* Performance Optimized

Author: White4Shadow

checker/src/checker.py

@@ -31,7 +31,7 @@
 checker = Enochecker("onlyleveling", SERVICE_PORT)
 
 
-# enochecker_test -a localhost -p 12626 -A 192.168.178.91
+# enochecker_test -a localhost -p 12626 -A 192.168.178.58
 
 def app():
     return checker.app
@@ -132,17 +132,6 @@ async def get_own_items(self, token, raise_on_error=True):
             return data["items"]
         return data
 
-    async def get_users(self):
-        self.logger.info("[get_users]")
-        resp = await self.client.get("/users/", timeout=self.timeout)
-
-        if resp.status_code != 200:
-            raise MumbleException(f"Failed to get user list (status={resp.status_code})")
-        try:
-            return resp.json()
-        except Exception as e:
-            raise MumbleException(f"User list not valid JSON: {e}, response={resp.text}")
-
     async def create_access_token(self, data: dict, seckey: str, expires_delta: timedelta = None):
         self.logger.info(f"[TOKEN] Using SECRET_KEY={seckey}")
         ALGORITHM = "HS256"
@@ -737,6 +726,7 @@ async def exploit_jwt(
     con = Connection(logger, client)
     logger.info("[exploit] Starting exploit attack SK")
 
+    flag_user = task.attack_info
     flag_user = task.attack_info
     logger.info(f"[exploit] Processing user: {flag_user}")
     keys = ['0', '00', '01', '10', '11']

service/backend/Dockerfile

@@ -6,6 +6,8 @@ WORKDIR /app
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 RUN apt-get clean && apt-get update && apt-get install -y netcat-openbsd sqlite3 && rm -rf /var/lib/apt/lists/*
+RUN pip install psycopg2-binary
+RUN pip install py-spy
 
 COPY generate_secret.sh .
 

service/backend/auth.py

@@ -2,21 +2,22 @@
 from jose import jwt, JWTError
 from datetime import datetime, timedelta
 import os
+import anyio
 
 SECRET_KEY = os.environ.get("SECRET_KEY")
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 30
 
-pwd_context = CryptContext(schemes=["sha256_crypt"], deprecated="auto")
-
-
+pwd_context = CryptContext(
+    schemes=["sha256_crypt"],
+    deprecated="auto",
+    sha256_crypt__rounds=1000
+)
 def verify_password(plain_password, hashed_password):
     return pwd_context.verify(plain_password, hashed_password)
 
-
-def get_password_hash(password):
-    return pwd_context.hash(password)
-
+async def get_password_hash_async(password: str) -> str:
+    return await anyio.to_thread.run_sync(pwd_context.hash, password)
 
 def create_access_token(data: dict, expires_delta: timedelta = None):
     to_encode = data.copy()
@@ -28,7 +29,6 @@ def create_access_token(data: dict, expires_delta: timedelta = None):
     encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
     return encoded_jwt
 
-
 def get_username_from_token(token: str):
     try:
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])

service/backend/crud.py

@@ -1,108 +1,166 @@
-from sqlalchemy.orm import Session
+from sqlalchemy.exc import IntegrityError, SQLAlchemyError
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import select, update, func
+from sqlalchemy.orm import joinedload
 import models
 import schemas
-from auth import get_password_hash
+from auth import get_password_hash_async  # <-- USE ASYNC HASH!
 import datetime
-from sqlalchemy.orm import joinedload
-
-
-def get_user_by_username(db: Session, username: str):
-    return db.query(models.User).filter(models.User.username == username).first()
 
+async def get_user_by_username(db: AsyncSession, username: str):
+    result = await db.execute(
+        select(models.User).where(models.User.username == username).options(joinedload(models.User.items))
+    )
+    return result.unique().scalar_one_or_none()
 
-def create_user(db: Session, user: schemas.UserCreate, username_key: str):
+async def create_user(db: AsyncSession, user: schemas.UserCreate, username_key: str):
+    hashed_password = await get_password_hash_async(user.password)   # <--- ASYNC!
     db_user = models.User(
         username=user.username,
-        hashed_password=get_password_hash(user.password),
+        hashed_password=hashed_password,
         username_key=username_key
     )
     db.add(db_user)
-    db.commit()
-    db.refresh(db_user)
-    return db_user
-
-
-def get_users(db: Session, skip: int = 0, limit: int = 10):
-    return db.query(models.User).offset(skip).limit(limit).all()
-
+    try:
+        await db.commit()
+        await db.refresh(db_user)
+        return db_user
+    except IntegrityError:
+        await db.rollback()
+        raise ValueError("User already exists or invalid data.")
+    except SQLAlchemyError as e:
+        await db.rollback()
+        raise e
+
+async def get_users(db: AsyncSession, skip: int = 0, limit: int = 10):
+    result = await db.execute(
+        select(models.User)
+        .offset(skip)
+        .limit(limit)
+        .options(joinedload(models.User.items))
+    )
+    return result.scalars().all()
 
-def get_items_by_user(db: Session, user_id: int):
-    user = db.query(models.User).options(joinedload(models.User.items)).filter(models.User.id == user_id).first()
+async def get_items_by_user(db: AsyncSession, user_id: int):
+    result = await db.execute(
+        select(models.User)
+        .where(models.User.id == user_id)
+        .options(joinedload(models.User.items))
+    )
+    user = result.unique().scalar_one_or_none()
     return user.items if user else []
 
-def get_user_by_id(db: Session, user_id: int):
-    return (
-        db.query(models.User)
-        .filter(models.User.id == user_id)
+async def get_user_by_id(db: AsyncSession, user_id: int):
+    result = await db.execute(
+        select(models.User)
+        .where(models.User.id == user_id)
         .options(joinedload(models.User.items))
-        .first()
     )
+    return result.unique().scalar_one_or_none()
 
-def update_item_note(db: Session, item_id: int, note: str):
-    item = db.query(models.Item).filter(models.Item.id == item_id).first()
+async def update_item_note(db: AsyncSession, item_id: int, note: str):
+    result = await db.execute(
+        select(models.Item).where(models.Item.id == item_id)
+    )
+    item = result.scalar_one_or_none()
     if not item:
         return None
     if item.note and item.note.strip() != "":
         return "locked"
     item.note = note
-    db.commit()
-    db.refresh(item)
+    try:
+        await db.commit()
+        await db.refresh(item)
+    except SQLAlchemyError:
+        await db.rollback()
+        raise
     return item
 
-
-def add_item_to_user(db, user, item):
+async def add_item_to_user(db: AsyncSession, user, item):
     if item not in user.items:
         user.items.append(item)
-        db.commit()
-        db.refresh(user)
+        try:
+            await db.commit()
+            await db.refresh(user)
+        except SQLAlchemyError:
+            await db.rollback()
+            raise
     return item
 
-
-def create_dungeon(db: Session, dungeon: schemas.DungeonCreate):
+async def create_dungeon(db: AsyncSession, dungeon: schemas.DungeonCreate):
     db_dungeon = models.Dungeon(**dungeon.model_dump())
     db.add(db_dungeon)
-    db.commit()
-    db.refresh(db_dungeon)
+    try:
+        await db.commit()
+        await db.refresh(db_dungeon)
+    except SQLAlchemyError:
+        await db.rollback()
+        raise
     return db_dungeon
 
+async def get_dungeon_by_id(db: AsyncSession, dungeon_id: int):
+    result = await db.execute(
+        select(models.Dungeon).where(models.Dungeon.id == dungeon_id)
+    )
+    return result.scalar_one_or_none()
 
-def get_dungeon_by_id(db: Session, dungeon_id: int):
-    return db.query(models.Dungeon).filter(models.Dungeon.id == dungeon_id).first()
-
-
-def get_dungeons(db: Session, skip: int = 0, limit: int = 100):
-    return db.query(models.Dungeon).offset(skip).limit(limit).all()
+async def get_dungeons(db: AsyncSession, skip: int = 0, limit: int = 100):
+    result = await db.execute(
+        select(models.Dungeon).offset(skip).limit(limit)
+    )
+    return result.scalars().all()
 
+async def record_completed_dungeon(db: AsyncSession, user_id: int, dungeon_id: int):
+    result = await db.execute(
+        select(models.CompletedDungeon).where(
+            models.CompletedDungeon.user_id == user_id,
+            models.CompletedDungeon.dungeon_id == dungeon_id
+        )
+    )
+    db_completed_dungeon = result.scalar_one_or_none()
 
-def record_completed_dungeon(db: Session, user_id: int, dungeon_id: int):
-    db_completed_dungeon = db.query(models.CompletedDungeon).filter(
-        models.CompletedDungeon.user_id == user_id,
-        models.CompletedDungeon.dungeon_id == dungeon_id
-    ).first()
+    now = datetime.datetime.now().isoformat()
 
     if db_completed_dungeon:
-        db_completed_dungeon.completion_timestamp = datetime.datetime.now().isoformat()
-        db.commit()
-        db.refresh(db_completed_dungeon)
+        db_completed_dungeon.completion_timestamp = now
+        await db.commit()
+        await db.refresh(db_completed_dungeon)
         return db_completed_dungeon
     else:
         new_completed_dungeon = models.CompletedDungeon(
             user_id=user_id,
             dungeon_id=dungeon_id,
-            completion_timestamp=datetime.datetime.now().isoformat()
+            completion_timestamp=now
         )
         db.add(new_completed_dungeon)
-        db.commit()
-        db.refresh(new_completed_dungeon)
+        await db.commit()
+        await db.refresh(new_completed_dungeon)
         return new_completed_dungeon
 
+async def get_user_completed_dungeons(db: AsyncSession, user_id: int):
+    result = await db.execute(
+        select(models.CompletedDungeon).where(models.CompletedDungeon.user_id == user_id)
+    )
+    return result.scalars().all()
 
-def get_user_completed_dungeons(db: Session, user_id: int):
-    return db.query(models.CompletedDungeon).filter(models.CompletedDungeon.user_id == user_id).all()
-
-
-def has_completed_dungeon(db: Session, user_id: int, dungeon_id: int) -> bool:
-    return db.query(models.CompletedDungeon).filter(
-        models.CompletedDungeon.user_id == user_id,
-        models.CompletedDungeon.dungeon_id == dungeon_id
-    ).first() is not None
+async def has_completed_dungeon(db: AsyncSession, user_id: int, dungeon_id: int) -> bool:
+    result = await db.execute(
+        select(models.CompletedDungeon).where(
+            models.CompletedDungeon.user_id == user_id,
+            models.CompletedDungeon.dungeon_id == dungeon_id
+        )
+    )
+    return result.scalar_one_or_none() is not None
+
+async def create_item_for_user(db: AsyncSession, item: schemas.ItemCreate, user_id: int):
+    db_item = models.Item(**item.model_dump())
+    db.add(db_item)
+    await db.commit()
+    await db.refresh(db_item)
+    user_result = await db.execute(select(models.User).where(models.User.id == user_id))
+    user = user_result.scalar_one_or_none()
+    if user:
+        user.items.append(db_item)
+        await db.commit()
+        await db.refresh(user)
+    return db_item

service/backend/database.py

@@ -1,15 +1,30 @@
-from sqlalchemy import create_engine
-from sqlalchemy.ext.declarative import declarative_base
-from sqlalchemy.orm import sessionmaker
+# database.py
+import os
+from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession, async_sessionmaker
+from sqlalchemy.orm import declarative_base
 
-SQLALCHEMY_DATABASE_URL = "sqlite:////app/db/sqlitedb.db"
+DATABASE_URL = "postgresql+asyncpg://backend:backend@backend-db:5432/backenddb"
 
-engine = create_engine(
-    SQLALCHEMY_DATABASE_URL,
-    connect_args={"check_same_thread": False},
-    pool_size=20,
-    max_overflow=30
+# Async Engine & Session
+engine = create_async_engine(
+    DATABASE_URL,
+    echo=True,
+    pool_size=10,         # this is important
+    max_overflow=20,      # and this too
 )
-SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+async_session = async_sessionmaker(engine, expire_on_commit=False, class_=AsyncSession)
 
 Base = declarative_base()
+
+# Dependency for FastAPI (yield!)
+async def get_async_db():
+    async with async_session() as session:
+        try:
+            yield session
+        finally:
+            await session.close()
+
+# (OPTIONAL) Table creation for Startup
+async def init_db():
+    async with engine.begin() as conn:
+        await conn.run_sync(Base.metadata.create_all)

service/backend/gunicorn.conf.py

@@ -1,7 +1,7 @@
 import multiprocessing
 
 worker_class = "uvicorn.workers.UvicornWorker"
-workers = 2
+workers = 4
 bind = "0.0.0.0:2626"
 timeout = 90
 keepalive = 3600