From 3912feaed29a59750ebdb9cd0a9fbf145210bb8c Mon Sep 17 00:00:00 2001
From: spkap <sourabhkapure@gmail.com>
Date: Fri, 17 Jan 2025 21:47:25 +0530
Subject: [PATCH 1/7] Implemented mock routes

---
 .gitignore                                 |   1 +
 backend/Dockerfile                         |   2 +-
 backend/atlas_backend/models.py            |  43 +-
 backend/atlas_backend/serializers.py       |  71 ++-
 backend/atlas_backend/urls.py              |  18 +-
 backend/atlas_backend/views.py             | 610 +++++++++++++--------
 frontend/src/api/auth.js                   |  19 +-
 frontend/src/api/challenges.js             |  39 +-
 frontend/src/api/config.js                 |  54 +-
 frontend/src/api/scoreboard.js             |  22 +-
 frontend/src/api/teams.js                  |  62 ++-
 frontend/src/api/user.js                   |  72 +--
 frontend/src/components/ChallengeCard.jsx  | 104 ++--
 frontend/src/components/Navbar.jsx         |   5 +-
 frontend/src/components/ProtectedRoute.jsx |  12 +-
 frontend/src/components/TeamCard.jsx       |  16 +-
 frontend/src/context/AuthContext.jsx       | 102 +---
 17 files changed, 694 insertions(+), 558 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8f7bd4f..7fdaa38 100644
--- a/.gitignore
+++ b/.gitignore
@@ -82,3 +82,4 @@ test-report.xml
 Thumbs.db
 ehthumbs.db
 Desktop.ini
+codebase_review.txt
diff --git a/backend/Dockerfile b/backend/Dockerfile
index f353394..ddc227d 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,5 +1,5 @@
 # Use Python base image
-FROM python:3.12-slim
+FROM python:3.12
 
 # Set environment variables
 ENV PYTHONDONTWRITEBYTECODE=1
diff --git a/backend/atlas_backend/models.py b/backend/atlas_backend/models.py
index 2aa0c5f..6a5c8bb 100644
--- a/backend/atlas_backend/models.py
+++ b/backend/atlas_backend/models.py
@@ -2,7 +2,6 @@
 from django.contrib.auth.models import AbstractUser, BaseUserManager, Group
 from django.core.validators import MinValueValidator
 
-
 class CustomUserManager(BaseUserManager):
     def create_user(self, email, password=None, **extra_fields):
         if not email:
@@ -30,7 +29,6 @@ def get_by_natural_key(self, email):
         """
         return self.get(email=email)
 
-
 class Team(models.Model):
     name = models.CharField(max_length=100, unique=True)
     description = models.TextField(blank=True)
@@ -42,21 +40,13 @@ class Team(models.Model):
     def __str__(self):
         return self.name
 
-
 class User(AbstractUser):
     email = models.EmailField(unique=True)
-    team = models.ForeignKey(
-        Team,
-        on_delete=models.SET_NULL,
-        null=True,
-        blank=True,
-        related_name="members",
-    )
+    team = models.ForeignKey(Team, on_delete=models.SET_NULL, null=True, blank=True, related_name="members")
     created_at = models.DateTimeField(auto_now_add=True)
     updated_at = models.DateTimeField(auto_now=True)
 
     objects = CustomUserManager()
-
     USERNAME_FIELD = "email"
     REQUIRED_FIELDS = []
 
@@ -66,11 +56,10 @@ def __str__(self):
     def has_role(self, role_name):
         return self.groups.filter(name=role_name).exists()
 
-
 class Challenge(models.Model):
     CATEGORY_CHOICES = [
         ("web", "Web"),
-        ("crypto", "Cryptography"),
+        ("crypto", "Cryptography"), 
         ("pwn", "Binary Exploitation"),
         ("reverse", "Reverse Engineering"),
         ("forensics", "Forensics"),
@@ -90,46 +79,40 @@ class Challenge(models.Model):
     def __str__(self):
         return self.title
 
-
 class Container(models.Model):
     STATUS_CHOICES = [
         ("running", "Running"),
-        ("exited", "Exit"),
+        ("exited", "Exited"),
         ("error", "Error"),
     ]
 
-    team = models.ForeignKey(Team, on_delete=models.CASCADE)
-    challenge = models.ForeignKey(Challenge, on_delete=models.CASCADE)
+    team = models.ForeignKey(Team, on_delete=models.CASCADE, related_name="containers")
+    challenge = models.ForeignKey(Challenge, on_delete=models.CASCADE, related_name="containers")
     container_id = models.CharField(max_length=100)
     ssh_host = models.CharField(max_length=200)
     ssh_port = models.IntegerField()
     ssh_user = models.CharField(max_length=100)
     ssh_key = models.TextField()
-    status = models.CharField(
-        max_length=20, choices=STATUS_CHOICES, default="exited"
-    )
+    status = models.CharField(max_length=20, choices=STATUS_CHOICES, default="exited")
     created_at = models.DateTimeField(auto_now_add=True)
     updated_at = models.DateTimeField(auto_now=True)
 
     def __str__(self):
         return f"{self.team.name} - {self.challenge.title}"
 
-
 class Submission(models.Model):
-    team = models.ForeignKey(Team, on_delete=models.CASCADE)
-    challenge = models.ForeignKey(Challenge, on_delete=models.CASCADE)
-    points_awarded = models.IntegerField(validators=[MinValueValidator(0)])
-    timestamp = models.DateTimeField(auto_now_add=True)
+    team = models.ForeignKey(Team, on_delete=models.CASCADE, related_name="submissions")
+    challenge = models.ForeignKey(Challenge, on_delete=models.CASCADE, related_name="submissions")
+    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='submissions')
     flag_submitted = models.CharField(max_length=200, default="")
     is_correct = models.BooleanField(default=False)
+    points_awarded = models.IntegerField(validators=[MinValueValidator(0)])
     attempt_number = models.IntegerField(default=1)
+    timestamp = models.DateTimeField(auto_now_add=True)
 
     class Meta:
-        unique_together = (
-            "team",
-            "challenge",
-        )  # Used to enforce one submission per challenge for any team
+        unique_together = ("team", "challenge")
         ordering = ["-timestamp"]
 
     def __str__(self):
-        return f"{self.team.name} - {self.challenge.title}"
+        return f"{self.team.name} - {self.challenge.title}"
\ No newline at end of file
diff --git a/backend/atlas_backend/serializers.py b/backend/atlas_backend/serializers.py
index ecdec82..f2ca119 100644
--- a/backend/atlas_backend/serializers.py
+++ b/backend/atlas_backend/serializers.py
@@ -1,38 +1,67 @@
 from rest_framework import serializers
-from django.contrib.auth.models import Group
-from .models import User, Challenge
-
+from .models import User, Challenge, Team, Submission, Container
 
 class UserSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
-        fields = ['id', 'username', 'email', 'role', 'team', 'created_at', 'updated_at']
-
+        fields = ['id', 'username', 'email', 'team']
 
 class SignupSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
         fields = ['username', 'email', 'password']
+        extra_kwargs = {'password': {'write_only': True}}
+
+    def create(self, validated_data):
+        return User.objects.create_user(**validated_data)
+
+class ChallengeSerializer(serializers.ModelSerializer):
+    is_solved = serializers.SerializerMethodField()
+    attempts = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Challenge
+        fields = [
+            'id', 
+            'title', 
+            'description', 
+            'category', 
+            'max_points',
+            'max_team_size', 
+            'docker_image', 
+            'is_solved', 
+            'attempts',
+            'created_at',
+            'updated_at'
+        ]
         extra_kwargs = {
-            'password': {'write_only': True},
+            'flag': {'write_only': True}  # Never expose flag in API responses
         }
 
-    def create(self, validated_data):
-        user = User(
-            username=validated_data['username'],
-            email=validated_data['email']
-        )
-        user.set_password(validated_data['password'])
-        user.save()
+    def get_is_solved(self, obj):
+        team = self.context.get('user_team')
+        return team and obj.submissions.filter(team=team, is_correct=True).exists()
 
-       
-        default_group, _ = Group.objects.get_or_create(name='user')
-        user.role = default_group  
-        user.save()
+    def get_attempts(self, obj):
+        team = self.context.get('user_team')
+        return team and obj.submissions.filter(team=team).count() or 0
 
-        return user
+class TeamSerializer(serializers.ModelSerializer):
+    members = UserSerializer(many=True, read_only=True)
+    total_score = serializers.IntegerField(read_only=True)
+    member_count = serializers.IntegerField(read_only=True)
+    solved_count = serializers.IntegerField(read_only=True)
 
-class ChallengeSerializer(serializers.ModelSerializer):
     class Meta:
-        model = Challenge
-        fields = ['id', 'title', 'description', 'category', 'max_points', 'max_team_size', 'created_at', 'updated_at']
\ No newline at end of file
+        model = Team
+        fields = ['id', 'name', 'description', 'team_size', 'members', 
+                 'total_score', 'member_count', 'solved_count', 'challenges']
+
+class SubmissionSerializer(serializers.ModelSerializer):
+    challenge_name = serializers.CharField(source='challenge.title')
+    submitted_by = serializers.CharField(source='user.username')
+    
+    class Meta:
+        model = Submission
+        fields = ['id', 'challenge_name', 'submitted_by', 'flag_submitted', 
+                 'is_correct', 'points_awarded', 'attempt_number', 'timestamp']
diff --git a/backend/atlas_backend/urls.py b/backend/atlas_backend/urls.py
index 453bd28..a651433 100644
--- a/backend/atlas_backend/urls.py
+++ b/backend/atlas_backend/urls.py
@@ -1,18 +1,30 @@
+# backend/atlas_backend/urls.py
 from django.urls import path
 from . import views
 
 urlpatterns = [
+    # Auth routes
     path('auth/register', views.signup, name='signup'),
     path('auth/login', views.signin, name='signin'),
     path('auth/forgot-password', views.request_password_reset, name='request_password_reset'),
     path('auth/reset-password', views.reset_password, name='reset_password'),
+    
+    # Challenge routes
     path('challenges', views.get_challenges, name='get_challenges'),
     path('challenges/<int:challenge_id>/submit', views.submit_flag, name='submit_flag'),
     path('challenges/<int:challenge_id>/start', views.start_challenge, name='start_challenge'),
-    path('challenges/create', views.create_challenge, name='create_challenge'),
+    
+    # Team routes
     path('teams', views.get_teams, name='get_teams'),
-    path('teams/join', views.join_team, name='join_team'),
     path('teams/create', views.create_team, name='create_team'),
+    path('teams/join', views.join_team, name='join_team'),
     path('teams/leave', views.leave_team, name='leave_team'),
+    
+    # Scoreboard route
     path('scoreboard', views.get_scoreboard, name='get_scoreboard'),
-]
\ No newline at end of file
+    
+    # User routes
+    path('user/update-info', views.update_user_info, name='update_user_info'),
+    path('user/profile', views.get_user_profile, name='get_user_profile'),
+    path('user/team/history', views.get_team_history, name='get_team_history'),
+]
diff --git a/backend/atlas_backend/views.py b/backend/atlas_backend/views.py
index 0d2ef9b..dfa979b 100644
--- a/backend/atlas_backend/views.py
+++ b/backend/atlas_backend/views.py
@@ -2,6 +2,11 @@
 from django.contrib.auth import authenticate
 from django.core.exceptions import ValidationError
 from django.conf import settings
+from django.db.models import Sum, Count, Max, Q
+from django.db import IntegrityError
+from datetime import datetime, timedelta
+import jwt
+from django.core.mail import send_mail
 
 from rest_framework import status
 from rest_framework.decorators import api_view, permission_classes
@@ -9,59 +14,8 @@
 from rest_framework.permissions import AllowAny, IsAuthenticated
 from rest_framework_simplejwt.tokens import RefreshToken
 
-from datetime import datetime, timedelta
-import jwt
-
-from .models import User, Challenge,Submission
-from .serializers import SignupSerializer, ChallengeSerializer
-
-
-dummy_teams = [
-    {
-        "id": 1,
-        "name": "Team Alpha",
-        "email": "alpha@example.com",
-        "isHidden": False,
-        "isBanned": False,
-        "members": ["Alice", "Bob"],
-        "score": 1000,
-    },
-    {
-        "id": 2,
-        "name": "Team Beta",
-        "email": "beta@example.com",
-        "isHidden": False,
-        "isBanned": False,
-        "members": ["Charlie", "Dave"],
-        "score": 800,
-    },
-]
-
-dummy_challenges = [
-    {
-        "id": 1,
-        "name": "Challenge 1",
-        "description": "Solve this challenge",
-        "points": 100,
-    },
-    {
-        "id": 2,
-        "name": "Challenge 2",
-        "description": "Solve this challenge too",
-        "points": 200,
-    },
-]
-
-dummy_scoreboard = [
-    {
-        "team": "Team Alpha",
-        "score": 1000,
-    },
-    {
-        "team": "Team Beta",
-        "score": 800,
-    },
-]
+from .models import User, Challenge, Submission, Team, Container
+from .serializers import SignupSerializer, ChallengeSerializer, TeamSerializer, SubmissionSerializer, UserSerializer
 
 @api_view(['POST'])
 @permission_classes([AllowAny])
@@ -71,13 +25,11 @@ def signup(request):
         user = serializer.save()
         refresh = RefreshToken.for_user(user)
         
-        # Add custom claims to the token
         refresh['user'] = {
             'id': user.id,
             'email': user.email,
             'username': user.username,
             'isAdmin': user.is_staff,
-            'isVerified': user.is_active,
             'teamId': user.team.id if user.team else None
         }
         
@@ -87,27 +39,24 @@ def signup(request):
         }, status=status.HTTP_201_CREATED)
     return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
-
 @api_view(['POST'])
 @permission_classes([AllowAny])
 def signin(request):
-    email = request.data.get('email')  # Changed from username
+    email = request.data.get('email')
     password = request.data.get('password')
-
-    if not email or not password:  # Updated error message
+    
+    if not email or not password:
         return Response({'error': 'Email and password are required'}, status=status.HTTP_400_BAD_REQUEST)
-
-    user = authenticate(email=email, password=password)  # Changed to use email
+    
+    user = authenticate(email=email, password=password)
     if user:
         refresh = RefreshToken.for_user(user)
         
-        # Add custom claims to the token
         refresh['user'] = {
             'id': user.id,
             'email': user.email,
             'username': user.username,
             'isAdmin': user.is_staff,
-            'isVerified': user.is_active,
             'teamId': user.team.id if user.team else None
         }
         
@@ -117,230 +66,407 @@ def signin(request):
         })
     return Response({'error': 'Invalid credentials'}, status=status.HTTP_401_UNAUTHORIZED)
 
+@api_view(['GET'])
+@permission_classes([IsAuthenticated])
+def get_challenges(request):
+    challenges = Challenge.objects.all()
+    serializer = ChallengeSerializer(
+        challenges, 
+        many=True,
+        context={'user_team': request.user.team}
+    )
+    return Response(serializer.data)
 
 @api_view(['POST'])
-@permission_classes([AllowAny])
-def request_password_reset(request):
-    email = request.data.get('email')
+@permission_classes([IsAuthenticated])
+def submit_flag(request, challenge_id):
+    if not request.user.team:
+        return Response(
+            {'error': 'You must be in a team to submit flags'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+    
+    challenge = get_object_or_404(Challenge, id=challenge_id)
+    flag = request.data.get('flag')
+    
+    if not flag:
+        return Response(
+            {'error': 'Flag is required'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+    
+    existing_submission = Submission.objects.filter(
+        team=request.user.team,
+        challenge=challenge
+    ).first()
+    
+    if existing_submission:
+        if existing_submission.is_correct:
+            return Response(
+                {'error': 'Challenge already solved'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+        attempt_number = existing_submission.attempt_number + 1
+        existing_submission.delete()  # Remove previous attempt
+    else:
+        attempt_number = 1
+    
+    is_correct = challenge.flag == flag
+    points = challenge.max_points if is_correct else 0
+    
     try:
-        user = User.objects.get(email=email)
-        token = jwt.encode({
-            'user_id': user.id,
-            'exp': datetime.utcnow() + timedelta(hours=24)
-        }, settings.SECRET_KEY, algorithm='HS256')
+        submission = Submission.objects.create(
+            team=request.user.team,
+            challenge=challenge,
+            user=request.user,
+            flag_submitted=flag,
+            is_correct=is_correct,
+            points_awarded=points,
+            attempt_number=attempt_number
+        )
         
-        reset_url = f"{settings.FRONTEND_URL}/auth/reset-password?token={token}"
+        return Response({
+            'message': 'Correct flag!' if is_correct else 'Incorrect flag',
+            'points_awarded': points,
+            'is_correct': is_correct,
+            'attempt_number': attempt_number
+        })
+    except IntegrityError:
+        return Response(
+            {'error': 'Submission error occurred'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+
+@api_view(['POST'])
+@permission_classes([IsAuthenticated])
+def start_challenge(request, challenge_id):
+    if not request.user.team:
+        return Response(
+            {'error': 'You must be in a team to start challenges'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
         
-        # to uncomment after smtp configuration
-        # send_mail(
-        #     'Password Reset Request',
-        #     f'Click the following link to reset your password: {reset_url}',
-        #     settings.DEFAULT_FROM_EMAIL,
-        #     [email],
-        #     fail_silently=False,
-        # )
+    challenge = get_object_or_404(Challenge, id=challenge_id)
+    
+    existing_container = Container.objects.filter(
+        team=request.user.team,
+        challenge=challenge,
+        status='running'
+    ).first()
+    
+    if existing_container:
+        return Response({
+            'host': existing_container.ssh_host,
+            'port': existing_container.ssh_port,
+            'username': existing_container.ssh_user,
+            'container_id': existing_container.id,
+            'ssh_key': existing_container.ssh_key
+        })
+    
+    try:
+        from .docker_plugin import DockerManager
+        docker_mgr = DockerManager()
         
-        return Response({'message': 'Password reset token generated', 'reset_url': reset_url})
-    except User.DoesNotExist:
-        return Response({'error': 'User not found'}, status=status.HTTP_404_NOT_FOUND)
+        container_info = docker_mgr.create_container(
+            challenge.docker_image,
+            team_id=request.user.team.id,
+            challenge_id=challenge_id
+        )
+        
+        container = Container.objects.create(
+            team=request.user.team,
+            challenge=challenge,
+            container_id=container_info['container_id'],
+            ssh_host=container_info['host'],
+            ssh_port=container_info['port'],
+            ssh_user=container_info['username'],
+            ssh_key=container_info.get('ssh_key', ''),
+            status='running'
+        )
+        
+        return Response({
+            'host': container.ssh_host,
+            'port': container.ssh_port,
+            'username': container.ssh_user,
+            'container_id': container.id,
+            'ssh_key': container.ssh_key
+        })
+        
+    except Exception as e:
+        return Response(
+            {'error': str(e)},
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
+        )
 
+@api_view(['GET'])
+@permission_classes([IsAuthenticated])
+def get_teams(request):
+    teams = Team.objects.annotate(
+        total_score=Sum('submissions__points_awarded', default=0),
+        member_count=Count('members', distinct=True),
+        solved_count=Count('submissions', filter=Q(submissions__is_correct=True))
+    ).order_by('-total_score')
+    
+    serializer = TeamSerializer(teams, many=True)
+    return Response(serializer.data)
 
 @api_view(['POST'])
-@permission_classes([AllowAny])
-def reset_password(request):
-    token = request.query_params.get('token')  # Get token from URL query parameter
-    new_password = request.data.get('new_password')
-    confirm_password = request.data.get('confirm_password')
-    
-    if not token:
+@permission_classes([IsAuthenticated])
+def create_team(request):
+    if request.user.team:
         return Response(
-            {'error': 'Reset token is required'}, 
+            {'error': 'You are already in a team'},
             status=status.HTTP_400_BAD_REQUEST
         )
+        
+    name = request.data.get('name')
+    description = request.data.get('description', '')
+    team_size = request.data.get('team_size', 4)
     
