CTFd MCP Server

from __future__ import annotations import os from dataclasses import dataclass from urllib.parse import urlparse from dotenv import load_dotenv class ConfigError(Exception): """Raised when configuration is missing or invalid.""" @dataclass class Config: base_url: str token: str | None = None session_cookie: str | None = None csrf_token: str | None = None total_timeout: float | None = None connect_timeout: float | None = None read_timeout: float | None = None username: str | None = None password: str | None = None @property def auth_header(self) -> dict[str, str]: return {"Authorization": f"Token {self.token}"} if self.token else {} def _parse_timeout(env_key: str) -> float | None: raw = os.getenv(env_key) if not raw: return None try: return float(raw) except ValueError as exc: # noqa: B904 - more readable error raise ConfigError(f"{env_key} must be a number (seconds).") from exc def load_config() -> Config: """Load config from environment or .env and validate values.""" load_dotenv() base_url = os.getenv("CTFD_URL") token = os.getenv("CTFD_TOKEN") session_cookie = os.getenv("CTFD_SESSION") csrf_token = os.getenv("CTFD_CSRF_TOKEN") username = os.getenv("CTFD_USERNAME") password = os.getenv("CTFD_PASSWORD") total_timeout = _parse_timeout("CTFD_TIMEOUT") connect_timeout = _parse_timeout("CTFD_CONNECT_TIMEOUT") read_timeout = _parse_timeout("CTFD_READ_TIMEOUT") if not base_url: raise ConfigError( "CTFD_URL is not set. Provide full URL to your CTFd instance." ) parsed = urlparse(base_url) if not parsed.scheme or not parsed.netloc: raise ConfigError("CTFD_URL must be a full URL, e.g. https://ctfd.example.com") # Precedence: username/password > token > session cookie. if username and password: token = None session_cookie = None csrf_token = None elif token: session_cookie = None csrf_token = None if not token and not session_cookie and not (username and password): raise ConfigError( "Set CTFD_TOKEN, CTFD_SESSION or both CTFD_USERNAME/CTFD_PASSWORD." ) return Config( base_url.rstrip("/"), token.strip() if token else None, session_cookie.strip() if session_cookie else None, csrf_token.strip() if csrf_token else None, total_timeout=total_timeout, connect_timeout=connect_timeout, read_timeout=read_timeout, username=username.strip() if username else None, password=password.strip() if password else None, )