Skip to content

Online coding judge built from scratch to explore Docker-isolated code execution, Clean Architecture, and the challenges of safely running untrusted code with resource limits.

License

Notifications You must be signed in to change notification settings

AshharAhmadKhan/BrewAlgo

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BrewAlgo

Coding judge platform I built to understand how LeetCode and Codeforces prevent malicious code from breaking their servers

This started as a "how hard can it be to build a coding judge?" project and turned into a deep dive into Docker isolation, resource limits, and secure code execution. It's basically my playground for learning system design.

What it does

  • Runs user code in isolated Docker containers (because running untrusted code directly would be... bad)
  • Supports Java and Python (adding more languages is just adding Dockerfiles)
  • Tests submissions against multiple test cases
  • Returns detailed feedback: ACCEPTED, WRONG_ANSWER, COMPILATION_ERROR, TIME_LIMIT_EXCEEDED, etc.
  • Has a leaderboard because competitive programming without rankings isn't fun

Why I built this

Honestly, I was curious how platforms like LeetCode prevent someone from submitting while(true) {fork();} and crashing their servers. Turns out Docker resource limits and cgroups are pretty neat.

Also wanted to:

  • Learn Clean Architecture (the 4-layer thing everyone talks about)
  • Actually use Docker for something beyond docker run hello-world
  • Understand how code execution services work
  • Build something I could show to companies without saying "it's just a CRUD app"

Tech Stack

Backend:

  • Spring Boot 3.2 (with Spring Security for JWT auth)
  • PostgreSQL (because relationships matter)
  • Docker Java SDK (for container management)

Frontend:

  • React + Vite (CRA felt slow)
  • Tailwind CSS (I'm not a designer)

Execution:

  • Docker containers with CPU/memory limits
  • Custom images for each language (openjdk:17-slim, python:3.11-slim)

Architecture

React Frontend → Spring Boot API → Docker Engine → Execute Code → Return Results
                      ↓
                 PostgreSQL
            (problems, users, submissions)

The interesting part is the code execution:

  1. User submits code
  2. Backend writes code to temp file
  3. Spins up Docker container with resource limits (256MB RAM, 50% CPU, 5s timeout)
  4. Runs code against test cases
  5. Captures output via Docker logs
  6. Compares with expected output
  7. Returns verdict

Quick Start

Prerequisites:

  • Java 17+
  • Node.js 18+
  • PostgreSQL
  • Docker Desktop
  • Maven

Setup:

# Clone
git clone https://github.com/AshharAhmadKhan/BrewAlgo.git
cd BrewAlgo

# Database
psql -U postgres
CREATE DATABASE brewalgo;
\q

# Backend
cd backend
mvn spring-boot:run  # Runs on :8081

# Docker images (separate terminals)
cd docker/java-executor
docker build -t brewalgo-java-executor:latest .

cd ../python-executor
docker build -t brewalgo-python-executor:latest .

# Frontend
cd ../../frontend
npm install
npm run dev  # Runs on :5173

Don't forget to update backend/src/main/resources/application.properties with your database credentials.

Project Structure

BrewAlgo/
├── backend/                 # Spring Boot
│   ├── domain/             # Entities, repositories
│   ├── application/        # Services (execution logic here)
│   ├── infrastructure/     # Security, persistence
│   └── presentation/       # Controllers
│
├── frontend/               # React
│   ├── components/
│   ├── pages/
│   └── services/          # API calls
│
└── docker/                # Execution environments
    ├── java-executor/
    └── python-executor/

Challenges I faced

1. Docker dependency hell Spring Boot 3.2.1 uses httpcore5:5.2.4, but docker-java:3.3.4 needs 5.3+. Took me hours to figure out I needed to explicitly force the version in Maven.

2. Capturing Docker output Docker's log API returns a callback, not a string. Had to implement a custom ResultCallback.Adapter<Frame> to accumulate stdout. The docs weren't great here.

3. Preventing shell injection Initially used echo "input" | java Solution, which is vulnerable. Switched to writing input to a file and redirecting it.

4. Execution timing Docker overhead adds ~3-4s to execution time. Haven't optimized this yet — probably need container pooling.

What's working

  • ✅ User authentication (JWT)
  • ✅ Problem CRUD
  • ✅ Code submission & evaluation
  • ✅ Multi-language support
  • ✅ Resource limits (prevents infinite loops)
  • ✅ Test case validation
  • ✅ Leaderboard

What's not (yet)

  • Input format documentation for users
  • More than 1 practice problem (need to add more)
  • Contest system (backend is ready, UI isn't)
  • Container pooling (creates new container per test case)
  • WebSocket for real-time updates

API Endpoints

POST /api/auth/register
POST /api/auth/login
GET  /api/problems
GET  /api/problems/slug/{slug}
POST /api/submissions
GET  /api/submissions/user/{userId}
GET  /api/leaderboard

See docs/API.md for full documentation.

Security

  • JWT authentication with BCrypt password hashing
  • Docker isolation (no code runs on host)
  • Resource limits (CPU, memory, timeout)
  • Parameterized SQL queries (bye bye SQL injection)

Stats

  • ~10,000 lines of code
  • 40+ Java files
  • 25+ React components
  • 15+ API endpoints
  • 6 database entities

Contributing

Feel free to fork and submit PRs. This is a learning project, so I'm open to feedback and suggestions.

What I learned

  • How Docker SDK actually works in Java
  • Why async callback patterns exist (looking at you, Docker logs)
  • Clean Architecture isn't just buzzwords — it actually helps organize code
  • Resource limits are non-negotiable for code execution
  • PostgreSQL's JSONB type is surprisingly useful for storing test cases

License

MIT — do whatever you want with this.

Contact

Ashhar Ahmad Khan
📧 itzashhar@gmail.com
💼 LinkedIn
🐙 GitHub


Built this to learn, sharing it to help others learn too.

If this helped you understand code execution systems better, give it a ⭐️

About

Online coding judge built from scratch to explore Docker-isolated code execution, Clean Architecture, and the challenges of safely running untrusted code with resource limits.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published