-    if not new_password or not confirm_password:
+    if not name:
         return Response(
-            {'error': 'New password and password confirmation are required'}, 
+            {'error': 'Team name is required'},
             status=status.HTTP_400_BAD_REQUEST
         )
     
-    if new_password != confirm_password:
+    try:
+        team = Team.objects.create(
+            name=name,
+            description=description,
+            team_size=team_size
+        )
+        request.user.team = team
+        request.user.save()
+        
+        return Response(TeamSerializer(team).data, status=status.HTTP_201_CREATED)
+    except Exception as e:
         return Response(
-            {'error': 'Passwords do not match'}, 
+            {'error': str(e)},
             status=status.HTTP_400_BAD_REQUEST
         )
-    
-    if len(new_password) < 8:
+
+@api_view(['POST'])
+@permission_classes([IsAuthenticated])
+def join_team(request):
+    if request.user.team:
         return Response(
-            {'error': 'Password must be at least 8 characters long'}, 
+            {'error': 'You are already in a team'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+        
+    team_id = request.data.get('team_id')
+    if not team_id:
+        return Response(
+            {'error': 'Team ID is required'},
             status=status.HTTP_400_BAD_REQUEST
         )
     
     try:
-        payload = jwt.decode(token, settings.SECRET_KEY, algorithms=['HS256'])
-        user = User.objects.get(id=payload['user_id'])
-        user.set_password(new_password)
-        user.save()
-        return Response({'message': 'Password reset successful'})
-    except jwt.ExpiredSignatureError:
-        return Response({'error': 'Reset token has expired'}, status=status.HTTP_400_BAD_REQUEST)
-    except jwt.DecodeError:
-        return Response({'error': 'Invalid reset token'}, status=status.HTTP_400_BAD_REQUEST)
-    except User.DoesNotExist:
-        return Response({'error': 'User not found'}, status=status.HTTP_404_NOT_FOUND)
-    except Exception:
-        return Response({'error': 'Password reset failed'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
-
-
-# @api_view(['GET'])
-# @permission_classes([IsAuthenticated])
-# def get_challenges(request):
-#     challenges = Challenge.objects.all()
-#     serializer = ChallengeSerializer(challenges, many=True)
-#     return Response(serializer.data, status=status.HTTP_200_OK)
-
-# @api_view(['POST'])
-# @permission_classes([IsAuthenticated])
-# def submit_flag(request, challenge_id):
-#     flag = request.data.get('flag')
-#     challenge = get_object_or_404(Challenge, id=challenge_id)
-#     team = request.user.team  
-
-#     if challenge.flag == flag:
+        team = Team.objects.get(id=team_id)
+        current_size = team.members.count()
         
-#         Submission.objects.create(
-#             team=team,
-#             challenge=challenge,
-#             points_awarded=challenge.max_points
-#         )
-#         return Response({'message': 'Correct flag!', 'points_awarded': challenge.max_points}, status=status.HTTP_200_OK)
-#     return Response({'message': 'Incorrect flag'}, status=status.HTTP_400_BAD_REQUEST)
+        if current_size >= team.team_size:
+            return Response(
+                {'error': 'Team is full'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+            
+        request.user.team = team
+        request.user.save()
+        return Response({'message': 'Successfully joined team'})
+    except Team.DoesNotExist:
+        return Response(
+            {'error': 'Team not found'},
+            status=status.HTTP_404_NOT_FOUND
+        )
 
+@api_view(['POST'])
+@permission_classes([IsAuthenticated])
+def leave_team(request):
+    if not request.user.team:
+        return Response(
+            {'error': 'You are not in a team'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+        
+    request.user.team = None
+    request.user.save()
+    return Response({'message': 'Successfully left team'})
 
-# @api_view(['POST'])
-# @permission_classes([IsAuthenticated])
-# def create_challenge(request):
-    
-#     data = request.data
+@api_view(['GET'])
+@permission_classes([AllowAny])
+def get_scoreboard(request):
+    teams = Team.objects.annotate(
+        total_score=Sum('submissions__points_awarded', default=0),
+        member_count=Count('members', distinct=True),
+        solved_count=Count('submissions', filter=Q(submissions__is_correct=True))
+    ).order_by('-total_score')
     
+    serializer = TeamSerializer(teams, many=True)
+    return Response(serializer.data)
+
+@api_view(['POST'])
+@permission_classes([AllowAny])
+def request_password_reset(request):
+    email = request.data.get('email')
+    if not email:
+        return Response(
+            {'error': 'Email is required'}, 
+            status=status.HTTP_400_BAD_REQUEST
+        )
     
-#     try:
+    try:
+        user = User.objects.get(email=email)
+        token = jwt.encode({
+            'user_id': user.id,
+            'exp': datetime.utcnow() + timedelta(hours=24)
+        }, settings.SECRET_KEY, algorithm='HS256')
         
-#         title = data.get("title")
-#         description = data.get("description")
-#         category = data.get("category")
-#         docker_image = data.get("docker_image")
-#         flag = data.get("flag")
-#         max_points = data.get("max_points")
-#         max_team_size = data.get("max_team_size", 4)  
-
-#         if not title or not description or not category or not docker_image or not flag or max_points is None:
-#             raise ValidationError("All fields are required")
-
-#         valid_categories = dict(Challenge.CATEGORY_CHOICES)
-#         if category not in valid_categories:
-#             raise ValidationError(f"Invalid category. Valid categories are: {', '.join(valid_categories.values())}")
-
-#         challenge = Challenge.objects.create(
-#             title=title,
-#             description=description,
-#             category=category,
-#             docker_image=docker_image,
-#             flag=flag,
-#             max_points=max_points,
-#             max_team_size=max_team_size
-#         )
-
-#         return Response({
-#             "message": "Challenge created successfully!",
-#             "challenge_id": challenge.id
-#         }, status=status.HTTP_201_CREATED)
+        reset_url = f"{settings.FRONTEND_URL}/reset-password?token={token}"
+        
+        # Send email if SMTP is configured
+        if hasattr(settings, 'EMAIL_HOST'):
+            send_mail(
+                'Password Reset Request',
+                f'Click here to reset your password: {reset_url}',
+                settings.DEFAULT_FROM_EMAIL,
+                [email],
+                fail_silently=False,
+            )
+            return Response({'message': 'Password reset email sent'})
+        
+        # For development, return the reset URL
+        return Response({
+            'message': 'Password reset token generated', 
+            'reset_url': reset_url
+        })
+        
+    except User.DoesNotExist:
+        # Return success to prevent email enumeration
+        return Response({'message': 'If email exists, reset instructions will be sent'})
 
-#     except ValidationError:
-#         return Response({"error": "Validation error"}, status=status.HTTP_400_BAD_REQUEST)
+@api_view(['POST']) 
+@permission_classes([AllowAny])
+def reset_password(request):
+    token = request.data.get('token')
+    new_password = request.data.get('new_password')
+    
+    if not token or not new_password:
+        return Response(
+            {'error': 'Token and new password are required'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
 
-#     except Exception:
-#         return Response({"error": "Something went wrong. Please try again."}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+    try:
+        # Validate password
+        if len(new_password) < 8:
+            return Response(
+                {'error': 'Password must be at least 8 characters'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        # Verify and decode token
+        payload = jwt.decode(
+            token, 
+            settings.SECRET_KEY, 
+            algorithms=['HS256'],
+            options={'verify_exp': True}
+        )
+        
+        user = User.objects.get(id=payload['user_id'])
+        user.set_password(new_password)
+        user.save()
 
+        return Response({'message': 'Password reset successful'})
 
-@api_view(['GET'])
-@permission_classes([IsAuthenticated])
-def get_teams(request):
-    return Response(dummy_teams, status=status.HTTP_200_OK)
+    except jwt.ExpiredSignatureError:
+        return Response(
+            {'error': 'Reset link has expired'}, 
+            status=status.HTTP_400_BAD_REQUEST
+        )
+    except (jwt.InvalidTokenError, User.DoesNotExist):
+        return Response(
+            {'error': 'Invalid reset token'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
 
 @api_view(['POST'])
 @permission_classes([IsAuthenticated])
-def join_team(request):
-    return Response({"message": "Joined team successfully"}, status=status.HTTP_200_OK)
-
-@api_view(['GET'])
-@permission_classes([IsAuthenticated])
-def get_scoreboard(request):
-    return Response(dummy_scoreboard, status=status.HTTP_200_OK)
+def create_challenge(request):
+    if not request.user.is_staff:
+        return Response(
+            {'error': 'Only administrators can create challenges'},
+            status=status.HTTP_403_FORBIDDEN
+        )
+    
+    try:
+        data = request.data
+        required_fields = ['title', 'description', 'category', 'docker_image', 'flag', 'max_points']
+        
+        # Validate required fields
+        missing_fields = [field for field in required_fields if not data.get(field)]
+        if missing_fields:
+            return Response(
+                {'error': f'Missing required fields: {", ".join(missing_fields)}'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        # Validate category
+        valid_categories = dict(Challenge.CATEGORY_CHOICES)
+        if data['category'] not in valid_categories:
+            return Response(
+                {'error': f'Invalid category. Valid categories are: {", ".join(valid_categories.keys())}'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        # Create challenge
+        challenge = Challenge.objects.create(
+            title=data['title'],
+            description=data['description'],
+            category=data['category'],
+            docker_image=data['docker_image'],
+            flag=data['flag'],
+            max_points=int(data['max_points']),
+            max_team_size=int(data.get('max_team_size', 4))
+        )
 
-@api_view(['GET'])
-@permission_classes([IsAuthenticated])
-def get_challenges(request):
-    return Response(dummy_challenges, status=status.HTTP_200_OK)
+        return Response(
+            ChallengeSerializer(challenge).data,
+            status=status.HTTP_201_CREATED
+        )
 
-@api_view(['POST'])
-@permission_classes([IsAuthenticated])
-def submit_flag(request, challenge_id):
-    return Response({"message": "Flag submitted successfully"}, status=status.HTTP_200_OK)
+    except ValueError as e:
+        return Response(
+            {'error': 'Invalid numeric value provided'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+    except Exception as e:
+        return Response(
+            {'error': str(e)},
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
+        )
 
-@api_view(['POST'])
+@api_view(['GET'])
 @permission_classes([IsAuthenticated])
-def create_challenge(request):
-    return Response({
-        "message": "Challenge created successfully!",
-        "challenge_id": 1
-    }, status=status.HTTP_201_CREATED)
+def get_user_profile(request):
+    serializer = UserSerializer(request.user)
+    return Response(serializer.data)
 
 @api_view(['POST'])
 @permission_classes([IsAuthenticated])
-def start_challenge(request, challenge_id):
-    # Mocked SSH details
-    ssh_details = {
-        "host": "127.0.0.1",
-        "port": 2222,
-        "username": "user",
-        "password": "password"
-    }
-    return Response(ssh_details, status=status.HTTP_200_OK)
-
+def update_user_info(request):
+    serializer = UserSerializer(request.user, data=request.data, partial=True)
+    if serializer.is_valid():
+        serializer.save()
+        return Response(serializer.data)
+    return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
-@api_view(['POST'])
+@api_view(['GET'])
 @permission_classes([IsAuthenticated])
-def create_team(request):
-    team_name = request.data.get('name')
-    if not team_name:
-        return Response({"error": "Team name is required"}, status=status.HTTP_400_BAD_REQUEST)
+def get_team_history(request):
+    if not request.user.team:
+        return Response({'error': 'User not in a team'}, status=status.HTTP_400_BAD_REQUEST)
     
-    # Mocked response for team creation
-    new_team = {
-        "id": 7,  # Example ID
-        "name": team_name,
-        "email": f"{team_name.lower().replace(' ', '_')}@ctf.com",
-        "isHidden": False,
-        "isBanned": False,
-        "points": 0,
-        "place": 0,
-        "memberCount": 1,
-        "users": [
-            {
-                "id": request.user.id,
-                "username": request.user.username,
-                "email": request.user.email,
-                "points": 0,
-                "teamId": 7
-            }
-        ],
-        "solvedChallenges": []
-    }
-    return Response(new_team, status=status.HTTP_201_CREATED)
-
-@api_view(['POST'])
-@permission_classes([IsAuthenticated])
-def leave_team(request):
-    # Mocked response for leaving a team
-    return Response({"message": "Left team successfully"}, status=status.HTTP_200_OK)
\ No newline at end of file
+    submissions = Submission.objects.filter(team=request.user.team)
+    serializer = SubmissionSerializer(submissions, many=True)
+    return Response(serializer.data)
\ No newline at end of file
diff --git a/frontend/src/api/auth.js b/frontend/src/api/auth.js
index 424402c..5227d8f 100644
--- a/frontend/src/api/auth.js
+++ b/frontend/src/api/auth.js
@@ -1,26 +1,17 @@
 import apiClient from './config';
 
-export const register = async (username, email, password) => {
-  const response = await apiClient.post('/auth/register', {
-    username,
-    email,
-    password,
-  });
+export const register = async (userData) => {
+  const response = await apiClient.post('/auth/register', userData);
   return response.data;
 };
 
-export const login = async (email, password) => {
-  const response = await apiClient.post('/auth/login', {
-    email,
-    password,
-  });
+export const login = async (credentials) => {
+  const response = await apiClient.post('/auth/login', credentials);
   return response.data;
 };
 
 export const requestPasswordReset = async (email) => {
-  const response = await apiClient.post('/auth/forgot-password', {
-    email,
-  });
+  const response = await apiClient.post('/auth/forgot-password', { email });
   return response.data;
 };
 
diff --git a/frontend/src/api/challenges.js b/frontend/src/api/challenges.js
index ff391bc..cb08a22 100644
--- a/frontend/src/api/challenges.js
+++ b/frontend/src/api/challenges.js
@@ -1,33 +1,22 @@
-import axios from 'axios';
-import { API_URL } from './config';
 import apiClient from './config';
 
-export const getChallenges = async (token) => {
-  const response = await axios.get(`${API_URL}/challenges`, {
-    headers: { Authorization: `Bearer ${token}` },
-  });
+export const getChallenges = async () => {
+  const response = await apiClient.get('/challenges');
   return response.data;
 };
 
-export const submitFlag = async (challengeId, flag, token) => {
-  const response = await axios.post(
-    `${API_URL}/challenges/${challengeId}/submit`,
-    { flag },
-    {
-      headers: { Authorization: `Bearer ${token}` },
-    },
-  );
+export const submitFlag = async (challengeId, flag) => {
+  const response = await apiClient.post(`/challenges/${challengeId}/submit`, {
+    flag_submitted: flag,
+  });
   return response.data;
 };
 
-
-export const startChallenge = async (challengeId, token) => {
-  const response = await axios.post(
-    `${API_URL}/challenges/${challengeId}/start`,
-    {},
-    {
-      headers: { Authorization: `Bearer ${token}` },
-    },
-  );
-  return response.data;
-}
\ No newline at end of file
+export const startChallenge = async (challengeId) => {
+  const response = await apiClient.post(`/challenges/${challengeId}/start`);
+  return {
+    container: response.data.container,
+    port: response.data.port,
+    status: response.data.status,
+  };
+};
diff --git a/frontend/src/api/config.js b/frontend/src/api/config.js
index 69a8eeb..924569f 100644
--- a/frontend/src/api/config.js
+++ b/frontend/src/api/config.js
@@ -1,36 +1,56 @@
 import axios from 'axios';
 
-export const API_URL = import.meta.env.VITE_API_URL || 'http://localhost:3000';
-export const apiClient = axios.create({
+export const API_URL = import.meta.env.VITE_API_URL || 'http://localhost:8000';
+
+const apiClient = axios.create({
   baseURL: API_URL,
   timeout: 10000,
   headers: {
     'Content-Type': 'application/json',
-    Accept: 'application/json',
   },
 });
 
+// Token refresh logic
 apiClient.interceptors.response.use(
   (response) => response,
-  (error) => {
-    if (error.response?.status === 401) {
-      localStorage.removeItem('token');
-      window.location.href = '/login';
+  async (error) => {
+    const originalRequest = error.config;
+    if (error.response?.status === 401 && !originalRequest._retry) {
+      originalRequest._retry = true;
+      try {
+        const refreshToken = localStorage.getItem('refreshToken');
+        const { data } = await apiClient.post('/auth/refresh', {
+          refresh: refreshToken,
+        });
+        localStorage.setItem('token', data.access);
+        apiClient.defaults.headers.Authorization = `Bearer ${data.access}`;
+        return apiClient(originalRequest);
+      } catch (refreshError) {
+        localStorage.removeItem('token');
+        localStorage.removeItem('refreshToken');
+        window.location.href = '/login';
+      }
     }
     return Promise.reject(error);
   },
 );
 
-apiClient.interceptors.request.use(
-  (config) => {
-    const token = localStorage.getItem('token');
-    // console.log('Token:', token);
-    if (token) {
-      config.headers.Authorization = `Bearer ${token}`;
-    }
-    return config;
-  },
-  (error) => Promise.reject(error)
+// Add centralized error handler
+apiClient.interceptors.response.use(
+  response => response,
+  error => {
+    console.error(`API Error: ${error.message}`);
+    return Promise.reject(error);
+  }
 );
 
+// Auth header injection
+apiClient.interceptors.request.use((config) => {
+  const token = localStorage.getItem('token');
+  if (token) {
+    config.headers.Authorization = `Bearer ${token}`;
+  }
+  return config;
+});
+
 export default apiClient;
diff --git a/frontend/src/api/scoreboard.js b/frontend/src/api/scoreboard.js
index 8f49263..819f12e 100644
--- a/frontend/src/api/scoreboard.js
+++ b/frontend/src/api/scoreboard.js
@@ -1,18 +1,18 @@
-import { API_URL } from './config';
-import axios from 'axios';
+import apiClient from './config';
 
-export const getScoreboard = async (token) => {
-  const response = await axios.get(`${API_URL}/scoreboard`, {
-    headers: { Authorization: `Bearer ${token}` },
-  });
-  return response.data;
+export const getScoreboard = async () => {
+  try {
+    const response = await apiClient.get('/scoreboard');
+    return response.data;
+  } catch (error) {
+    console.error('Error fetching scoreboard:', error);
+    throw error;
+  }
 };
 
-export const getTeams = async (token) => {
+export const getTeams = async () => {
   try {
-    const response = await axios.get(`${API_URL}/teams`, {
-      headers: { Authorization: `Bearer ${token}` },
-    });
+    const response = await apiClient.get('/teams');
     return response.data;
   } catch (error) {
     console.error('Error fetching teams:', error);
diff --git a/frontend/src/api/teams.js b/frontend/src/api/teams.js
index a0d6e30..6287cfc 100644
--- a/frontend/src/api/teams.js
+++ b/frontend/src/api/teams.js
@@ -1,27 +1,47 @@
-import axios from 'axios';
-import { API_URL } from './config';
+import apiClient from './config';
 
-export const getTeams = async (token) => {
-  const response = await axios.get(`${API_URL}/teams`, {
-    headers: { Authorization: `Bearer ${token}` },
-  });
-  return response.data;
+export const getTeams = async () => {
+  try {
+    const response = await apiClient.get('/teams');
+    return response.data;
+  } catch (error) {
+    console.error('Error fetching teams:', error);
+    throw error;
+  }
 };
 
-export const createTeam = async (teamData, token) => {
-  const response = await axios.post(`${API_URL}/teams`, teamData, {
-    headers: { Authorization: `Bearer ${token}` },
-  });
-  return response.data;
+export const createTeam = async (teamData) => {
+  try {
+    const response = await apiClient.post('/teams/create', {
+      name: teamData.name,
+      description: teamData.description,
+      max_members: teamData.maxMembers,
+    });
+    return response.data;
+  } catch (error) {
+    console.error('Error creating team:', error);
+    throw error;
+  }
 };
 
-export const joinTeam = async (code, token) => {
-  const response = await axios.post(
-    `${API_URL}/teams/join`,
-    { code },
-    {
-      headers: { Authorization: `Bearer ${token}` },
-    },
-  );
-  return response.data;
+export const joinTeam = async (teamId) => {
+  try {
+    const response = await apiClient.post('/teams/join', {
+      team_id: teamId,
+    });
+    return response.data;
+  } catch (error) {
+    console.error('Error joining team:', error);
+    throw error;
+  }
+};
+
+export const leaveTeam = async () => {
+  try {
+    const response = await apiClient.post('/teams/leave');
+    return response.data;
+  } catch (error) {
+    console.error('Error leaving team:', error);
+    throw error;
+  }
 };
diff --git a/frontend/src/api/user.js b/frontend/src/api/user.js
index bf122f5..a935ec2 100644
--- a/frontend/src/api/user.js
+++ b/frontend/src/api/user.js
@@ -1,52 +1,34 @@
 import apiClient from './config';
-import axios from 'axios';
-import { API_URL } from './config';
-
-// export const updateUserInfo = async (userInfo, token) => {
-//   const response = await axios.post(`${API_URL}/user/update-info`, userInfo, {
-//     headers: { Authorization: `Bearer ${token}` },
-//   });
-//   return response.data;
-// };
-
-// export const getTeamHistory = async (token) => {
-//   const response = await axios.get(`${API_URL}/user/team/history`, {
-//     headers: { Authorization: `Bearer ${token}` },
-//   });
-//   return response.data;
-// };
 
+// Get user profile
+export const getUserProfile = async () => {
+  try {
+    const response = await apiClient.get('/user/profile');
+    return response.data;
+  } catch (error) {
+    console.error('Error fetching user profile:', error);
+    throw error;
+  }
+};
 
-export const updateUserInfo = async (userInfo, token) => {
-    // Mocked response
-  return {
-    ...userInfo,
-    id: 1,
-    isAdmin: false,
-    isVerified: true,
-    teamId: 1,
-  };
+// Update user information
+export const updateUserInfo = async (userData) => {
+  try {
+    const response = await apiClient.post('/user/update-info', userData);
+    return response.data;
+  } catch (error) {
+    console.error('Error updating user info:', error);
+    throw error;
+  }
 };
 
-export const getTeamHistory = async (token) => {
-  // Mocked response
-  return {
-    teamName: 'Team Alpha',
-    teamScore: 1000,
-    submissions: [
-      { id: 1, challengeName: 'Challenge 1', points: 100, solvedAt: '2024-03-15' },
-      { id: 2, challengeName: 'Challenge 2', points: 200, solvedAt: '2024-03-16' },
-    ],
-  };
+// Get team history for the user
+export const getTeamHistory = async () => {
+  const response = await apiClient.get('/user/team/history');
+  return response.data;
 };
 
-export const leaveTeam = async (token) => {
-    const response = await axios.post(
-      `${API_URL}/teams/leave`,
-      {},
-      {
-        headers: { Authorization: `Bearer ${token}` },
-      },
-    );
-    return response.data;
-  };
\ No newline at end of file
+export const leaveTeam = async () => {
+  const response = await apiClient.post('/teams/leave');
+  return response.data;
+};
diff --git a/frontend/src/components/ChallengeCard.jsx b/frontend/src/components/ChallengeCard.jsx
index eb9a175..acacf2f 100644
--- a/frontend/src/components/ChallengeCard.jsx
+++ b/frontend/src/components/ChallengeCard.jsx
@@ -1,71 +1,108 @@
 import React, { useState } from 'react';
 import PropTypes from 'prop-types';
-import { useAuth } from '../hooks/useAuth';
 import { startChallenge, submitFlag } from '../api/challenges';
 
 function ChallengeCard({ challenge }) {
-  const { user } = useAuth();
-  const [sshDetails, setSshDetails] = useState(null);
+  const [containerDetails, setContainerDetails] = useState(null);
   const [flag, setFlag] = useState('');
-  const [challengeStarted, setChallengeStarted] = useState(false);
+  const [error, setError] = useState('');
+  const [loading, setLoading] = useState(false);
 
   const handleStartChallenge = async () => {
     try {
-      const details = await startChallenge(challenge.id, user.token);
-      setSshDetails(details);
-      setChallengeStarted(true);
-      alert('Challenge started! Check SSH details below.');
+      setLoading(true);
+      setError('');
+      const data = await startChallenge(challenge.id);
+      setContainerDetails(data);
     } catch (error) {
+      setError('Failed to start challenge. Please try again.');
       console.error('Failed to start challenge:', error);
-      alert('Failed to start the challenge. Please try again.');
+    } finally {
+      setLoading(false);
     }
   };
 
   const handleSubmitFlag = async () => {
+    if (!flag.trim()) {
+      setError('Please enter a flag');
+      return;
+    }
+
     try {
-      const response = await submitFlag(challenge.id, flag, user.token);
-      alert(response.message);
+      setLoading(true);
+      setError('');
+      const data = await submitFlag(challenge.id, flag);
+      if (data.correct) {
+        alert('Congratulations! Flag is correct!');
+        setFlag('');
+      } else {
+        setError('Incorrect flag. Try again.');
+      }
     } catch (error) {
+      setError('Failed to submit flag. Please try again.');
       console.error('Failed to submit flag:', error);
-      alert('Failed to submit the flag. Please try again.');
+    } finally {
+      setLoading(false);
     }
   };
 
   return (
     <div className="challenge-card bg-white shadow-md rounded-lg p-4 sm:p-6">
-      <h3 className="text-xl font-semibold mb-2">{challenge.name}</h3>
+      <h3 className="text-xl font-semibold mb-2">{challenge.title}</h3>
       <p className="text-gray-600 mb-4">{challenge.description}</p>
-      <p className="text-blue-600 font-bold flex items-center justify-between">
-        <span>Points:</span>
-        <span className="text-2xl">{challenge.points}</span>
-      </p>
-      {!challengeStarted ? (
+      <div className="flex justify-between items-center mb-4">
+        <span className="text-sm font-medium">
+          Category: {challenge.category}
+        </span>
+        <span className="text-blue-600 font-bold">
+          {challenge.max_points} pts
+        </span>
+      </div>
+
+      {error && <div className="text-red-500 text-sm mb-4">{error}</div>}
+
+      {!containerDetails ? (
         <button
           onClick={handleStartChallenge}
-          className="mt-4 px-4 py-2 bg-blue-500 text-white rounded hover:bg-blue-600"
+          disabled={loading}
+          className={`w-full px-4 py-2 rounded ${
+            loading
+              ? 'bg-gray-400 cursor-not-allowed'
+              : 'bg-blue-500 hover:bg-blue-600'
+          } text-white`}
         >
-          Start Challenge
+          {loading ? 'Starting...' : 'Start Challenge'}
         </button>
       ) : (
-        <div className="mt-4">
-          <h4 className="text-lg font-semibold">SSH Details:</h4>
-          <p>Host: {sshDetails.host}</p>
-          <p>Port: {sshDetails.port}</p>
-          <p>Username: {sshDetails.username}</p>
-          <p>Password: {sshDetails.password}</p>
-          <div className="mt-4">
+        <div className="mt-4 space-y-4">
+          <div className="bg-gray-50 p-4 rounded">
+            <h4 className="text-lg font-semibold mb-2">Connection Details:</h4>
+            <div className="space-y-1 text-sm">
+              <p>Container ID: {containerDetails.container}</p>
+              <p>Port: {containerDetails.port}</p>
+              <p>Status: {containerDetails.status}</p>
+            </div>
+          </div>
+
+          <div className="space-y-2">
             <input
               type="text"
               value={flag}
               onChange={(e) => setFlag(e.target.value)}
               placeholder="Enter flag"
-              className="input"
+              className="w-full p-2 border rounded focus:ring-2 focus:ring-blue-500"
+              disabled={loading}
             />
             <button
               onClick={handleSubmitFlag}
-              className="mt-2 px-4 py-2 bg-green-500 text-white rounded hover:bg-green-600"
+              disabled={loading}
+              className={`w-full px-4 py-2 rounded ${
+                loading
+                  ? 'bg-gray-400 cursor-not-allowed'
+                  : 'bg-green-500 hover:bg-green-600'
+              } text-white`}
             >
-              Submit Flag
+              {loading ? 'Submitting...' : 'Submit Flag'}
             </button>
           </div>
         </div>
@@ -77,10 +114,11 @@ function ChallengeCard({ challenge }) {
 ChallengeCard.propTypes = {
   challenge: PropTypes.shape({
     id: PropTypes.number.isRequired,
-    name: PropTypes.string.isRequired,
+    title: PropTypes.string.isRequired,
     description: PropTypes.string.isRequired,
-    points: PropTypes.number.isRequired,
+    category: PropTypes.string.isRequired,
+    max_points: PropTypes.number.isRequired,
   }).isRequired,
 };
 
-export default ChallengeCard;
\ No newline at end of file
+export default ChallengeCard;
diff --git a/frontend/src/components/Navbar.jsx b/frontend/src/components/Navbar.jsx
index 03cce5a..956fa4a 100644
--- a/frontend/src/components/Navbar.jsx
+++ b/frontend/src/components/Navbar.jsx
@@ -8,7 +8,6 @@ function Navbar() {
 
   const handleLogout = () => {
     logout();
-    navigate('/');
   };
 
   return (
@@ -45,7 +44,7 @@ function Navbar() {
                     Admin
                   </Link>
                 )}
-                <button onClick={handleLogout} className="hover:text-gray-300">
+                <button onClick={logout} className="hover:text-gray-300">
                   Logout
                 </button>
               </>
@@ -69,4 +68,4 @@ function Navbar() {
   );
 }
 
-export default Navbar;
\ No newline at end of file
+export default Navbar;
diff --git a/frontend/src/components/ProtectedRoute.jsx b/frontend/src/components/ProtectedRoute.jsx
index 0670d66..b3715a6 100644
--- a/frontend/src/components/ProtectedRoute.jsx
+++ b/frontend/src/components/ProtectedRoute.jsx
@@ -1,24 +1,24 @@
 import React from 'react';
-import { Navigate } from 'react-router-dom';
+import { Navigate, useLocation } from 'react-router-dom';
 import { useAuth } from '../hooks/useAuth';
 
 function ProtectedRoute({ children, requireAdmin }) {
   const { isAuthenticated, user } = useAuth();
-  const isAdmin = user?.isAdmin;
+  const location = useLocation();
 
   if (!isAuthenticated) {
-    return <Navigate to={requireAdmin ? "/admin/login" : "/login"} replace />;
+    return <Navigate to="/login" state={{ from: location }} replace />;
   }
 
-  if (requireAdmin && !isAdmin) {
+  if (requireAdmin && !user?.isAdmin) {
     return <Navigate to="/challenges" replace />;
   }
 
-  if (!requireAdmin && isAdmin) {
+  if (!requireAdmin && user?.isAdmin) {
     return <Navigate to="/admin/dashboard" replace />;
   }
 
   return children;
 }
 
-export default ProtectedRoute;
\ No newline at end of file
+export default ProtectedRoute;
diff --git a/frontend/src/components/TeamCard.jsx b/frontend/src/components/TeamCard.jsx
index b5821af..0cd6858 100644
--- a/frontend/src/components/TeamCard.jsx
+++ b/frontend/src/components/TeamCard.jsx
@@ -1,19 +1,14 @@
 import React from 'react';
 import PropTypes from 'prop-types';
-import { useAuth } from '../hooks/useAuth';
 import { joinTeam } from '../api/teams';
 
-function TeamCard({ team }) {
-  const { user } = useAuth();
-
+function TeamCard({ team, onJoinSuccess }) {
   const handleJoinTeam = async () => {
     try {
-      await joinTeam(team.id, user.token);
-      alert('Successfully joined the team!');
-      // Optionally, you can refresh the team list or update the UI accordingly
+      await joinTeam(team.id);
+      onJoinSuccess?.();
     } catch (error) {
       console.error('Failed to join team:', error);
-      alert('Failed to join the team. Please try again.');
     }
   };
 
@@ -37,11 +32,12 @@ function TeamCard({ team }) {
 
 TeamCard.propTypes = {
   team: PropTypes.shape({
+    id: PropTypes.number.isRequired,
     name: PropTypes.string.isRequired,
     members: PropTypes.arrayOf(PropTypes.string).isRequired,
     score: PropTypes.number.isRequired,
-    id: PropTypes.number.isRequired,
   }).isRequired,
+  onJoinSuccess: PropTypes.func,
 };
 
-export default TeamCard;
\ No newline at end of file
+export default TeamCard;
diff --git a/frontend/src/context/AuthContext.jsx b/frontend/src/context/AuthContext.jsx
index b3ccbe6..e2f9da1 100644
--- a/frontend/src/context/AuthContext.jsx
+++ b/frontend/src/context/AuthContext.jsx
@@ -1,105 +1,55 @@
 import React, { createContext, useState, useEffect } from 'react';
 import { jwtDecode } from 'jwt-decode';
 import { register, login } from '../api/auth'; // Ensure these imports are correct
+import { useNavigate } from 'react-router-dom';
+import apiClient from '../api/apiClient';
 
 export const AuthContext = createContext();
 
 export const AuthProvider = ({ children }) => {
   const [user, setUser] = useState(null);
-  const [token, setToken] = useState({
-    access: null,
-    refresh: null,
-  });
 
   useEffect(() => {
-    const storedToken = JSON.parse(localStorage.getItem('token'));
-    if (storedToken && isTokenValid(storedToken.access)) {
-      setToken(storedToken);
-      setUser(parseToken(storedToken.access));
-    } else {
-      localStorage.removeItem('token');
-      setUser(null);
+    const token = localStorage.getItem('token');
+    if (token) {
+      try {
+        const decoded = jwtDecode(token);
+        if (decoded.exp > Date.now() / 1000) {
+          setUser(decoded.user);
+          apiClient.defaults.headers.Authorization = `Bearer ${token}`;
+        } else {
+          handleLogout();
+        }
+      } catch (error) {
+        handleLogout();
+      }
     }
   }, []);
 
-  const parseToken = (token) => {
+  const handleLogin = async (credentials) => {
     try {
-      const decoded = jwtDecode(token);
-      return {
-        token,
-        id: decoded.user.id,
-        email: decoded.user.email,
-        username: decoded.user.username,
-        isAdmin: decoded.user.isAdmin,
-        isVerified: decoded.user.isVerified,
-        teamId: decoded.user.teamId || null,
-      };
+      const { data } = await apiClient.post('/auth/login', credentials);
+      localStorage.setItem('token', data.token);
+      apiClient.defaults.headers.Authorization = `Bearer ${data.token}`;
+      setUser(jwtDecode(data.token).user);
     } catch (error) {
-      console.error('Error parsing token:', error);
-      return null;
-    }
-  };
-
-  const login = (response) => {
-    const { access } = response;
-    const decodedAccess = jwtDecode(access);
-    const user = {
-      token: access,
-      id: decodedAccess.user.id,
-      email: decodedAccess.user.email,
-      username: decodedAccess.user.username,
-      isAdmin: decodedAccess.user.isAdmin,
-      isVerified: decodedAccess.user.isVerified,
-      teamId: decodedAccess.user.teamId || null,
-    };
-
-    // console.log('User:', user);
-    if (isTokenValid(access)) {
-      localStorage.setItem('token', JSON.stringify({ access }));
-      setToken({ access });
-      setUser(user);
-    } else {
-      console.error('Invalid token on login');
-      logout();
+      throw error;
     }
   };
 
-  const logout = () => {
+  const handleLogout = () => {
     localStorage.removeItem('token');
-    setToken({ access: null });
+    delete apiClient.defaults.headers.Authorization;
     setUser(null);
   };
 
-  const isTokenValid = (token) => {
-    try {
-      const decoded = jwtDecode(token);
-      return decoded.exp > Date.now() / 1000;
-    } catch (error) {
-      console.error('Invalid token:', error);
-      return false;
-    }
-  };
-
-  const signup = async (data) => {
-    try {
-      const response = await register(data.username, data.email, data.password);
-      login(response);
-    } catch (error) {
-      console.error('Signup error:', error);
-      throw error;
-    }
-  };
-
-  const isAuthenticated = !!user;
-
   return (
     <AuthContext.Provider
       value={{
         user,
-        login,
-        logout,
-        signup,
-        isAuthenticated,
+        isAuthenticated: !!user,
+        login: handleLogin,
+        logout: handleLogout,
       }}
     >
       {children}

From 51e2af9ca36b5821352dcfc51698f5d35b3444bd Mon Sep 17 00:00:00 2001
From: Vatsal <vjg239@gmail.com>
Date: Sun, 19 Jan 2025 21:06:12 +0530
Subject: [PATCH 2/7] Backend : Team signup and admin challenges

---
 backend/atlas_backend/auth.py                |  11 +
 backend/atlas_backend/models.py              |  27 +-
 backend/atlas_backend/serializers.py         |  33 +-
 backend/atlas_backend/urls.py                |  25 +-
 backend/atlas_backend/views.py               | 456 +++++++++++++--
 backend/backend/settings.py                  |  42 +-
 frontend/src/App.jsx                         |  84 +--
 frontend/src/api/auth.js                     |  28 +-
 frontend/src/api/challenges.js               |  96 +++-
 frontend/src/api/config.js                   |  58 +-
 frontend/src/api/teams.js                    |  10 +
 frontend/src/api/user.js                     |  15 +-
 frontend/src/components/AdminRoute.jsx       |  19 +
 frontend/src/components/ChallengeCard.jsx    | 135 +----
 frontend/src/components/Navbar.jsx           |  55 +-
 frontend/src/components/ProtectedRoute.jsx   |  13 +-
 frontend/src/context/AuthContext.jsx         |  90 ++-
 frontend/src/hooks/useAuth.js                |  23 +-
 frontend/src/pages/Challenges.jsx            |  92 ++-
 frontend/src/pages/Home.jsx                  |   1 +
 frontend/src/pages/Login.jsx                 |  63 ++-
 frontend/src/pages/Register.jsx              | 200 +++++--
 frontend/src/pages/Scoreboard.jsx            |   6 +-
 frontend/src/pages/TeamProfile.jsx           |  76 +++
 frontend/src/pages/admin/AdminChallenges.jsx | 116 ++++
 frontend/src/pages/admin/AdminLogin.jsx      |  41 +-
 frontend/src/pages/admin/ChallengeDetail.jsx | 466 +++++++++------
 frontend/src/pages/admin/Challenges.jsx      | 246 ++------
 frontend/src/pages/admin/CreateChallenge.jsx | 567 ++++++++-----------
 frontend/src/pages/user/UserProfile.jsx      | 110 +---
 30 files changed, 1927 insertions(+), 1277 deletions(-)
 create mode 100644 backend/atlas_backend/auth.py
 create mode 100644 frontend/src/components/AdminRoute.jsx
 create mode 100644 frontend/src/pages/TeamProfile.jsx
 create mode 100644 frontend/src/pages/admin/AdminChallenges.jsx

diff --git a/backend/atlas_backend/auth.py b/backend/atlas_backend/auth.py
new file mode 100644
index 0000000..6797d05
--- /dev/null
+++ b/backend/atlas_backend/auth.py
@@ -0,0 +1,11 @@
+from rest_framework_simplejwt.authentication import JWTAuthentication
+from rest_framework_simplejwt.exceptions import InvalidToken
+from .models import User
+
+class CustomJWTAuthentication(JWTAuthentication):
+    def get_user(self, validated_token):
+        try:
+            user_id = validated_token['user_id']
+            return User.objects.get(id=user_id)
+        except (KeyError, User.DoesNotExist):
+            raise InvalidToken('Token contained no recognizable user identification') 
\ No newline at end of file
diff --git a/backend/atlas_backend/models.py b/backend/atlas_backend/models.py
index 6a5c8bb..f85b146 100644
--- a/backend/atlas_backend/models.py
+++ b/backend/atlas_backend/models.py
@@ -1,6 +1,8 @@
 from django.db import models
 from django.contrib.auth.models import AbstractUser, BaseUserManager, Group
 from django.core.validators import MinValueValidator
+from django.contrib.auth.hashers import make_password, check_password
+from django.db.models import CharField, TextField, IntegerField, BooleanField, DateTimeField
 
 class CustomUserManager(BaseUserManager):
     def create_user(self, email, password=None, **extra_fields):
@@ -36,10 +38,18 @@ class Team(models.Model):
     challenges = models.ManyToManyField("Challenge", blank=True)
     created_at = models.DateTimeField(auto_now_add=True)
     updated_at = models.DateTimeField(auto_now=True)
+    password = models.CharField(max_length=128, default=make_password('default_password'))
+    team_email = models.EmailField(unique=True, default='team@example.com')
 
     def __str__(self):
         return self.name
 
+    def set_password(self, raw_password):
+        self.password = make_password(raw_password)
+
+    def check_password(self, raw_password):
+        return check_password(raw_password, self.password)
+
 class User(AbstractUser):
     email = models.EmailField(unique=True)
     team = models.ForeignKey(Team, on_delete=models.SET_NULL, null=True, blank=True, related_name="members")
@@ -58,12 +68,12 @@ def has_role(self, role_name):
 
 class Challenge(models.Model):
     CATEGORY_CHOICES = [
-        ("web", "Web"),
-        ("crypto", "Cryptography"), 
-        ("pwn", "Binary Exploitation"),
-        ("reverse", "Reverse Engineering"),
-        ("forensics", "Forensics"),
-        ("misc", "Miscellaneous"),
+        ('web', 'Web'),
+        ('crypto', 'Cryptography'),
+        ('pwn', 'Binary Exploitation'),
+        ('reverse', 'Reverse Engineering'),
+        ('forensics', 'Forensics'),
+        ('misc', 'Miscellaneous'),
     ]
 
     title = models.CharField(max_length=200, unique=True)
@@ -75,6 +85,9 @@ class Challenge(models.Model):
     max_team_size = models.IntegerField(default=4)
     created_at = models.DateTimeField(auto_now_add=True)
     updated_at = models.DateTimeField(auto_now=True)
+    is_hidden = models.BooleanField(default=False)
+    hints = models.JSONField(default=list, blank=True)
+    file_links = models.JSONField(default=list, blank=True)
 
     def __str__(self):
         return self.title
@@ -103,7 +116,7 @@ def __str__(self):
 class Submission(models.Model):
     team = models.ForeignKey(Team, on_delete=models.CASCADE, related_name="submissions")
     challenge = models.ForeignKey(Challenge, on_delete=models.CASCADE, related_name="submissions")
-    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='submissions')
+    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='submissions', default=1)
     flag_submitted = models.CharField(max_length=200, default="")
     is_correct = models.BooleanField(default=False)
     points_awarded = models.IntegerField(validators=[MinValueValidator(0)])
diff --git a/backend/atlas_backend/serializers.py b/backend/atlas_backend/serializers.py
index f2ca119..1a2929c 100644
--- a/backend/atlas_backend/serializers.py
+++ b/backend/atlas_backend/serializers.py
@@ -17,34 +17,21 @@ def create(self, validated_data):
 
 class ChallengeSerializer(serializers.ModelSerializer):
     is_solved = serializers.SerializerMethodField()
-    attempts = serializers.SerializerMethodField()
 
     class Meta:
         model = Challenge
-        fields = [
-            'id', 
-            'title', 
-            'description', 
-            'category', 
-            'max_points',
-            'max_team_size', 
-            'docker_image', 
-            'is_solved', 
-            'attempts',
-            'created_at',
-            'updated_at'
-        ]
-        extra_kwargs = {
-            'flag': {'write_only': True}  # Never expose flag in API responses
-        }
+        fields = ['id', 'name', 'description', 'points', 'category', 
+                 'difficulty', 'is_solved']
 
     def get_is_solved(self, obj):
-        team = self.context.get('user_team')
-        return team and obj.submissions.filter(team=team, is_correct=True).exists()
-
-    def get_attempts(self, obj):
-        team = self.context.get('user_team')
-        return team and obj.submissions.filter(team=team).count() or 0
+        user_team = self.context.get('user_team')
+        if not user_team:
+            return False
+        return Submission.objects.filter(
+            team=user_team,
+            challenge=obj,
+            is_correct=True
+        ).exists()
 
 class TeamSerializer(serializers.ModelSerializer):
     members = UserSerializer(many=True, read_only=True)
diff --git a/backend/atlas_backend/urls.py b/backend/atlas_backend/urls.py
index a651433..7445bee 100644
--- a/backend/atlas_backend/urls.py
+++ b/backend/atlas_backend/urls.py
@@ -1,30 +1,33 @@
 # backend/atlas_backend/urls.py
 from django.urls import path
 from . import views
+from rest_framework_simplejwt.views import TokenRefreshView
 
 urlpatterns = [
     # Auth routes
     path('auth/register', views.signup, name='signup'),
     path('auth/login', views.signin, name='signin'),
-    path('auth/forgot-password', views.request_password_reset, name='request_password_reset'),
-    path('auth/reset-password', views.reset_password, name='reset_password'),
+    path('auth/refresh', views.token_refresh, name='token_refresh'),
     
     # Challenge routes
     path('challenges', views.get_challenges, name='get_challenges'),
     path('challenges/<int:challenge_id>/submit', views.submit_flag, name='submit_flag'),
-    path('challenges/<int:challenge_id>/start', views.start_challenge, name='start_challenge'),
     
     # Team routes
     path('teams', views.get_teams, name='get_teams'),
-    path('teams/create', views.create_team, name='create_team'),
-    path('teams/join', views.join_team, name='join_team'),
-    path('teams/leave', views.leave_team, name='leave_team'),
+    path('teams/profile', views.team_profile, name='team_profile'),
     
     # Scoreboard route
     path('scoreboard', views.get_scoreboard, name='get_scoreboard'),
-    
-    # User routes
-    path('user/update-info', views.update_user_info, name='update_user_info'),
-    path('user/profile', views.get_user_profile, name='get_user_profile'),
-    path('user/team/history', views.get_team_history, name='get_team_history'),
+    path('auth/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
+
+    # Admin routes
+    path('auth/admin/login', views.admin_login, name='admin_login'),
+    path('challenges/admin', views.admin_get_challenges, name='admin_get_challenges'),
+    path('challenges/create', views.create_challenge, name='create_challenge'),
+    path('challenges/<int:challenge_id>/update', views.update_challenge, name='update_challenge'),
+    path('challenges/<int:challenge_id>/delete', views.delete_challenge, name='delete_challenge'),
+    path('challenges/<int:challenge_id>', views.get_challenge_detail, name='get_challenge_by_id'),
+
+
 ]
diff --git a/backend/atlas_backend/views.py b/backend/atlas_backend/views.py
index dfa979b..2253391 100644
--- a/backend/atlas_backend/views.py
+++ b/backend/atlas_backend/views.py
@@ -7,75 +7,168 @@
 from datetime import datetime, timedelta
 import jwt
 from django.core.mail import send_mail
+from django.contrib.auth.hashers import make_password, check_password
 
 from rest_framework import status
 from rest_framework.decorators import api_view, permission_classes
 from rest_framework.response import Response
-from rest_framework.permissions import AllowAny, IsAuthenticated
-from rest_framework_simplejwt.tokens import RefreshToken
+from rest_framework.permissions import AllowAny, IsAuthenticated, IsAdminUser
+from rest_framework_simplejwt.tokens import RefreshToken, AccessToken
 
 from .models import User, Challenge, Submission, Team, Container
 from .serializers import SignupSerializer, ChallengeSerializer, TeamSerializer, SubmissionSerializer, UserSerializer
 
+import logging
+
+logger = logging.getLogger('atlas_backend')
+
 @api_view(['POST'])
 @permission_classes([AllowAny])
 def signup(request):
-    serializer = SignupSerializer(data=request.data)
-    if serializer.is_valid():
-        user = serializer.save()
-        refresh = RefreshToken.for_user(user)
-        
-        refresh['user'] = {
-            'id': user.id,
-            'email': user.email,
-            'username': user.username,
-            'isAdmin': user.is_staff,
-            'teamId': user.team.id if user.team else None
-        }
+    data = request.data
+    try:
+        # Create team first
+        team = Team.objects.create(
+            name=data['teamName'],
+            team_email=data['teamEmail'],
+            team_size=3,
+            password=make_password(data['password'])
+        )
+
+        # Create users for all team members
+        users = []
         
+        # Create required first member
+        member1 = User.objects.create_user(
+            username=data['member1Name'],
+            email=data['member1Email'],
+            password=data['password'],
+            team=team
+        )
+        users.append(member1)
+
+        # Create optional members if provided
+        if data.get('member2Email'):
+            member2 = User.objects.create_user(
+                username=data['member2Name'],
+                email=data['member2Email'],
+                password=data['password'],
+                team=team
+            )
+            users.append(member2)
+
+        if data.get('member3Email'):
+            member3 = User.objects.create_user(
+                username=data['member3Name'],
+                email=data['member3Email'],
+                password=data['password'],
+                team=team
+            )
+            users.append(member3)
+
+        # Generate token based on first team member
+        refresh = RefreshToken.for_user(member1)
+        refresh['team_id'] = team.id
+        refresh['team_name'] = team.name
+        refresh['team_email'] = team.team_email
+        refresh['member_count'] = len(users)
+        refresh['member_emails'] = [user.email for user in users]
+
         return Response({
             'refresh': str(refresh),
             'access': str(refresh.access_token),
         }, status=status.HTTP_201_CREATED)
-    return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    except Exception as e:
+        return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)
 
 @api_view(['POST'])
 @permission_classes([AllowAny])
 def signin(request):
-    email = request.data.get('email')
+    team_name = request.data.get('teamName')
     password = request.data.get('password')
     
-    if not email or not password:
-        return Response({'error': 'Email and password are required'}, status=status.HTTP_400_BAD_REQUEST)
+    if not team_name or not password:
+        return Response(
+            {'error': 'Team name and password are required'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
     
-    user = authenticate(email=email, password=password)
-    if user:
-        refresh = RefreshToken.for_user(user)
+    try:
+        team = Team.objects.get(name=team_name)
+        if not check_password(password, team.password):
+            raise Team.DoesNotExist
+
+        # Get the first team member as the "main" user for authentication
+        team_member = User.objects.filter(team=team).first()
+        if not team_member:
+            return Response(
+                {'error': 'No team members found'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        team_members = User.objects.filter(team=team)
+            
+        refresh = RefreshToken.for_user(team_member)
         
-        refresh['user'] = {
-            'id': user.id,
-            'email': user.email,
-            'username': user.username,
-            'isAdmin': user.is_staff,
-            'teamId': user.team.id if user.team else None
-        }
+        # Add required claims
+        refresh['user_id'] = team_member.id
+        refresh['username'] = team_member.username
+        refresh['email'] = team_member.email
+        
+        # Add custom team claims
+        refresh['team_id'] = team.id
+        refresh['team_name'] = team.name
+        refresh['team_email'] = team.team_email
+        refresh['member_count'] = team_members.count()
+        refresh['member_emails'] = [member.email for member in team_members]
+        
+        logger.info('Generated token with payload: %s', {
+            'user_id': team_member.id,
+            'username': team_member.username,
+            'email': team_member.email,
+            'team_id': team.id,
+            'team_name': team.name,
+            'team_email': team.team_email,
+            'member_count': team_members.count(),
+        })
         
         return Response({
-            'refresh': str(refresh),
             'access': str(refresh.access_token),
+            'refresh': str(refresh),
         })
-    return Response({'error': 'Invalid credentials'}, status=status.HTTP_401_UNAUTHORIZED)
+    except Team.DoesNotExist:
+        return Response(
+            {'error': 'Invalid credentials'},
+            status=status.HTTP_401_UNAUTHORIZED
+        )
 
 @api_view(['GET'])
 @permission_classes([IsAuthenticated])
 def get_challenges(request):
-    challenges = Challenge.objects.all()
-    serializer = ChallengeSerializer(
-        challenges, 
-        many=True,
-        context={'user_team': request.user.team}
+    logger.info("=== GET /challenges ===")
+    logger.info(f"Auth header: {request.headers.get('Authorization')}")
+    logger.info(f"User: {request.user}")
+    logger.info(f"Is authenticated: {request.user.is_authenticated}")
+    
+    # Fetch only non-hidden challenges
+    challenges = Challenge.objects.filter(is_hidden=False).values(
+        'id',
+        'title',
+        'description',
+        'category',
+        'max_points',
+        'hints',
+        'file_links',
+        'docker_image'
     )
-    return Response(serializer.data)
+    
+    # Convert QuerySet to list for JSON serialization
+    challenges_list = list(challenges)
+    
+    logger.info(f"Challenges: {challenges_list}")
+    
+    return Response(challenges_list)
 
 @api_view(['POST'])
 @permission_classes([IsAuthenticated])
@@ -393,31 +486,24 @@ def reset_password(request):
 @api_view(['POST'])
 @permission_classes([IsAuthenticated])
 def create_challenge(request):
-    if not request.user.is_staff:
+    # Check if user is superuser
+    if not request.user.is_superuser:
         return Response(
-            {'error': 'Only administrators can create challenges'},
+            {"error": "Only administrators can create challenges"}, 
             status=status.HTTP_403_FORBIDDEN
         )
     
     try:
         data = request.data
-        required_fields = ['title', 'description', 'category', 'docker_image', 'flag', 'max_points']
         
         # Validate required fields
-        missing_fields = [field for field in required_fields if not data.get(field)]
-        if missing_fields:
-            return Response(
-                {'error': f'Missing required fields: {", ".join(missing_fields)}'},
-                status=status.HTTP_400_BAD_REQUEST
-            )
-
-        # Validate category
-        valid_categories = dict(Challenge.CATEGORY_CHOICES)
-        if data['category'] not in valid_categories:
-            return Response(
-                {'error': f'Invalid category. Valid categories are: {", ".join(valid_categories.keys())}'},
-                status=status.HTTP_400_BAD_REQUEST
-            )
+        required_fields = ['title', 'description', 'category', 'docker_image', 'flag', 'max_points']
+        for field in required_fields:
+            if not data.get(field):
+                return Response(
+                    {"error": f"{field} is required"}, 
+                    status=status.HTTP_400_BAD_REQUEST
+                )
 
         # Create challenge
         challenge = Challenge.objects.create(
@@ -427,22 +513,71 @@ def create_challenge(request):
             docker_image=data['docker_image'],
             flag=data['flag'],
             max_points=int(data['max_points']),
-            max_team_size=int(data.get('max_team_size', 4))
+            max_team_size=3,  # Fixed as 3
+            is_hidden=data.get('is_hidden', False),
+            hints=data.get('hints', []),
+            file_links=data.get('file_links', [])
         )
 
+        return Response({
+            "message": "Challenge created successfully",
+            "challenge_id": challenge.id
+        }, status=status.HTTP_201_CREATED)
+
+    except Exception as e:
         return Response(
-            ChallengeSerializer(challenge).data,
-            status=status.HTTP_201_CREATED
+            {"error": "Failed to create challenge"}, 
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
         )
 
-    except ValueError as e:
+@api_view(['PATCH'])
+@permission_classes([IsAdminUser])
+def update_challenge(request, challenge_id):
+    try:
+        challenge = Challenge.objects.get(id=challenge_id)
+        data = request.data
+
+        # Update fields if they exist in request
+        fields = [
+            'title', 'description', 'category', 'docker_image',
+            'flag', 'max_points', 'is_hidden', 'hints', 'file_links'
+        ]
+        
+        for field in fields:
+            if field in data:
+                setattr(challenge, field, data[field])
+
+        challenge.save()
+        return Response({"message": "Challenge updated successfully"})
+        
+    except Challenge.DoesNotExist:
         return Response(
-            {'error': 'Invalid numeric value provided'},
-            status=status.HTTP_400_BAD_REQUEST
+            {"error": "Challenge not found"}, 
+            status=status.HTTP_404_NOT_FOUND
         )
     except Exception as e:
+        logger.error(f"Error updating challenge: {str(e)}")
         return Response(
-            {'error': str(e)},
+            {"error": "Failed to update challenge"}, 
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
+        )
+
+@api_view(['DELETE'])
+@permission_classes([IsAdminUser])
+def delete_challenge(request, challenge_id):
+    try:
+        challenge = Challenge.objects.get(id=challenge_id)
+        challenge.delete()
+        logger.info(f"Challenge {challenge_id} deleted successfully")
+        return Response({"message": "Challenge deleted successfully"}, status=status.HTTP_200_OK)
+        
+    except Challenge.DoesNotExist:
+        logger.error(f"Challenge {challenge_id} not found")
+        return Response({"error": "Challenge not found"}, status=status.HTTP_404_NOT_FOUND)
+    except Exception as e:
+        logger.error(f"Error deleting challenge {challenge_id}: {str(e)}")
+        return Response(
+            {"error": "An error occurred while deleting the challenge"}, 
             status=status.HTTP_500_INTERNAL_SERVER_ERROR
         )
 
@@ -469,4 +604,203 @@ def get_team_history(request):
     
     submissions = Submission.objects.filter(team=request.user.team)
     serializer = SubmissionSerializer(submissions, many=True)
-    return Response(serializer.data)
\ No newline at end of file
+    return Response(serializer.data)
+
+@api_view(['GET'])
+@permission_classes([IsAuthenticated])
+def team_profile(request):
+    try:
+        # Get token from authorization header
+        auth_header = request.headers.get('Authorization')
+        if not auth_header or not auth_header.startswith('Bearer '):
+            return Response({'error': 'No token provided'}, status=status.HTTP_401_UNAUTHORIZED)
+        
+        # Extract token and decode it
+        token = auth_header.split(' ')[1]
+        decoded_token = AccessToken(token)
+        
+        # Get team info from token
+        team_id = decoded_token['team_id']
+        team_name = decoded_token['team_name']
+        team_email = decoded_token['team_email']
+        member_count = decoded_token['member_count']
+        member_emails = decoded_token['member_emails']
+        
+        # Get team from database using team_id from token
+        team = Team.objects.get(id=team_id)
+        
+        # Get team members using team_id
+        team_members = User.objects.filter(team_id=team_id)
+        
+        # Get team statistics
+        solved_challenges = Challenge.objects.filter(
+            submissions__team=team,
+            submissions__is_correct=True
+        ).distinct().count()
+        
+        # Get total score
+        total_score = team.submissions.filter(is_correct=True).aggregate(
+            total=Sum('challenge__points')
+        )['total'] or 0
+        
+        # Get team rank
+        teams_ranking = Team.objects.annotate(
+            score=Sum('submissions__challenge__points', 
+                     filter=Q(submissions__is_correct=True))
+        ).order_by('-score')
+        team_rank = list(teams_ranking.values_list('id', flat=True)).index(team_id) + 1
+        
+        # Get recent activity
+        recent_submissions = team.submissions.filter(
+            is_correct=True
+        ).order_by('-submitted_at')[:5]
+        
+        response_data = {
+            'id': team_id,
+            'name': team_name,
+            'team_email': team_email,
+            'members': [{
+                'id': member.id,
+                'username': member.username,
+                'email': member.email
+            } for member in team_members],
+            'total_score': total_score,
+            'solved_challenges': solved_challenges,
+            'rank': team_rank,
+            'recent_activity': [{
+                'id': sub.id,
+                'challenge_name': sub.challenge.name,
+                'points': sub.challenge.points,
+                'solved_at': sub.submitted_at.isoformat()
+            } for sub in recent_submissions]
+        }
+        
+        return Response(response_data)
+        
+    except Exception as e:
+        print(f"Error in team_profile: {str(e)}")
+        return Response(
+            {'error': str(e)}, 
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
+        )
+
+@api_view(['POST'])
+@permission_classes([AllowAny])
+def token_refresh(request):
+    try:
+        refresh_token = request.data.get('refresh')
+        if not refresh_token:
+            return Response(
+                {'error': 'Refresh token required'}, 
+                status=status.HTTP_400_BAD_REQUEST
+            )
+            
+        refresh = RefreshToken(refresh_token)
+        return Response({
+            'access': str(refresh.access_token),
+        })
+    except Exception as e:
+        return Response(
+            {'error': str(e)}, 
+            status=status.HTTP_401_UNAUTHORIZED
+        )
+
+@api_view(['POST'])
+@permission_classes([AllowAny])
+def admin_login(request):
+    try:
+        email = request.data.get('email')
+        password = request.data.get('password')
+        
+        # Get superuser by email
+        user = User.objects.get(email=email, is_superuser=True)
+        
+        if not user.check_password(password):
+            raise User.DoesNotExist
+
+        refresh = RefreshToken.for_user(user)
+        
+        # Add admin claims to token
+        refresh['is_admin'] = True
+        refresh['email'] = user.email
+        refresh['user_id'] = user.id
+
+        return Response({
+            'access': str(refresh.access_token),
+            'refresh': str(refresh),
+        })
+        
+    except User.DoesNotExist:
+        return Response(
+            {'error': 'Invalid admin credentials'}, 
+            status=status.HTTP_401_UNAUTHORIZED
+        )
+    except Exception as e:
+        return Response(
+            {'error': 'Login failed'}, 
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
+        )
+
+@api_view(['GET'])
+@permission_classes([IsAuthenticated])
+def admin_get_challenges(request):
+    # Check if user is superuser
+    if not request.user.is_superuser:
+        return Response(
+            {"error": "Only administrators can access this"}, 
+            status=status.HTTP_403_FORBIDDEN
+        )
+    
+    try:
+        challenges = Challenge.objects.all()
+        data = []
+        for challenge in challenges:
+            data.append({
+                'id': challenge.id,
+                'title': challenge.title,
+                'description': challenge.description,
+                'category': challenge.category,
+                'docker_image': challenge.docker_image,
+                'flag': challenge.flag,
+                'max_points': challenge.max_points,
+                'max_team_size': challenge.max_team_size,
+                'is_hidden': challenge.is_hidden,
+                'hints': challenge.hints,
+                'file_links': challenge.file_links,
+                'created_at': challenge.created_at,
+                'updated_at': challenge.updated_at
+            })
+        return Response(data)
+    except Exception as e:
+        return Response(
+            {"error": "Failed to fetch challenges"}, 
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
+        )
+
+@api_view(['GET'])
+@permission_classes([IsAdminUser])
+def get_challenge_detail(request, challenge_id):
+    try:
+        challenge = Challenge.objects.get(id=challenge_id)
+        data = {
+            'id': challenge.id,
+            'title': challenge.title,
+            'description': challenge.description,
+            'category': challenge.category,
+            'docker_image': challenge.docker_image,
+            'flag': challenge.flag,
+            'max_points': challenge.max_points,
+            'max_team_size': challenge.max_team_size,
+            'created_at': challenge.created_at,
+            'updated_at': challenge.updated_at,
+            'is_hidden': challenge.is_hidden,
+            'hints': challenge.hints,
+            'file_links': challenge.file_links
+        }
+        return Response(data)
+    except Challenge.DoesNotExist:
+        return Response(
+            {"error": "Challenge not found"}, 
+            status=status.HTTP_404_NOT_FOUND
+        )
+
diff --git a/backend/backend/settings.py b/backend/backend/settings.py
index 3f00863..d8f116b 100644
--- a/backend/backend/settings.py
+++ b/backend/backend/settings.py
@@ -58,6 +58,14 @@
 
 
 CORS_ALLOW_ALL_ORIGINS = True
+CORS_ALLOW_CREDENTIALS = True
+CORS_ALLOWED_ORIGINS = [
+    "http://localhost:3000",  # React development server
+]
+
+CSRF_TRUSTED_ORIGINS = [
+    "http://localhost:3000",  # React development server
+]
 
 ROOT_URLCONF = "backend.urls"
 
@@ -94,22 +102,34 @@
     "django.contrib.auth.backends.ModelBackend",
 ]
 
-# JWT Authentication settings
+# REST Framework settings
 REST_FRAMEWORK = {
-    "DEFAULT_AUTHENTICATION_CLASSES": [
-        "rest_framework_simplejwt.authentication.JWTAuthentication",
-    ],
-    "DEFAULT_PERMISSION_CLASSES": [
-        "rest_framework.permissions.IsAuthenticated",
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'atlas_backend.auth.CustomJWTAuthentication',
+    ),
+    'DEFAULT_PERMISSION_CLASSES': (
+        'rest_framework.permissions.IsAuthenticated',
+    ),
+    'DEFAULT_PARSER_CLASSES': [
+        'rest_framework.parsers.JSONParser',
+        'rest_framework.parsers.FormParser',
+        'rest_framework.parsers.MultiPartParser'
     ],
 }
 
+# JWT settings
 SIMPLE_JWT = {
-    "ACCESS_TOKEN_LIFETIME": timedelta(minutes=15),  # Adjust as needed
-    "REFRESH_TOKEN_LIFETIME": timedelta(days=1),
-    "ALGORITHM": "HS256",
-    "SIGNING_KEY": django.conf.settings.SECRET_KEY,  # Use django.conf.settings instead
-    "AUTH_HEADER_TYPES": ("Bearer",),
+    'ACCESS_TOKEN_LIFETIME': timedelta(minutes=60),
+    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),
+    'ALGORITHM': 'HS256',
+    'SIGNING_KEY': SECRET_KEY,
+    'AUTH_HEADER_TYPES': ('Bearer',),
+    'USER_ID_FIELD': 'id',
+    'USER_ID_CLAIM': 'user_id',
+    'TOKEN_TYPE_CLAIM': 'token_type',
+    'JTI_CLAIM': 'jti',
+    'TOKEN_USER_CLASS': 'atlas_backend.models.User',
+    'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
 }
 
 # Password validation
diff --git a/frontend/src/App.jsx b/frontend/src/App.jsx
index 89df2d3..4a7008d 100644
--- a/frontend/src/App.jsx
+++ b/frontend/src/App.jsx
@@ -22,6 +22,8 @@ import AdminChallengeDetail from './pages/admin/ChallengeDetail';
 import CreateChallenge from './pages/admin/CreateChallenge';
 import AdminLogin from './pages/admin/AdminLogin';
 import UserProfile from './pages/user/UserProfile';
+import TeamProfile from './pages/TeamProfile';
+import AdminRoute from './components/AdminRoute';
 
 function App() {
   return (
@@ -30,68 +32,74 @@ function App() {
       <ErrorBoundary>
         <main className="flex-grow container mx-auto px-4 py-8">
           <Routes>
+            {/* Public routes */}
             <Route path="/" element={<Home />} />
             <Route path="/register" element={<Register />} />
             <Route path="/login" element={<Login />} />
             <Route path="/forgot-password" element={<ForgotPassword />} />
+            <Route path="/admin/login" element={<AdminLogin />} />
 
-            {/* Redirect /user/dashboard to /challenges */}
+            {/* Protected routes */}
             <Route
-              path="/user/dashboard"
-              element={<Navigate to="/challenges" replace />}
-            />
-            <Route
-              path="/user/profile"
-              element={<ProtectedRoute requireAdmin={false}><UserProfile /></ProtectedRoute>}
-            />
-
-            {/* Regular user routes */}
-            <Route
-              path="/teams"
+              path="/challenges"
               element={
-                <ProtectedRoute requireAdmin={false}>
-                  <Teams />
+                <ProtectedRoute>
+                  <Challenges />
                 </ProtectedRoute>
               }
             />
             <Route
               path="/scoreboard"
               element={
-                <ProtectedRoute requireAdmin={false}>
+                <ProtectedRoute>
                   <Scoreboard />
                 </ProtectedRoute>
               }
             />
             <Route
-              path="/challenges"
+              path="/team/profile"
               element={
-                <ProtectedRoute requireAdmin={false}>
-                  <Challenges />
+                <ProtectedRoute>
+                  <TeamProfile />
                 </ProtectedRoute>
               }
             />
 
+            {/* Protected admin routes */}
+            <Route
+              path="/admin/dashboard"
+              element={
+                <AdminRoute>
+                  <AdminDashboard />
+                </AdminRoute>
+              }
+            />
+
             {/* Admin routes */}
-            <Route path="/admin">
-              <Route path="login" element={<AdminLogin />} />
-              <Route
-                element={
-                  <ProtectedRoute requireAdmin={true}>
-                    <AdminLayout />
-                  </ProtectedRoute>
-                }
-              >
-                <Route index element={<Navigate to="/admin/dashboard" />} />
-                <Route path="dashboard" element={<AdminDashboard />} />
-                <Route path="users" element={<AdminUsers />} />
-                <Route path="users/:id" element={<AdminUserDetail />} />
-                <Route path="teams" element={<AdminTeams />} />
-                <Route path="teams/:id" element={<AdminTeamDetail />} />
-                <Route path="challenges" element={<AdminChallenges />} />
-                <Route path="challenges/:id" element={<AdminChallengeDetail />} />
-                <Route path="challenges/create" element={<CreateChallenge />} />
-              </Route>
-            </Route>
+            <Route
+              path="/admin/challenges"
+              element={
+                <AdminRoute>
+                  <AdminChallenges />
+                </AdminRoute>
+              }
+            />
+            <Route
+              path="/admin/challenges/create"
+              element={
+                <AdminRoute>
+                  <CreateChallenge />
+                </AdminRoute>
+              }
+            />
+            <Route
+              path="/admin/challenges/:id"
+              element={
+                <AdminRoute>
+                  <AdminChallengeDetail />
+                </AdminRoute>
+              }
+            />
 
             {/* Catch-all route */}
             <Route path="*" element={<NotFound />} />
diff --git a/frontend/src/api/auth.js b/frontend/src/api/auth.js
index 5227d8f..b7ba1be 100644
--- a/frontend/src/api/auth.js
+++ b/frontend/src/api/auth.js
@@ -1,17 +1,22 @@
 import apiClient from './config';
 
-export const register = async (userData) => {
-  const response = await apiClient.post('/auth/register', userData);
+export const login = async (teamName, password) => {
+  const response = await apiClient.post('/auth/login', {
+    teamName,
+    password
+  });
   return response.data;
 };
 
-export const login = async (credentials) => {
-  const response = await apiClient.post('/auth/login', credentials);
+export const register = async (formData) => {
+  const response = await apiClient.post('/auth/register', formData);
   return response.data;
 };
 
 export const requestPasswordReset = async (email) => {
-  const response = await apiClient.post('/auth/forgot-password', { email });
+  const response = await apiClient.post('/auth/forgot-password', {
+    email,
+  });
   return response.data;
 };
 
@@ -22,3 +27,16 @@ export const resetPassword = async (token, newPassword) => {
   });
   return response.data;
 };
+
+export const adminLogin = async (email, password) => {
+  try {
+    const response = await apiClient.post('/auth/admin/login', {
+      email,
+      password
+    });
+    return response.data;
+  } catch (error) {
+    console.error('Admin login error:', error);
+    throw error;
+  }
+};
diff --git a/frontend/src/api/challenges.js b/frontend/src/api/challenges.js
index cb08a22..4a03f64 100644
--- a/frontend/src/api/challenges.js
+++ b/frontend/src/api/challenges.js
@@ -1,22 +1,94 @@
 import apiClient from './config';
+import { jwtDecode } from 'jwt-decode';
 
 export const getChallenges = async () => {
-  const response = await apiClient.get('/challenges');
-  return response.data;
+  console.log('Token before request:', localStorage.getItem('token'));
+  console.log('Sending the request with token:', jwtDecode(localStorage.getItem('token')));
+  try {
+    const response = await apiClient.get('/challenges');
+    return response.data;
+  } catch (error) {
+    console.error('Challenge request error:', {
+      status: error.response?.status,
+      data: error.response?.data,
+      headers: error.config?.headers
+    });
+    throw error;
+  }
 };
 
 export const submitFlag = async (challengeId, flag) => {
-  const response = await apiClient.post(`/challenges/${challengeId}/submit`, {
-    flag_submitted: flag,
-  });
-  return response.data;
+  try {
+    const response = await apiClient.post(`/challenges/${challengeId}/submit`, {
+      flag_submitted: flag,
+    });
+    return response.data;
+  } catch (error) {
+    console.error('Error submitting flag:', error);
+    throw error;
+  }
 };
 
 export const startChallenge = async (challengeId) => {
-  const response = await apiClient.post(`/challenges/${challengeId}/start`);
-  return {
-    container: response.data.container,
-    port: response.data.port,
-    status: response.data.status,
-  };
+  try {
+    const response = await apiClient.post(`/challenges/${challengeId}/start`);
+    return response.data;
+  } catch (error) {
+    console.error('Error starting challenge:', error);
+    throw error;
+  }
+};
+
+// Admin challenge APIs
+export const getAdminChallenges = async () => {
+  try {
+    const response = await apiClient.get('/challenges/admin');
+    return response.data;
+  } catch (error) {
+    console.error('Error fetching admin challenges:', error);
+    throw error;
+  }
+};
+
+export const createChallenge = async (challengeData) => {
+  try {
+    const response = await apiClient.post('/challenges/create', challengeData);
+    return response.data;
+  } catch (error) {
+    console.error('Error creating challenge:', error);
+    throw error;
+  }
+};
+
+export const updateChallenge = async (challengeData, challengeId) => {
+  try {
+    const response = await apiClient.patch(
+      `/challenges/${challengeId}/update`, 
+      challengeData
+    );
+    return response.data;
+  } catch (error) {
+    console.error('Error updating challenge:', error);
+    throw error;
+  }
+};
+
+export const deleteChallenge = async (challengeId) => {
+  try {
+    const response = await apiClient.delete(`/challenges/${challengeId}/delete`);
+    return response.data;
+  } catch (error) {
+    console.error('Error deleting challenge:', error);
+    throw error;
+  }
+};
+
+export const getChallengeById = async (challengeId) => {
+  try {
+    const response = await apiClient.get(`/challenges/${challengeId}`);
+    return response.data;
+  } catch (error) {
+    console.error('Error fetching challenge:', error);
+    throw error;
+  }
 };
diff --git a/frontend/src/api/config.js b/frontend/src/api/config.js
index 924569f..e2e5a7f 100644
--- a/frontend/src/api/config.js
+++ b/frontend/src/api/config.js
@@ -1,56 +1,36 @@
 import axios from 'axios';
 
-export const API_URL = import.meta.env.VITE_API_URL || 'http://localhost:8000';
-
 const apiClient = axios.create({
-  baseURL: API_URL,
-  timeout: 10000,
+  baseURL: 'http://localhost:8000',
   headers: {
     'Content-Type': 'application/json',
-  },
+  }
 });
 
-// Token refresh logic
-apiClient.interceptors.response.use(
-  (response) => response,
-  async (error) => {
-    const originalRequest = error.config;
-    if (error.response?.status === 401 && !originalRequest._retry) {
-      originalRequest._retry = true;
-      try {
-        const refreshToken = localStorage.getItem('refreshToken');
-        const { data } = await apiClient.post('/auth/refresh', {
-          refresh: refreshToken,
-        });
-        localStorage.setItem('token', data.access);
-        apiClient.defaults.headers.Authorization = `Bearer ${data.access}`;
-        return apiClient(originalRequest);
-      } catch (refreshError) {
-        localStorage.removeItem('token');
-        localStorage.removeItem('refreshToken');
-        window.location.href = '/login';
-      }
+// Add request interceptor to include auth token
+apiClient.interceptors.request.use(
+  (config) => {
+    const tokenString = localStorage.getItem('token');
+    if (tokenString) {
+      const { access } = JSON.parse(tokenString);
+      config.headers.Authorization = `Bearer ${access}`;
     }
-    return Promise.reject(error);
+    return config;
   },
+  (error) => Promise.reject(error)
 );
 
-// Add centralized error handler
+// Add response interceptor for error handling
 apiClient.interceptors.response.use(
-  response => response,
-  error => {
-    console.error(`API Error: ${error.message}`);
+  (response) => response,
+  (error) => {
+    console.error('Response error:', error);
+    if (error.response?.status === 403) {
+      // Handle forbidden error - could be auth issue
+      console.error('Authentication error:', error.response.data);
+    }
     return Promise.reject(error);
   }
 );
 
-// Auth header injection
-apiClient.interceptors.request.use((config) => {
-  const token = localStorage.getItem('token');
-  if (token) {
-    config.headers.Authorization = `Bearer ${token}`;
-  }
-  return config;
-});
-
 export default apiClient;
diff --git a/frontend/src/api/teams.js b/frontend/src/api/teams.js
index 6287cfc..ea52c87 100644
--- a/frontend/src/api/teams.js
+++ b/frontend/src/api/teams.js
@@ -45,3 +45,13 @@ export const leaveTeam = async () => {
     throw error;
   }
 };
+
+export const getTeamProfile = async () => {
+  try {
+    const response = await apiClient.get('/teams/profile');
+    return response.data;
+  } catch (error) {
+    console.error('Error fetching team profile:', error);
+    throw error;
+  }
+};
diff --git a/frontend/src/api/user.js b/frontend/src/api/user.js
index a935ec2..d26fd51 100644
--- a/frontend/src/api/user.js
+++ b/frontend/src/api/user.js
@@ -12,20 +12,25 @@ export const getUserProfile = async () => {
 };
 
 // Update user information
-export const updateUserInfo = async (userData) => {
+export const updateUserInfo = async (data) => {
   try {
-    const response = await apiClient.post('/user/update-info', userData);
+    const response = await apiClient.put('/user/profile', data);
     return response.data;
   } catch (error) {
-    console.error('Error updating user info:', error);
+    console.error('Error in updateUserInfo:', error);
     throw error;
   }
 };
 
 // Get team history for the user
 export const getTeamHistory = async () => {
-  const response = await apiClient.get('/user/team/history');
-  return response.data;
+  try {
+    const response = await apiClient.get('/user/team/history');
+    return response.data;
+  } catch (error) {
+    console.error('Error in getTeamHistory:', error);
+    throw error;
+  }
 };
 
 export const leaveTeam = async () => {
diff --git a/frontend/src/components/AdminRoute.jsx b/frontend/src/components/AdminRoute.jsx
new file mode 100644
index 0000000..6e8dc09
--- /dev/null
+++ b/frontend/src/components/AdminRoute.jsx
@@ -0,0 +1,19 @@
+import React from 'react';
+import { Navigate } from 'react-router-dom';
+import { useAuth } from '../hooks/useAuth';
+
+function AdminRoute({ children }) {
+  const { isAuthenticated, isAdmin } = useAuth();
+
+  if (!isAuthenticated) {
+    return <Navigate to="/admin/login" />;
+  }
+
+  if (!isAdmin) {
+    return <Navigate to="/" />;
+  }
+
+  return children;
+}
+
+export default AdminRoute; 
\ No newline at end of file
diff --git a/frontend/src/components/ChallengeCard.jsx b/frontend/src/components/ChallengeCard.jsx
index acacf2f..13db465 100644
--- a/frontend/src/components/ChallengeCard.jsx
+++ b/frontend/src/components/ChallengeCard.jsx
@@ -1,124 +1,37 @@
-import React, { useState } from 'react';
-import PropTypes from 'prop-types';
-import { startChallenge, submitFlag } from '../api/challenges';
+import React from 'react';
 
 function ChallengeCard({ challenge }) {
-  const [containerDetails, setContainerDetails] = useState(null);
-  const [flag, setFlag] = useState('');
-  const [error, setError] = useState('');
-  const [loading, setLoading] = useState(false);
-
-  const handleStartChallenge = async () => {
-    try {
-      setLoading(true);
-      setError('');
-      const data = await startChallenge(challenge.id);
-      setContainerDetails(data);
-    } catch (error) {
-      setError('Failed to start challenge. Please try again.');
-      console.error('Failed to start challenge:', error);
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  const handleSubmitFlag = async () => {
-    if (!flag.trim()) {
-      setError('Please enter a flag');
-      return;
-    }
-
-    try {
-      setLoading(true);
-      setError('');
-      const data = await submitFlag(challenge.id, flag);
-      if (data.correct) {
-        alert('Congratulations! Flag is correct!');
-        setFlag('');
-      } else {
-        setError('Incorrect flag. Try again.');
-      }
-    } catch (error) {
-      setError('Failed to submit flag. Please try again.');
-      console.error('Failed to submit flag:', error);
-    } finally {
-      setLoading(false);
-    }
+  const categoryColors = {
+    web: 'bg-blue-100 text-blue-800',
+    crypto: 'bg-green-100 text-green-800',
+    pwn: 'bg-red-100 text-red-800',
+    reverse: 'bg-purple-100 text-purple-800',
+    forensics: 'bg-yellow-100 text-yellow-800',
+    misc: 'bg-gray-100 text-gray-800'
   };
 
   return (
-    <div className="challenge-card bg-white shadow-md rounded-lg p-4 sm:p-6">
-      <h3 className="text-xl font-semibold mb-2">{challenge.title}</h3>
-      <p className="text-gray-600 mb-4">{challenge.description}</p>
-      <div className="flex justify-between items-center mb-4">
-        <span className="text-sm font-medium">
-          Category: {challenge.category}
-        </span>
-        <span className="text-blue-600 font-bold">
-          {challenge.max_points} pts
+    <div className="bg-white p-4 rounded-lg shadow-md">
+      <div className="flex justify-between items-start mb-2">
+        <h3 className="text-lg font-semibold">{challenge.title}</h3>
+        <span className="text-lg font-bold text-blue-600">{challenge.max_points}pts</span>
+      </div>
+      <p className="text-gray-600 mb-3">{challenge.description}</p>
+      <div className="flex justify-between items-center">
+        <span className={`px-2 py-1 rounded text-sm ${categoryColors[challenge.category]}`}>
+          {challenge.category}
         </span>
+        {challenge.hints?.length > 0 && (
+          <span className="text-sm text-gray-500">
+            {challenge.hints.length} hint{challenge.hints.length !== 1 ? 's' : ''} available
+          </span>
+        )}
       </div>
-
-      {error && <div className="text-red-500 text-sm mb-4">{error}</div>}
-
-      {!containerDetails ? (
-        <button
-          onClick={handleStartChallenge}
-          disabled={loading}
-          className={`w-full px-4 py-2 rounded ${
-            loading
-              ? 'bg-gray-400 cursor-not-allowed'
-              : 'bg-blue-500 hover:bg-blue-600'
-          } text-white`}
-        >
-          {loading ? 'Starting...' : 'Start Challenge'}
-        </button>
-      ) : (
-        <div className="mt-4 space-y-4">
-          <div className="bg-gray-50 p-4 rounded">
-            <h4 className="text-lg font-semibold mb-2">Connection Details:</h4>
-            <div className="space-y-1 text-sm">
-              <p>Container ID: {containerDetails.container}</p>
-              <p>Port: {containerDetails.port}</p>
-              <p>Status: {containerDetails.status}</p>
-            </div>
-          </div>
-
-          <div className="space-y-2">
-            <input
-              type="text"
-              value={flag}
-              onChange={(e) => setFlag(e.target.value)}
-              placeholder="Enter flag"
-              className="w-full p-2 border rounded focus:ring-2 focus:ring-blue-500"
-              disabled={loading}
-            />
-            <button
-              onClick={handleSubmitFlag}
-              disabled={loading}
-              className={`w-full px-4 py-2 rounded ${
-                loading
-                  ? 'bg-gray-400 cursor-not-allowed'
-                  : 'bg-green-500 hover:bg-green-600'
-              } text-white`}
-            >
-              {loading ? 'Submitting...' : 'Submit Flag'}
-            </button>
-          </div>
-        </div>
+      {challenge.is_solved && (
+        <div className="mt-2 text-green-600 text-sm">✓ Solved</div>
       )}
     </div>
   );
 }
 
-ChallengeCard.propTypes = {
-  challenge: PropTypes.shape({
-    id: PropTypes.number.isRequired,
-    title: PropTypes.string.isRequired,
-    description: PropTypes.string.isRequired,
-    category: PropTypes.string.isRequired,
-    max_points: PropTypes.number.isRequired,
-  }).isRequired,
-};
-
 export default ChallengeCard;
diff --git a/frontend/src/components/Navbar.jsx b/frontend/src/components/Navbar.jsx
index 956fa4a..9a22edc 100644
--- a/frontend/src/components/Navbar.jsx
+++ b/frontend/src/components/Navbar.jsx
@@ -3,11 +3,12 @@ import { Link, useNavigate } from 'react-router-dom';
 import { useAuth } from '../hooks/useAuth';
 
 function Navbar() {
-  const { isAuthenticated, user, logout } = useAuth();
+  const { isAuthenticated, isAdmin, logout } = useAuth();
   const navigate = useNavigate();
 
   const handleLogout = () => {
     logout();
+    navigate('/');
   };
 
   return (
@@ -22,32 +23,36 @@ function Navbar() {
               Home
             </Link>
             {isAuthenticated ? (
-              <>
-                {!user?.isAdmin && (
-                  <>
-                    <Link to="/teams" className="hover:text-gray-300">
-                      Join Team
-                    </Link>
-                    <Link to="/challenges" className="hover:text-gray-300">
-                      Challenges
-                    </Link>
-                    <Link to="/scoreboard" className="hover:text-gray-300">
-                      Scoreboard
-                    </Link>
-                    <Link to="/user/profile" className="hover:text-gray-300">
-                      User
-                    </Link>
-                  </>
-                )}
-                {user?.isAdmin && (
+              isAdmin ? (
+                // Admin Navigation
+                <>
                   <Link to="/admin/dashboard" className="hover:text-gray-300">
-                    Admin
+                    Dashboard
                   </Link>
-                )}
-                <button onClick={logout} className="hover:text-gray-300">
-                  Logout
-                </button>
-              </>
+                  <button onClick={handleLogout} className="hover:text-gray-300">
+                    Admin Logout
+                  </button>
+                </>
+              ) : (
+                // Team Navigation
+                <>
+                  <Link to="/teams" className="hover:text-gray-300">
+                    Join Team
+                  </Link>
+                  <Link to="/challenges" className="hover:text-gray-300">
+                    Challenges
+                  </Link>
+                  <Link to="/scoreboard" className="hover:text-gray-300">
+                    Scoreboard
+                  </Link>
+                  <Link to="/team/profile" className="hover:text-gray-300">
+                    Team Profile
+                  </Link>
+                  <button onClick={handleLogout} className="hover:text-gray-300">
+                    Logout
+                  </button>
+                </>
+              )
             ) : (
               <>
                 <Link to="/login" className="hover:text-gray-300">
diff --git a/frontend/src/components/ProtectedRoute.jsx b/frontend/src/components/ProtectedRoute.jsx
index b3715a6..b0bf2ca 100644
--- a/frontend/src/components/ProtectedRoute.jsx
+++ b/frontend/src/components/ProtectedRoute.jsx
@@ -2,22 +2,15 @@ import React from 'react';
 import { Navigate, useLocation } from 'react-router-dom';
 import { useAuth } from '../hooks/useAuth';
 
-function ProtectedRoute({ children, requireAdmin }) {
-  const { isAuthenticated, user } = useAuth();
+function ProtectedRoute({ children }) {
+  const { isAuthenticated } = useAuth();
   const location = useLocation();
 
   if (!isAuthenticated) {
+    // Redirect to login but remember where we came from
     return <Navigate to="/login" state={{ from: location }} replace />;
   }
 
-  if (requireAdmin && !user?.isAdmin) {
-    return <Navigate to="/challenges" replace />;
-  }
-
-  if (!requireAdmin && user?.isAdmin) {
-    return <Navigate to="/admin/dashboard" replace />;
-  }
-
   return children;
 }
 
diff --git a/frontend/src/context/AuthContext.jsx b/frontend/src/context/AuthContext.jsx
index e2f9da1..edc7076 100644
--- a/frontend/src/context/AuthContext.jsx
+++ b/frontend/src/context/AuthContext.jsx
@@ -1,57 +1,87 @@
 import React, { createContext, useState, useEffect } from 'react';
 import { jwtDecode } from 'jwt-decode';
-import { register, login } from '../api/auth'; // Ensure these imports are correct
-import { useNavigate } from 'react-router-dom';
-import apiClient from '../api/apiClient';
 
 export const AuthContext = createContext();
 
+const decodeToken = (token) => {
+  try {
+    return jwtDecode(token);
+  } catch (error) {
+    return null;
+  }
+};
+
 export const AuthProvider = ({ children }) => {
   const [user, setUser] = useState(null);
+  const [isAuthenticated, setIsAuthenticated] = useState(false);
+  const [isAdmin, setIsAdmin] = useState(false);
 
   useEffect(() => {
+    // Check for token on load
     const token = localStorage.getItem('token');
+    console.log('Initial token check:', !!token);
+    
     if (token) {
       try {
-        const decoded = jwtDecode(token);
-        if (decoded.exp > Date.now() / 1000) {
-          setUser(decoded.user);
-          apiClient.defaults.headers.Authorization = `Bearer ${token}`;
-        } else {
-          handleLogout();
-        }
+        const decoded = jwtDecode(JSON.parse(token).access);
+        console.log('Token decoded successfully:', decoded);
+        
+        setUser({
+          teamId: decoded.team_id,
+          teamName: decoded.team_name,
+          teamEmail: decoded.team_email,
+          memberCount: decoded.member_count,
+          memberEmails: decoded.member_emails
+        });
+        setIsAuthenticated(true);
+        setIsAdmin(decoded.is_admin || false);
+        console.log('Auth state set to true on load');
       } catch (error) {
-        handleLogout();
+        console.error('Error loading user:', error);
+        localStorage.removeItem('token');
+        setIsAuthenticated(false);
       }
     }
   }, []);
 
-  const handleLogin = async (credentials) => {
-    try {
-      const { data } = await apiClient.post('/auth/login', credentials);
-      localStorage.setItem('token', data.token);
-      apiClient.defaults.headers.Authorization = `Bearer ${data.token}`;
-      setUser(jwtDecode(data.token).user);
-    } catch (error) {
-      throw error;
-    }
+  const login = (tokenData) => {
+    console.log('Login called with token data:', tokenData);
+    
+    localStorage.setItem('token', JSON.stringify(tokenData));
+    const decoded = decodeToken(tokenData.access);
+    
+    setUser({
+      teamId: decoded.team_id,
+      teamName: decoded.team_name,
+      teamEmail: decoded.team_email,
+      memberCount: decoded.member_count,
+      memberEmails: decoded.member_emails
+    });
+    setIsAuthenticated(true);
+    setIsAdmin(decoded?.is_admin || false);
+    console.log('Auth state set to true after login');
   };
 
-  const handleLogout = () => {
+  const logout = () => {
     localStorage.removeItem('token');
-    delete apiClient.defaults.headers.Authorization;
     setUser(null);
+    setIsAuthenticated(false);
+    setIsAdmin(false);
+    console.log('Auth state set to false after logout');
   };
 
+  const value = {
+    user,
+    login,
+    logout,
+    isAuthenticated,
+    isAdmin
+  };
+
+  console.log('Current auth state:', value);
+
   return (
-    <AuthContext.Provider
-      value={{
-        user,
-        isAuthenticated: !!user,
-        login: handleLogin,
-        logout: handleLogout,
-      }}
-    >
+    <AuthContext.Provider value={value}>
       {children}
     </AuthContext.Provider>
   );
diff --git a/frontend/src/hooks/useAuth.js b/frontend/src/hooks/useAuth.js
index bd78584..3fce285 100644
--- a/frontend/src/hooks/useAuth.js
+++ b/frontend/src/hooks/useAuth.js
@@ -1,11 +1,30 @@
 import { useContext } from 'react'
 import { AuthContext } from '../context/AuthContext'
+import { jwtDecode } from 'jwt-decode'
 
-export const useAuth = () => {
+export function useAuth() {
   const context = useContext(AuthContext)
   if (!context) {
     throw new Error('useAuth must be used within an AuthProvider')
   }
-  return context
+
+  const isAdmin = () => {
+    try {
+      console.log('isAdmin called');
+      const tokenString = localStorage.getItem('token')
+      if (!tokenString) return false
+      
+      const { access } = JSON.parse(tokenString)
+      const decoded = jwtDecode(access)
+      return decoded.is_admin === true
+    } catch (error) {
+      return false
+    }
+  }
+
+  return {
+    ...context,
+    isAdmin: isAdmin()
+  }
 }
 
diff --git a/frontend/src/pages/Challenges.jsx b/frontend/src/pages/Challenges.jsx
index 7738b24..c1de95a 100644
--- a/frontend/src/pages/Challenges.jsx
+++ b/frontend/src/pages/Challenges.jsx
@@ -1,41 +1,95 @@
 import React, { useState, useEffect } from 'react';
 import { getChallenges } from '../api/challenges';
-import { useAuth } from '../hooks/useAuth';
 import ChallengeCard from '../components/ChallengeCard';
 
 function Challenges() {
   const [challenges, setChallenges] = useState([]);
   const [error, setError] = useState('');
   const [loading, setLoading] = useState(true);
-  const { user } = useAuth();
+  const [selectedCategory, setSelectedCategory] = useState('all');
 
   useEffect(() => {
+    const fetchChallenges = async () => {
+      try {
+        setLoading(true);
+        const data = await getChallenges();
+        console.log(data);
+        setChallenges(data);
+      } catch (err) {
+        console.error('Error fetching challenges:', err);
+        setError('Failed to fetch challenges');
+      } finally {
+        setLoading(false);
+      }
+    };
+
     fetchChallenges();
   }, []);
 
-  const fetchChallenges = async () => {
-    try {
-      setLoading(true);
-      const fetchedChallenges = await getChallenges(user.token);
-      setChallenges(fetchedChallenges);
-    } catch (err) {
-      setError('Failed to fetch challenges');
-    } finally {
-      setLoading(false);
+  // Group challenges by category
+  const challengesByCategory = challenges.reduce((acc, challenge) => {
+    if (!acc[challenge.category]) {
+      acc[challenge.category] = [];
     }
-  };
+    acc[challenge.category].push(challenge);
+    return acc;
+  }, {});
+
+  const categories = ['all', ...Object.keys(challengesByCategory)];
 
-  if (loading) return <div>Loading...</div>;
+  if (loading) return <div>Loading challenges...</div>;
 
   return (
     <div className="responsive-padding">
-      <h2 className="text-2xl font-semibold mb-4 sm:mb-6">Challenges</h2>
-      {error && <p className="text-red-500 mb-4">{error}</p>}
-      <div className="responsive-grid">
-        {challenges.map((challenge) => (
-          <ChallengeCard key={challenge.id} challenge={challenge} />
-        ))}
+      {/* Category Filter */}
+      <div className="mb-6">
+        <div className="flex gap-2 overflow-x-auto pb-2">
+          {categories.map(category => (
+            <button
+              key={category}
+              onClick={() => setSelectedCategory(category)}
+              className={`px-4 py-2 rounded-full text-sm font-medium ${
+                selectedCategory === category
+                  ? 'bg-blue-500 text-white'
+                  : 'bg-gray-200 text-gray-700 hover:bg-gray-300'
+              }`}
+            >
+              {category.charAt(0).toUpperCase() + category.slice(1)}
+            </button>
+          ))}
+        </div>
       </div>
+
+      {/* Challenges Display */}
+      {selectedCategory === 'all' ? (
+        // Show all categories
+        Object.entries(challengesByCategory).map(([category, categoryChallenges]) => (
+          <div key={category} className="mb-8">
+            <h2 className="text-2xl font-semibold mb-4 capitalize">
+              {category} Challenges
+            </h2>
+            <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
+              {categoryChallenges.map(challenge => (
+                <ChallengeCard key={challenge.id} challenge={challenge} />
+              ))}
+            </div>
+          </div>
+        ))
+      ) : (
+        // Show selected category
+        <div>
+          <h2 className="text-2xl font-semibold mb-4 capitalize">
+            {selectedCategory} Challenges
+          </h2>
+          <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
+            {challengesByCategory[selectedCategory]?.map(challenge => (
+              <ChallengeCard key={challenge.id} challenge={challenge} />
+            ))}
+          </div>
+        </div>
+      )}
+
+      {error && <p className="text-red-500 mt-4">{error}</p>}
     </div>
   );
 }
diff --git a/frontend/src/pages/Home.jsx b/frontend/src/pages/Home.jsx
index 7b419fa..2fa2924 100644
--- a/frontend/src/pages/Home.jsx
+++ b/frontend/src/pages/Home.jsx
@@ -4,6 +4,7 @@ import { useAuth } from '../hooks/useAuth';
 
 function Home() {
   const { isAuthenticated, user } = useAuth();
+  console.log(user);
 
   return (
     <div className="text-center">
diff --git a/frontend/src/pages/Login.jsx b/frontend/src/pages/Login.jsx
index 47fba1c..10360ab 100644
--- a/frontend/src/pages/Login.jsx
+++ b/frontend/src/pages/Login.jsx
@@ -1,60 +1,69 @@
-import React, { useState } from 'react'
-import { useNavigate, Link } from 'react-router-dom'
+import React, { useState, useEffect } from 'react'
+import { useNavigate, useLocation } from 'react-router-dom'
 import { login as apiLogin } from '../api/auth'
 import { useAuth } from '../hooks/useAuth'
 
 function Login() {
-  const [email, setEmail] = useState('')
+  const [teamName, setTeamName] = useState('')
   const [password, setPassword] = useState('')
   const [error, setError] = useState('')
   const navigate = useNavigate()
-  const { login } = useAuth()
+  const location = useLocation()
+  const { login, isAuthenticated } = useAuth()
+
+  useEffect(() => {
+    if (isAuthenticated) {
+      const from = location.state?.from?.pathname || '/challenges'
+      navigate(from, { replace: true })
+    }
+  }, [isAuthenticated, navigate, location])
 
   const handleSubmit = async (e) => {
     e.preventDefault()
+    setError('')
+    
     try {
-      const data = await apiLogin(email, password)
-      login(data)
-      navigate('/')
+      const response = await apiLogin(teamName, password)
+      login(response)
     } catch (err) {
-      setError('Login failed. Please check your credentials.')
+      console.error('Login error:', err)
+      setError('Invalid team credentials')
     }
   }
 
   return (
-    <div className="max-w-md mx-auto">
-      <h2 className="text-2xl font-semibold mb-4">Login</h2>
-      {error && <p className="text-red-500 mb-4">{error}</p>}
+    <div className="max-w-md mx-auto mt-8 p-6 bg-white rounded-lg shadow-md">
+      <h2 className="text-2xl font-bold mb-6">Team Login</h2>
+      {error && (
+        <div className="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded mb-4">
+          {error}
+        </div>
+      )}
       <form onSubmit={handleSubmit}>
         <div className="mb-4">
-          <label htmlFor="email" className="block mb-2">Email</label>
+          <label className="block mb-2">Team Name</label>
           <input
-            type="email"
-            id="email"
-            value={email}
-            onChange={(e) => setEmail(e.target.value)}
-            className="input"
+            type="text"
+            value={teamName}
+            onChange={(e) => setTeamName(e.target.value)}
+            className="w-full p-2 border rounded"
             required
           />
         </div>
-        <div className="mb-4">
-          <label htmlFor="password" className="block mb-2">Password</label>
+        <div className="mb-6">
+          <label className="block mb-2">Password</label>
           <input
             type="password"
-            id="password"
             value={password}
             onChange={(e) => setPassword(e.target.value)}
-            className="input"
+            className="w-full p-2 border rounded"
             required
           />
         </div>
-        <button type="submit" className="btn btn-primary">Login</button>
+        <button type="submit" className="w-full bg-blue-500 text-white p-2 rounded hover:bg-blue-600">
+          Login
+        </button>
       </form>
-      <div className="mt-4 text-center">
-        <Link to="/forgot-password" className="text-blue-600 hover:text-blue-800">
-          Forgot Password?
-        </Link>
-      </div>
     </div>
   )
 }
diff --git a/frontend/src/pages/Register.jsx b/frontend/src/pages/Register.jsx
index d6ccd90..ef53f82 100644
--- a/frontend/src/pages/Register.jsx
+++ b/frontend/src/pages/Register.jsx
@@ -2,38 +2,48 @@ import React, { useState } from 'react';
 import { useNavigate } from 'react-router-dom';
 import { register } from '../api/auth';
 import { useAuth } from '../hooks/useAuth';
-import {
-  validateEmail,
-  validatePassword,
-  validateUsername,
-} from '../utils/validators';
+import { validateEmail } from '../utils/validators';
 
 function Register() {
-  const [username, setUsername] = useState('');
-  const [email, setEmail] = useState('');
-  const [password, setPassword] = useState('');
+  const [formData, setFormData] = useState({
+    teamName: '',
+    teamEmail: '',
+    password: '',
+    member1Name: '',
+    member1Email: '',
+    member2Name: '',
+    member2Email: '',
+    member3Name: '',
+    member3Email: '',
+  });
   const [error, setError] = useState('');
   const navigate = useNavigate();
   const { login } = useAuth();
 
