3. GRC (Governance, Risk, Compliance):

    • API that returns a JSON question object with multiple choice answers, an explanations map for each choice, and an exam_tip. These can be displayed in the front-end as practice questions for advanced certifications (CISSP, CASP+, CRISC, etc.).

  4. Newsletter:

    • daily_newsletter_task.send_daily_newsletter runs nightly. Retrieves newsletter content from DB, enumerates subscribers, sends via SendGrid.

  5. Xploitcraft:

    • Provides “educational” exploit payload generation with code samples in Python. The user or a training environment can see how vulnerabilities might be exploited. Includes rate limiting to prevent excessive GPT usage.

  6. Achievements:

    • Comprehensive logic in check_and_unlock_achievements. The user can unlock achievements for finishing tests, scoring 100%, finishing multiple tests, collecting coins, reaching certain XP levels, etc.

7. Design Patterns & Principles

  • Blueprint-based Route Organization: Each route file focuses on a logical grouping (analogy, scenario, etc.).
  • Celery for Asynchronicity: CPU or I/O heavy tasks (like sending out mass emails or large GPT calls) run outside the main request cycle to keep the app responsive.
  • MongoDB Data Model: Non-relational approach with flexible structures for tests, attempts, daily content, etc.
  • Front-end:
    • Functional React Components with hooks (useState, useEffect).
    • Redux for global state, managing user login state, achievements, shop items. The slices dispatch asynchronous actions for calling the backend or reading localStorage.
    • Test Merging: Some tests are localStorage-based, others stored on the server. This is presumably an ongoing refactor.
    • Styling: Each page/feature typically has a dedicated .css file. Some global overrides. The Sidebar and App.js handle primary layout or navigation.

8. Redux Usage

Inside frontend/my-react-app/src/components/pages/store/:

  • userSlice.js:
    • Typically has loginUser and registerUser thunks that fetch the backend /test/login or /test/user endpoints.
    • On success, sets userId, username, coins, xp, etc. in Redux state.
  • achievementsSlice.js:
    • Might fetch user’s achievements or handle newly unlocked ones.
    • Possibly displays notifications or confetti upon unlocking achievements.
  • shopSlice.js:
    • Fetches shop items, stores them in a global state. Let’s you dispatch “purchaseItem” which calls the backend’s “/shop/purchase/<item_id>”.

Actions are triggered from React pages (like a “Buy” button or “Login” button). The reducers update the global store. Components read the store (like useSelector(state => state.user)), so they can show user’s coins or logged-in status.

9. Deployment & Execution

  • docker-compose.yml likely orchestrates containers for backend, frontend, apache (or nginx), redis, mongodb.
  • The backend runs Gunicorn with gevent workers.
  • The frontend is served either by Node or built and served by the apache container as static assets.
  • ENV Variables from .env or environment:
    • OPENAI_API_KEY, MONGO_URI, SENDGRID_API_KEY, REDIS_PASSWORD, etc.

Development: Possibly you run docker-compose up or each container individually. Then:

  • Frontend on http://localhost:3000.
  • Backend on http://localhost:5000.
  • The reverse proxy on http://localhost:8080 or so. (My config might vary.)

10. Summary of Project Strengths

  1. Modular code design with strong separation: routes vs. models vs. Celery tasks vs. front-end pages.
  2. Scalable approach to concurrency, thanks to Celery, Redis, and streaming responses.
  3. Gamification aspects are robust: XP, coins, achievements, daily claims, shop items, etc.
  4. Rich AI functionality: analogy generation, scenario creation, GRC question generation, exploit payloads, etc.
  5. Security improvements: user input validations, password rules, achievements awarding logic to prevent duplication, minimal rate-limiting for GPT usage.

11. Potential Next Steps / Observations

  • Consistency in how test attempts are stored (server-based vs. localStorage). Migrating all to server-based might unify the user experience.
  • Enhanced integration for daily newsletters with more dynamic content or personalization.
  • Further rate limiting or advanced security for the open AI endpoints if usage spikes.
  • UI improvements to unify styling between the many test lists and categories.
  • Improving environment-based configuration to facilitate staging vs. production.

Conclusion

My web application is a multi-container platform that unites a gamified cybersecurity practice environment, daily content, AI-based scenario and question generation, a robust user system with achievements/levels, an item shop, and daily tasks. The back-end is structured with blueprint routes, Celery tasks for asynchronous operations, a well-thought-out schema in MongoDB, and a front-end React/Redux code structure that organizes test features by certification category. By combining streaming GPT responses, e-commerce-like item purchasing, and daily engagement loops, the project fosters a creative and educational experience focusing on repeated user engagement in cybersecurity topics.

This concludes the extremely lengthy, detailed, and “high-level” (but ironically deeply comprehensive) overview. It should give any newcomer a solid sense of the entire codebase and its underlying logic, from data models and route design to front-end Redux patterns, achievements, daily engagement, and Celery-based tasks.

About

Free, Open-Source, Cybersecurity Learning Website.

ProxyAuthRequired.com

Resources

Readme
Activity

Stars

17 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages