This project is a RESTful API built with FastAPI to manage a collection of rooms. Each room has attributes like name, description, URL, tags, tasks, write-ups, and videos. The API provides endpoints to create, update, delete, search, and retrieve rooms. Additionally, users can submit solutions to get approved and featured in the API/Website. The project also includes tests to ensure the API functions correctly using the requests library.
project/
│
├── src/
│ ├── __init__.py
│ ├── main.py # Main FastAPI app
│ ├── models.py # Pydantic models
│ └── database.py # Database connection and utilities
│
├── tests/
│ ├── __init__.py
│ └── test_api.py # Test cases
│
├── utils/
│ ├── __init__.py
│ ├── populate_db.py # Script to populate the database
│ └── delete_rooms.py # Script to delete all room entries
│
├── .env # Environment variables
├── Makefile # Makefile for quick github commands
└── requirements.txt # Dependencies
- FastAPI: For building the web API.
- Pydantic: For data validation using Python type annotations.
- MongoDB: For the database, with
pymongoas the driver. - SlowAPI: For rate limiting.
- Requests: For making HTTP requests in the test suite.
-
Clone the repository:
git clone https://github.com/NotSooShariff/tryhackme-api.git cd tryhackme-api -
Create a virtual environment (optional but recommended):
python -m venv venv source venv/bin/activate # On Windows, use `venv\Scripts\activate`
-
Install dependencies:
pip install -r requirements.txt
-
Setup environment variables:
Create a
.envfile in the root of the project with the following content:MONGODB_URL=mongodb://localhost:27017 ADMIN_USERNAME=your_username ADMIN_PASSWORD=your_password
Refer
.env.templateprovided
-
Start the FastAPI server:
uvicorn src.main:app --reload
The API will be available at
http://127.0.0.1:8000.
Refer to the documentation for a better understanding.
- GET /rooms: List all rooms.
- GET /room/{name}: Get details of a specific room.
- GET /search: Search rooms by keyword.
- GET /room_by_url: Get room details by URL.
- POST /room: Create a new room (requires authentication).
- PUT /room/{name}: Update an existing room (requires authentication).
- DELETE /room/{name}: Delete a room (requires authentication).
- POST /submit: Submit a solution to get featured.
- Authentication: The API uses Basic Authentication. Sensitive endpoints require valid credentials.
- Rate Limiting: Implemented using SlowAPI to prevent abuse and ensure fair usage.
- IP Logging and Ban: Tracks failed login attempts and bans IPs exceeding the threshold.
-
Run tests with the
requestslibrary:python tests/test_api.py
-
Test Coverage:
The tests ensure endpoints function correctly, handle errors, and respect rate limits.
Example Response:
[
{
"name": "Basic Pentesting",
"description": "A beginner-friendly room to learn basic pentesting skills.",
"room_url": "https://tryhackme.com/room/basicpentesting",
"tags": ["beginner", "pentesting"],
"tasks": [
{
"title": "Task 1",
"description": "Find the hidden flag.",
"questions": [
{"number": 1, "question": "Where is the flag located?", "solution": "In the hidden directory."},
{"number": 2, "question": "What is the flag?", "solution": "THM{hidden_flag}"}
]
}
],
"writeups": [
{"title": "Basic Pentesting Writeup", "url": "https://example.com/writeup1"}
],
"videos": [
{"title": "Basic Pentesting Video", "url": "https://example.com/video1"}
]
}
]Run the script to add test data to the database:
python utils/populate_db.pyRun the script to remove all room entries:
python utils/delete_db.pyThe Makefile provides some handy shortcuts:
- Run server:
make run - Run tests:
make test - GitHub push:
make push - GitHub pull:
make pull
This project is licensed under the MIT License. See the LICENSE file for details.