+  const handleChange = (e) => {
+    setFormData({
+      ...formData,
+      [e.target.name]: e.target.value
+    });
+  };
+
   const handleSubmit = async (e) => {
     e.preventDefault();
+    setError('');
 
-    if (!validateUsername(username)) {
-      setError('Invalid username format');
-      return;
-    }
-    if (!validateEmail(email)) {
-      setError('Invalid email format');
-      return;
-    }
-    if (!validatePassword(password)) {
-      setError('Password must be at least 8 characters');
-      return;
-    }
+    // Calculate team size based on provided member emails
+    const memberCount = [
+      formData.member1Email,
+      formData.member2Email,
+      formData.member3Email
+    ].filter(Boolean).length;
 
     try {
-      const data = await register(username, email, password);
+      console.log(formData);
+      const data = await register({
+        ...formData,
+        teamSize: memberCount // Add team size to registration data
+      });
       login(data);
       navigate('/');
     } catch (err) {
@@ -43,51 +53,127 @@ function Register() {
 
   return (
     <div className="max-w-md mx-auto">
-      <h2 className="text-2xl font-semibold mb-4">Register</h2>
+      <h2 className="text-2xl font-semibold mb-4">Team Registration</h2>
       {error && <p className="text-red-500 mb-4">{error}</p>}
       <form onSubmit={handleSubmit}>
+        {/* Team Information */}
         <div className="mb-4">
-          <label htmlFor="username" className="block mb-2">
-            Username
-          </label>
-          <input
-            type="text"
-            id="username"
-            value={username}
-            onChange={(e) => setUsername(e.target.value)}
-            className="input"
-            required
-          />
+          <h3 className="text-xl font-semibold mb-2">Team Information</h3>
+          <div className="mb-2">
+            <label htmlFor="teamName" className="block mb-1">Team Name *</label>
+            <input
+              type="text"
+              name="teamName"
+              value={formData.teamName}
+              onChange={handleChange}
+              className="input"
+              required
+            />
+          </div>
+          <div className="mb-2">
+            <label htmlFor="teamEmail" className="block mb-1">Team Email *</label>
+            <input
+              type="email"
+              name="teamEmail"
+              value={formData.teamEmail}
+              onChange={handleChange}
+              className="input"
+              required
+            />
+          </div>
+          <div className="mb-2">
+            <label htmlFor="password" className="block mb-1">Team Password *</label>
+            <input
+              type="password"
+              name="password"
+              value={formData.password}
+              onChange={handleChange}
+              className="input"
+              required
+              minLength={8}
+            />
+          </div>
         </div>
+
+        {/* Member 1 (Required) */}
         <div className="mb-4">
-          <label htmlFor="email" className="block mb-2">
-            Email
-          </label>
-          <input
-            type="email"
-            id="email"
-            value={email}
-            onChange={(e) => setEmail(e.target.value)}
-            className="input"
-            required
-          />
+          <h3 className="text-xl font-semibold mb-2">Member 1 (Required)</h3>
+          <div className="mb-2">
+            <label htmlFor="member1Name" className="block mb-1">Name *</label>
+            <input
+              type="text"
+              name="member1Name"
+              value={formData.member1Name}
+              onChange={handleChange}
+              className="input"
+              required
+            />
+          </div>
+          <div className="mb-2">
+            <label htmlFor="member1Email" className="block mb-1">Email *</label>
+            <input
+              type="email"
+              name="member1Email"
+              value={formData.member1Email}
+              onChange={handleChange}
+              className="input"
+              required
+            />
+          </div>
         </div>
+
+        {/* Member 2 (Optional) */}
         <div className="mb-4">
-          <label htmlFor="password" className="block mb-2">
-            Password
-          </label>
-          <input
-            type="password"
-            id="password"
-            value={password}
-            onChange={(e) => setPassword(e.target.value)}
-            className="input"
-            required
-            minLength={8}
-          />
+          <h3 className="text-xl font-semibold mb-2">Member 2 (Optional)</h3>
+          <div className="mb-2">
+            <label htmlFor="member2Name" className="block mb-1">Name</label>
+            <input
+              type="text"
+              name="member2Name"
+              value={formData.member2Name}
+              onChange={handleChange}
+              className="input"
+            />
+          </div>
+          <div className="mb-2">
+            <label htmlFor="member2Email" className="block mb-1">Email</label>
+            <input
+              type="email"
+              name="member2Email"
+              value={formData.member2Email}
+              onChange={handleChange}
+              className="input"
+            />
+          </div>
         </div>
+
+        {/* Member 3 (Optional) */}
+        <div className="mb-4">
+          <h3 className="text-xl font-semibold mb-2">Member 3 (Optional)</h3>
+          <div className="mb-2">
+            <label htmlFor="member3Name" className="block mb-1">Name</label>
+            <input
+              type="text"
+              name="member3Name"
+              value={formData.member3Name}
+              onChange={handleChange}
+              className="input"
+            />
+          </div>
+          <div className="mb-2">
+            <label htmlFor="member3Email" className="block mb-1">Email</label>
+            <input
+              type="email"
+              name="member3Email"
+              value={formData.member3Email}
+              onChange={handleChange}
+              className="input"
+            />
+          </div>
+        </div>
+
         <button type="submit" className="btn btn-primary w-full">
-          Register
+          Register Team
         </button>
       </form>
     </div>
diff --git a/frontend/src/pages/Scoreboard.jsx b/frontend/src/pages/Scoreboard.jsx
index 81d50ba..26898cb 100644
--- a/frontend/src/pages/Scoreboard.jsx
+++ b/frontend/src/pages/Scoreboard.jsx
@@ -6,7 +6,6 @@ function Scoreboard() {
   const [scores, setScores] = useState([])
   const [error, setError] = useState('')
   const [loading, setLoading] = useState(true)
-  const { user } = useAuth()
 
   useEffect(() => {
     fetchScoreboard()
@@ -14,11 +13,12 @@ function Scoreboard() {
 
   const fetchScoreboard = async () => {
     try {
-      const scoreboard = await getScoreboard(user.token)
+      const scoreboard = await getScoreboard()
       setScores(scoreboard)
-      setLoading(false)
     } catch (err) {
+      console.error('Error fetching scoreboard:', err)
       setError('Failed to fetch scoreboard')
+    } finally {
       setLoading(false)
     }
   }
diff --git a/frontend/src/pages/TeamProfile.jsx b/frontend/src/pages/TeamProfile.jsx
new file mode 100644
index 0000000..bd9f836
--- /dev/null
+++ b/frontend/src/pages/TeamProfile.jsx
@@ -0,0 +1,76 @@
+import React from 'react';
+import { useAuth } from '../hooks/useAuth';
+import { jwtDecode } from 'jwt-decode';
+
+function TeamProfile() {
+  const { user } = useAuth();
+  
+  // Get additional data from token if needed
+  const getTokenData = () => {
+    try {
+      const tokenString = localStorage.getItem('token');
+      if (tokenString) {
+        const { access } = JSON.parse(tokenString);
+        return jwtDecode(access);
+      }
+    } catch (error) {
+      console.error('Error decoding token:', error);
+    }
+    return null;
+  };
+
+  const tokenData = getTokenData();
+  console.log('Token data in TeamProfile:', tokenData);
+
+  return (
+    <div className="max-w-4xl mx-auto p-4 sm:p-6 lg:p-8">
+      <h1 className="text-3xl font-bold mb-6 text-gray-800">Team Profile</h1>
+      
+      {/* Team Basic Info */}
+      <div className="bg-white p-6 rounded-lg shadow-lg mb-8">
+        <div className="mb-6">
+          <h2 className="text-2xl font-semibold mb-4">Team Information</h2>
+          <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
+            <div>
+              <label className="block text-gray-600">Team Name</label>
+              <p className="text-lg font-medium">{tokenData?.team_name}</p>
+            </div>
+            <div>
+              <label className="block text-gray-600">Team Email</label>
+              <p className="text-lg font-medium">{tokenData?.team_email}</p>
+            </div>
+          </div>
+        </div>
+
+        {/* Team Members */}
+        <div className="mb-6">
+          <h3 className="text-xl font-semibold mb-3">Team Members</h3>
+          <div className="space-y-3">
+            {tokenData?.member_emails.map((email, index) => (
+              <div key={index} className="p-3 bg-gray-50 rounded-lg">
+                <p className="text-gray-600 text-sm">{email}</p>
+              </div>
+            ))}
+          </div>
+        </div>
+
+        {/* Team Stats */}
+        <div>
+          <h3 className="text-xl font-semibold mb-3">Team Information</h3>
+          <div className="grid grid-cols-1 sm:grid-cols-2 gap-4">
+            <div className="p-4 bg-blue-50 rounded-lg">
+              <p className="text-gray-600">Member Count</p>
+              <p className="text-2xl font-bold text-blue-600">{tokenData?.member_count}</p>
+            </div>
+            <div className="p-4 bg-purple-50 rounded-lg">
+              <p className="text-gray-600">Team ID</p>
+              <p className="text-2xl font-bold text-purple-600">#{tokenData?.team_id}</p>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+export default TeamProfile; 
\ No newline at end of file
diff --git a/frontend/src/pages/admin/AdminChallenges.jsx b/frontend/src/pages/admin/AdminChallenges.jsx
new file mode 100644
index 0000000..1f65155
--- /dev/null
+++ b/frontend/src/pages/admin/AdminChallenges.jsx
@@ -0,0 +1,116 @@
+import React, { useState, useEffect } from 'react';
+import { Link, useNavigate } from 'react-router-dom';
+import { getAdminChallenges, deleteChallenge } from '../../api/challenges';
+
+function AdminChallenges() {
+  const [challenges, setChallenges] = useState([]);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState('');
+  const navigate = useNavigate();
+
+  useEffect(() => {
+    fetchChallenges();
+  }, []);
+
+  const fetchChallenges = async () => {
+    try {
+      const data = await getAdminChallenges();
+      setChallenges(data);
+    } catch (err) {
+      console.error('Error fetching challenges:', err);
+      setError('Failed to fetch challenges');
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const handleDelete = async (id) => {
+    if (window.confirm('Are you sure you want to delete this challenge?')) {
+      try {
+        await deleteChallenge(id);
+        fetchChallenges(); // Refresh the list
+      } catch (err) {
+        console.error('Error deleting challenge:', err);
+        setError('Failed to delete challenge');
+      }
+    }
+  };
+
+  if (loading) return <div>Loading...</div>;
+
+  return (
+    <div className="max-w-7xl mx-auto p-6">
+      <div className="flex justify-between items-center mb-6">
+        <h1 className="text-2xl font-bold">Challenges</h1>
+        <Link
+          to="/admin/challenges/create"
+          className="px-4 py-2 bg-blue-500 text-white rounded-lg hover:bg-blue-600"
+        >
+          Create Challenge
+        </Link>
+      </div>
+
+      {error && (
+        <div className="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded mb-4">
+          {error}
+        </div>
+      )}
+
+      <div className="bg-white rounded-lg shadow overflow-hidden">
+        <table className="min-w-full">
+          <thead className="bg-gray-50">
+            <tr>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Title</th>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Category</th>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Points</th>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Status</th>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Actions</th>
+            </tr>
+          </thead>
+          <tbody className="bg-white divide-y divide-gray-200">
+            {challenges.map((challenge) => (
+              <tr key={challenge.id}>
+                <td className="px-6 py-4 whitespace-nowrap">
+                  <div className="text-sm font-medium text-gray-900">{challenge.title}</div>
+                </td>
+                <td className="px-6 py-4 whitespace-nowrap">
+                  <span className="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-blue-100 text-blue-800">
+                    {challenge.category}
+                  </span>
+                </td>
+                <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
+                  {challenge.max_points}
+                </td>
+                <td className="px-6 py-4 whitespace-nowrap">
+                  <span className={`px-2 inline-flex text-xs leading-5 font-semibold rounded-full ${
+                    challenge.is_hidden 
+                      ? 'bg-yellow-100 text-yellow-800' 
+                      : 'bg-green-100 text-green-800'
+                  }`}>
+                    {challenge.is_hidden ? 'Hidden' : 'Visible'}
+                  </span>
+                </td>
+                <td className="px-6 py-4 whitespace-nowrap text-sm font-medium">
+                  <button
+                    onClick={() => navigate(`/admin/challenges/${challenge.id}`)}
+                    className="text-indigo-600 hover:text-indigo-900 mr-4"
+                  >
+                    Edit
+                  </button>
+                  <button
+                    onClick={() => handleDelete(challenge.id)}
+                    className="text-red-600 hover:text-red-900"
+                  >
+                    Delete
+                  </button>
+                </td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+      </div>
+    </div>
+  );
+}
+
+export default AdminChallenges; 
\ No newline at end of file
diff --git a/frontend/src/pages/admin/AdminLogin.jsx b/frontend/src/pages/admin/AdminLogin.jsx
index d060331..0fc161b 100644
--- a/frontend/src/pages/admin/AdminLogin.jsx
+++ b/frontend/src/pages/admin/AdminLogin.jsx
@@ -1,7 +1,7 @@
 import React, { useState } from 'react';
 import { useNavigate } from 'react-router-dom';
-import { login as apiLogin } from '../../api/auth';
 import { useAuth } from '../../hooks/useAuth';
+import { adminLogin } from '../../api/auth';
 
 function AdminLogin() {
   const [email, setEmail] = useState('');
@@ -12,40 +12,41 @@ function AdminLogin() {
 
   const handleSubmit = async (e) => {
     e.preventDefault();
+    setError('');
+
     try {
-      const data = await apiLogin(email, password);
-      if (!data.user?.isAdmin) {
-        setError('Unauthorized access');
-        return;
-      }
-      login(data.token);
-      navigate('/admin/dashboard');
+      const response = await adminLogin(email, password);
+      login(response);
+      navigate('/admin/challenges');
     } catch (err) {
-      setError('Login failed. Please check your credentials.');
+      console.error('Admin login error:', err);
+      setError(err.response?.data?.error || 'Failed to login');
     }
   };
 
   return (
-    <div className="max-w-md mx-auto mt-8">
-      <h2 className="text-2xl font-semibold mb-4">Admin Login</h2>
-      {error && <p className="text-red-500 mb-4">{error}</p>}
+    <div className="max-w-md mx-auto mt-8 p-6 bg-white rounded-lg shadow-md">
+      <h2 className="text-2xl font-bold mb-6">Admin Login</h2>
+      {error && (
+        <div className="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded mb-4">
+          {error}
+        </div>
+      )}
       <form onSubmit={handleSubmit}>
         <div className="mb-4">
-          <label htmlFor="email" className="block mb-2">Email</label>
+          <label className="block mb-2">Email</label>
           <input
             type="email"
-            id="email"
             value={email}
             onChange={(e) => setEmail(e.target.value)}
             className="w-full p-2 border rounded"
             required
           />
         </div>
-        <div className="mb-4">
-          <label htmlFor="password" className="block mb-2">Password</label>
+        <div className="mb-6">
+          <label className="block mb-2">Password</label>
           <input
             type="password"
-            id="password"
             value={password}
             onChange={(e) => setPassword(e.target.value)}
             className="w-full p-2 border rounded"
@@ -53,10 +54,10 @@ function AdminLogin() {
           />
         </div>
         <button 
-          type="submit"
-          className="w-full bg-blue-500 text-white py-2 rounded hover:bg-blue-600"
+          type="submit" 
+          className="w-full bg-blue-500 text-white p-2 rounded hover:bg-blue-600"
         >
-          Login
+          Login as Admin
         </button>
       </form>
     </div>
diff --git a/frontend/src/pages/admin/ChallengeDetail.jsx b/frontend/src/pages/admin/ChallengeDetail.jsx
index 7aa8303..8bd8dc9 100644
--- a/frontend/src/pages/admin/ChallengeDetail.jsx
+++ b/frontend/src/pages/admin/ChallengeDetail.jsx
@@ -1,210 +1,253 @@
-import React, { useState } from 'react';
+import React, { useState, useEffect } from 'react';
 import { useParams, useNavigate, Link } from 'react-router-dom';
-import { getChallengeById } from '../../data/dummyChallenges';
+import { getChallengeById, updateChallenge, deleteChallenge } from '../../api/challenges';
 import { getUserById } from '../../data/dummyUsers';
 import { dummyUsers } from '../../data/dummyUsers';
 import { dummyTeams } from '../../data/dummyTeams';
 
 function EditChallengeModal({ challenge, onClose, onSave }) {
   const [formData, setFormData] = useState({
-    ...challenge,
-    newHint: { content: '', cost: 0 }
+    title: challenge.title,
+    description: challenge.description,
+    category: challenge.category,
+    max_points: challenge.max_points,
+    docker_image: challenge.docker_image,
+    flag: challenge.flag,
+    is_hidden: challenge.is_hidden,
+    hints: [...challenge.hints],
+    file_links: [...challenge.file_links]
   });
 
-  const addHint = () => {
-    if (formData.newHint.content) {
-      setFormData({
-        ...formData,
-        hints: [...formData.hints, { ...formData.newHint, id: Date.now() }],
-        newHint: { content: '', cost: 0 }
-      });
-    }
-  };
-
-  const removeHint = (hintId) => {
-    setFormData({
-      ...formData,
-      hints: formData.hints.filter(hint => hint.id !== hintId)
-    });
-  };
+  const categoryOptions = [
+    'web',
+    'crypto',
+    'pwn',
+    'reverse',
+    'forensics',
+    'misc'
+  ];
 
-  const handleSubmit = (e) => {
+  const handleSubmit = async (e) => {
     e.preventDefault();
-    
-    // Remove the newHint field before saving
-    const { newHint, ...challengeData } = formData;
-    
-    // TODO: Validate the data before saving
-    // - Check if name is not empty
-    // - Check if value is a positive number
-    // - Check if flag is not empty
-    // - Validate hints have content and valid costs
-    
-    onSave(challengeData);
+    try {
+      await onSave(formData);
+      onClose();
+    } catch (error) {
+      console.error('Error updating challenge:', error);
+    }
   };
 
   return (
     <div className="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center z-50">
       <div className="bg-white rounded-lg p-6 w-[800px] max-h-[90vh] overflow-y-auto">
-        <h2 className="text-2xl font-bold mb-4">Edit Challenge</h2>
+        <div className="flex justify-between items-center mb-6">
+          <h2 className="text-2xl font-bold">Edit Challenge</h2>
+          <button onClick={onClose} className="text-gray-500 hover:text-gray-700">
+            <svg className="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M6 18L18 6M6 6l12 12" />
+            </svg>
+          </button>
+        </div>
+
         <form onSubmit={handleSubmit} className="space-y-6">
           <div>
-            <label className="block mb-2 font-medium">Name</label>
+            <label className="block mb-2 font-medium">Title</label>
             <input
               type="text"
+              value={formData.title}
+              onChange={(e) => setFormData({...formData, title: e.target.value})}
               className="w-full border rounded-lg px-4 py-2"
-              value={formData.name}
-              onChange={(e) => setFormData({...formData, name: e.target.value})}
+              required
             />
           </div>
 
+          <div>
+            <label className="block mb-2 font-medium">Category</label>
+            <select
+              value={formData.category}
+              onChange={(e) => setFormData({...formData, category: e.target.value})}
+              className="w-full border rounded-lg px-4 py-2"
+              required
+            >
+              {categoryOptions.map(cat => (
+                <option key={cat} value={cat}>
+                  {cat.charAt(0).toUpperCase() + cat.slice(1)}
+                </option>
+              ))}
+            </select>
+          </div>
+
           <div>
             <label className="block mb-2 font-medium">Description</label>
             <textarea
-              className="w-full border rounded-lg px-4 py-2"
-              rows={4}
               value={formData.description}
               onChange={(e) => setFormData({...formData, description: e.target.value})}
+              className="w-full border rounded-lg px-4 py-2"
+              rows={4}
+              required
             />
           </div>
 
           <div>
-            <label className="block mb-2 font-medium">Value</label>
+            <label className="block mb-2 font-medium">Points</label>
             <input
               type="number"
+              value={formData.max_points}
+              onChange={(e) => setFormData({...formData, max_points: parseInt(e.target.value)})}
               className="w-full border rounded-lg px-4 py-2"
-              value={formData.value}
-              onChange={(e) => setFormData({...formData, value: parseInt(e.target.value)})}
+              min="0"
+              required
             />
           </div>
 
           <div>
-            <label className="block mb-2 font-medium">Flag</label>
+            <label className="block mb-2 font-medium">Docker Image</label>
             <input
               type="text"
+              value={formData.docker_image}
+              onChange={(e) => setFormData({...formData, docker_image: e.target.value})}
               className="w-full border rounded-lg px-4 py-2"
+              required
+            />
+          </div>
+
+          <div>
+            <label className="block mb-2 font-medium">Flag</label>
+            <input
+              type="text"
               value={formData.flag}
               onChange={(e) => setFormData({...formData, flag: e.target.value})}
+              className="w-full border rounded-lg px-4 py-2"
+              required
             />
           </div>
 
+          <div>
+            <label className="flex items-center">
+              <input
+                type="checkbox"
+                checked={formData.is_hidden}
+                onChange={(e) => setFormData({...formData, is_hidden: e.target.checked})}
+                className="mr-2"
+              />
+              <span>Hidden Challenge</span>
+            </label>
+          </div>
+
           <div>
             <label className="block mb-2 font-medium">Hints</label>
             <div className="space-y-4">
-              {formData.hints.map(hint => (
-                <div key={hint.id} className="flex gap-4 items-center bg-gray-50 p-4 rounded-lg">
-                  <div className="flex-grow">
-                    <input
-                      type="text"
-                      className="w-full border rounded-lg px-4 py-2 mb-2"
-                      value={hint.content}
-                      onChange={(e) => {
-                        const updatedHints = formData.hints.map(h =>
-                          h.id === hint.id ? {...h, content: e.target.value} : h
-                        );
-                        setFormData({...formData, hints: updatedHints});
-                      }}
-                    />
-                    <input
-                      type="number"
-                      className="w-full border rounded-lg px-4 py-2"
-                      value={hint.cost}
-                      onChange={(e) => {
-                        const updatedHints = formData.hints.map(h =>
-                          h.id === hint.id ? {...h, cost: parseInt(e.target.value)} : h
-                        );
-                        setFormData({...formData, hints: updatedHints});
+              {formData.hints.map((hint, index) => (
+                <div key={index} className="bg-gray-50 p-4 rounded-lg">
+                  <div className="flex justify-between items-center mb-2">
+                    <span className="font-medium">Hint {index + 1}</span>
+                    <button
+                      type="button"
+                      onClick={() => {
+                        const newHints = formData.hints.filter((_, i) => i !== index);
+                        setFormData({...formData, hints: newHints});
                       }}
-                    />
+                      className="text-red-500"
+                    >
+                      Remove
+                    </button>
+                  </div>
+                  <div className="grid grid-cols-3 gap-4">
+                    <div className="col-span-2">
+                      <input
+                        type="text"
+                        value={hint.content}
+                        onChange={(e) => {
+                          const newHints = [...formData.hints];
+                          newHints[index] = { ...hint, content: e.target.value };
+                          setFormData({...formData, hints: newHints});
+                        }}
+                        className="w-full border rounded-lg px-4 py-2"
+                        placeholder="Hint content"
+                      />
+                    </div>
+                    <div>
+                      <input
+                        type="number"
+                        value={hint.cost}
+                        onChange={(e) => {
+                          const newHints = [...formData.hints];
+                          newHints[index] = { ...hint, cost: parseInt(e.target.value) };
+                          setFormData({...formData, hints: newHints});
+                        }}
+                        className="w-full border rounded-lg px-4 py-2"
+                        placeholder="Cost"
+                        min="0"
+                      />
+                    </div>
                   </div>
-                  <button
-                    type="button"
-                    onClick={() => removeHint(hint.id)}
-                    className="text-red-500 hover:text-red-700"
-                  >
-                    <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M6 18L18 6M6 6l12 12" />
-                    </svg>
-                  </button>
                 </div>
               ))}
-              <div className="flex gap-4">
-                <input
-                  type="text"
-                  className="flex-grow border rounded-lg px-4 py-2"
-                  placeholder="New hint content"
-                  value={formData.newHint.content}
-                  onChange={(e) => setFormData({
-                    ...formData,
-                    newHint: {...formData.newHint, content: e.target.value}
-                  })}
-                />
-                <input
-                  type="number"
-                  className="w-32 border rounded-lg px-4 py-2"
-                  placeholder="Cost"
-                  value={formData.newHint.cost}
-                  onChange={(e) => setFormData({
-                    ...formData,
-                    newHint: {...formData.newHint, cost: parseInt(e.target.value)}
-                  })}
-                />
-                <button
-                  type="button"
-                  onClick={addHint}
-                  className="px-4 py-2 bg-green-500 text-white rounded-lg"
-                >
-                  Add
-                </button>
-              </div>
+              <button
+                type="button"
+                onClick={() => setFormData({
+                  ...formData,
+                  hints: [...formData.hints, { content: '', cost: 0 }]
+                })}
+                className="px-4 py-2 bg-green-500 text-white rounded-lg"
+              >
+                Add Hint
+              </button>
             </div>
           </div>
 
           <div>
-            <label className="block mb-2 font-medium">Files</label>
-            <input
-              type="file"
-              multiple
-              className="w-full border rounded-lg px-4 py-2"
-              onChange={(e) => {
-                const files = Array.from(e.target.files).map(file => ({
-                  id: Date.now(),
-                  name: file.name,
-                  path: URL.createObjectURL(file)
-                }));
-                setFormData({...formData, files: [...formData.files, ...files]});
-              }}
-            />
-            <div className="mt-2 space-y-2">
-              {formData.files.map(file => (
-                <div key={file.id} className="flex justify-between items-center bg-gray-50 p-2 rounded">
-                  <span>{file.name}</span>
+            <label className="block mb-2 font-medium">File Links</label>
+            <div className="space-y-2">
+              {formData.file_links.map((link, index) => (
+                <div key={index} className="flex gap-2">
+                  <input
+                    type="text"
+                    value={link}
+                    onChange={(e) => {
+                      const newLinks = [...formData.file_links];
+                      newLinks[index] = e.target.value;
+                      setFormData({...formData, file_links: newLinks});
+                    }}
+                    className="flex-grow border rounded-lg px-4 py-2"
+                    placeholder="Enter file link URL"
+                  />
                   <button
                     type="button"
-                    onClick={() => setFormData({
-                      ...formData,
-                      files: formData.files.filter(f => f.id !== file.id)
-                    })}
-                    className="text-red-500 hover:text-red-700"
+                    onClick={() => {
+                      const newLinks = formData.file_links.filter((_, i) => i !== index);
+                      setFormData({...formData, file_links: newLinks});
+                    }}
+                    className="px-3 py-2 bg-red-500 text-white rounded-lg"
                   >
                     Remove
                   </button>
                 </div>
               ))}
+              <button
+                type="button"
+                onClick={() => setFormData({
+                  ...formData,
+                  file_links: [...formData.file_links, '']
+                })}
+                className="px-4 py-2 bg-green-500 text-white rounded-lg"
+              >
+                Add File Link
+              </button>
             </div>
           </div>
 
-          <div className="flex justify-end gap-4">
+          <div className="flex justify-end gap-4 pt-4">
             <button
               type="button"
               onClick={onClose}
-              className="px-4 py-2 border rounded-lg"
+              className="px-4 py-2 border rounded-lg hover:bg-gray-50"
             >
               Cancel
             </button>
             <button
               type="submit"
-              className="px-4 py-2 bg-blue-500 text-white rounded-lg"
+              className="px-4 py-2 bg-blue-500 text-white rounded-lg hover:bg-blue-600"
             >
               Save Changes
             </button>
@@ -218,46 +261,119 @@ function EditChallengeModal({ challenge, onClose, onSave }) {
 function ChallengeDetail() {
   const { id } = useParams();
   const navigate = useNavigate();
-  const [challenge, setChallenge] = useState(getChallengeById(id));
+  const [challenge, setChallenge] = useState(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState(null);
   const [showEditModal, setShowEditModal] = useState(false);
 
-  const handleSaveChallenge = (updatedChallenge) => {
-    // TODO: Implement PUT request to /api/challenges/:id
-    // Example API call:
-    // await axios.put(`/api/challenges/${id}`, updatedChallenge);
-    
-    // For now, update the frontend state
-    setChallenge(updatedChallenge);
-    setShowEditModal(false);
+  // Placeholder dummy data for submissions (temporary)
+  const dummySubmissions = {
+    correct: [
+      {
+        id: 1,
+        userId: 1,
+        teamId: 1,
+        submittedAt: new Date().toISOString(),
+        username: "user1",
+        teamName: "Team Alpha",
+      },
+      {
+        id: 2,
+        userId: 2,
+        teamId: 1,
+        submittedAt: new Date().toISOString(),
+        username: "user2",
+        teamName: "Team Alpha",
+      }
+    ],
+    incorrect: [
+      {
+        id: 3,
+        userId: 3,
+        teamId: 2,
+        submittedAt: new Date().toISOString(),
+        username: "user3",
+        teamName: "Team Beta",
+        submission: "wrong_flag{123}"
+      },
+      {
+        id: 4,
+        userId: 4,
+        teamId: 2,
+        submittedAt: new Date().toISOString(),
+        username: "user4",
+        teamName: "Team Beta",
+        submission: "incorrect_flag{456}"
+      }
+    ]
   };
 
-  const handleDelete = () => {
+  useEffect(() => {
+    const fetchChallenge = async () => {
+      try {
+        const data = await getChallengeById(id);
+        console.log(data)
+        setChallenge(data);
+      } catch (err) {
+        setError('Failed to fetch challenge details');
+        console.error(err);
+      } finally {
+        setLoading(false);
+      }
+    };
+
+    fetchChallenge();
+  }, [id]);
+
+  const handleSaveChallenge = async (updatedData) => {
+    try {
+      await updateChallenge(updatedData, id);
+      setChallenge(updatedData);
+      setShowEditModal(false);
+    } catch (error) {
+      console.error('Error updating challenge:', error);
+    }
+  };
+
+  const handleDelete = async () => {
     if (window.confirm('Are you sure you want to delete this challenge?')) {
-      // TODO: Implement DELETE request to /api/challenges/:id
-      // Example API call:
-      // await axios.delete(`/api/challenges/${id}`);
-      
-      navigate('/admin/challenges');
+      try {
+        await deleteChallenge(id);
+        navigate('/admin/challenges');
+      } catch (error) {
+        console.error('Error deleting challenge:', error);
+        alert('Failed to delete challenge');
+      }
     }
   };
 
   const getUserById = (userId) => dummyUsers.find(user => user.id === userId);
   const getTeamById = (teamId) => dummyTeams.find(team => team.id === teamId);
 
-  if (!challenge) {
-    return <div>Challenge not found</div>;
-  }
+  if (loading) return <div>Loading...</div>;
+  if (error) return <div className="text-red-500">{error}</div>;
+  if (!challenge) return <div>Challenge not found</div>;
 
-  const correctSubmissions = challenge.submissions.filter(sub => sub.isCorrect);
-  const incorrectSubmissions = challenge.submissions.filter(sub => !sub.isCorrect);
+  // Using placeholder data instead of real submissions
+  const correctSubmissions = dummySubmissions.correct;
+  const incorrectSubmissions = dummySubmissions.incorrect;
 
   return (
     <div className="min-h-screen bg-gray-50 py-8">
       <div className="max-w-5xl mx-auto px-4">
-        {/* Header Section */}
+        <div className="flex justify-between items-center mb-6">
+          <h1 className="text-2xl font-bold">Challenge Details</h1>
+          <button
+            onClick={() => navigate('/admin/challenges')}
+            className="px-4 py-2 bg-gray-500 text-white rounded hover:bg-gray-600"
+          >
+            Back to Challenges
+          </button>
+        </div>
+
         <div className="bg-white rounded-xl shadow-sm p-8 mb-6">
           <div className="flex justify-between items-start mb-6">
-            <h1 className="text-4xl font-bold text-gray-900">{challenge.name}</h1>
+            <h1 className="text-4xl font-bold text-gray-900">{challenge.title}</h1>
             <div className="flex gap-3">
               <button
                 onClick={() => setShowEditModal(true)}
@@ -266,11 +382,7 @@ function ChallengeDetail() {
                 Edit Challenge
               </button>
               <button
-                onClick={() => {
-                  if (window.confirm('Are you sure you want to delete this challenge?')) {
-                    navigate('/admin/challenges');
-                  }
-                }}
+                onClick={handleDelete}
                 className="px-5 py-2.5 bg-red-500 text-white rounded-lg hover:bg-red-600 transition-colors"
               >
                 Delete Challenge
@@ -283,15 +395,15 @@ function ChallengeDetail() {
               {challenge.category}
             </span>
             <span className="px-4 py-2 bg-purple-100 text-purple-800 rounded-lg font-medium">
-              {challenge.type}
+              Standard
             </span>
             <span className="px-4 py-2 bg-green-100 text-green-800 rounded-lg font-medium">
-              {challenge.value} points
+              {challenge.max_points} points
             </span>
             <span className="px-4 py-2 bg-orange-100 text-orange-800 rounded-lg font-medium">
               {correctSubmissions.length} solves
             </span>
-            {challenge.isHidden && (
+            {challenge.is_hidden && (
               <span className="px-4 py-2 bg-yellow-100 text-yellow-800 rounded-lg font-medium">
                 Hidden
               </span>
@@ -299,15 +411,12 @@ function ChallengeDetail() {
           </div>
         </div>
 
-        {/* Content Sections */}
         <div className="grid grid-cols-1 gap-6">
-          {/* Description Section */}
           <div className="bg-white rounded-xl shadow-sm p-8">
             <h2 className="text-2xl font-bold text-gray-900 mb-4">Description</h2>
             <p className="text-gray-700 text-lg leading-relaxed">{challenge.description}</p>
           </div>
 
-          {/* Flag Section */}
           <div className="bg-white rounded-xl shadow-sm p-8">
             <h2 className="text-2xl font-bold text-gray-900 mb-4">Flag</h2>
             <div className="bg-gray-50 p-4 rounded-lg">
@@ -315,7 +424,6 @@ function ChallengeDetail() {
             </div>
           </div>
 
-          {/* Hints Section */}
           {challenge.hints && challenge.hints.length > 0 && (
             <div className="bg-white rounded-xl shadow-sm p-8">
               <h2 className="text-2xl font-bold text-gray-900 mb-4">Hints</h2>
@@ -335,20 +443,25 @@ function ChallengeDetail() {
             </div>
           )}
 
-          {/* Files Section */}
-          {challenge.files && challenge.files.length > 0 && (
+          {challenge.file_links && challenge.file_links.length > 0 && (
             <div className="bg-white rounded-xl shadow-sm p-8">
               <h2 className="text-2xl font-bold text-gray-900 mb-4">Files</h2>
-              <div className="grid gap-4">
-                {challenge.files.map(file => (
-                  <div key={file.id} className="flex items-center justify-between bg-gray-50 p-4 rounded-lg">
-                    <span className="font-medium text-gray-700">{file.name}</span>
+              <div className="space-y-2">
+                {challenge.file_links.map((link, index) => (
+                  <div key={index} className="flex items-center justify-between bg-gray-50 p-4 rounded-lg">
+                    <span className="font-medium text-gray-700">
+                      {link.split('/').pop() || link}
+                    </span>
                     <a
-                      href={file.path}
-                      download
-                      className="text-blue-500 hover:text-blue-600 font-medium"
+                      href={link}
+                      target="_blank"
+                      rel="noopener noreferrer"
+                      className="text-blue-500 hover:text-blue-600 font-medium flex items-center gap-2"
                     >
-                      Download
+                      <span>Open Link</span>
+                      <svg className="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                        <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M10 6H6a2 2 0 00-2 2v10a2 2 0 002 2h10a2 2 0 002-2v-4M14 4h6m0 0v6m0-6L10 14" />
+                      </svg>
                     </a>
                   </div>
                 ))}
@@ -356,11 +469,9 @@ function ChallengeDetail() {
             </div>
           )}
 
-          {/* Solves Section */}
           <div className="bg-white rounded-xl shadow-sm p-8">
-            <h2 className="text-2xl font-bold text-gray-900 mb-6">Submissions</h2>
+            <h2 className="text-2xl font-bold text-gray-900 mb-6">Submissions (Placeholder Data)</h2>
             
-            {/* Correct Submissions */}
             <div className="mb-8">
               <h3 className="text-xl font-semibold text-green-600 mb-4">
                 Correct Submissions ({correctSubmissions.length})
@@ -407,7 +518,6 @@ function ChallengeDetail() {
               </div>
             </div>
 
-            {/* Incorrect Submissions */}
             <div>
               <h3 className="text-xl font-semibold text-red-600 mb-4">
                 Incorrect Submissions ({incorrectSubmissions.length})
diff --git a/frontend/src/pages/admin/Challenges.jsx b/frontend/src/pages/admin/Challenges.jsx
index a974bd4..c1381d7 100644
--- a/frontend/src/pages/admin/Challenges.jsx
+++ b/frontend/src/pages/admin/Challenges.jsx
@@ -1,170 +1,64 @@
-import React, { useState } from 'react';
+import React, { useState, useEffect } from 'react';
 import { Link, useNavigate } from 'react-router-dom';
-import { dummyChallenges, getChallengeCategories, getChallengeTypes } from '../../data/dummyChallenges';
-
-function ChallengeFormModal({ challenges, onClose, onSave }) {
-  const [formData, setFormData] = useState({
-    category: '',
-    value: '',
-    isHidden: ''
-  });
-
-  const handleSubmit = (e) => {
-    e.preventDefault();
-    onSave(formData);
-    onClose();
-  };
-
-  return (
-    <div className="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center z-50">
-      <div className="bg-white p-6 rounded-lg w-96">
-        <h2 className="text-xl font-bold mb-4">
-          Edit Challenges ({challenges.length} selected)
-        </h2>
-        <form onSubmit={handleSubmit}>
-          <div className="space-y-4">
-            <div>
-              <label className="block mb-2 font-medium">Category</label>
-              <input
-                type="text"
-                className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-                value={formData.category}
-                onChange={(e) => setFormData({...formData, category: e.target.value})}
-                placeholder="Leave blank for no change"
-              />
-            </div>
-            <div>
-              <label className="block mb-2 font-medium">Value (Points)</label>
-              <input
-                type="number"
-                className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-                value={formData.value}
-                onChange={(e) => setFormData({...formData, value: e.target.value})}
-                placeholder="Leave blank for no change"
-              />
-            </div>
-            <div>
-              <label className="block mb-2 font-medium">Visibility</label>
-              <select
-                className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-                value={formData.isHidden}
-                onChange={(e) => setFormData({...formData, isHidden: e.target.value})}
-              >
-                <option value="">No Change</option>
-                <option value="false">Visible</option>
-                <option value="true">Hidden</option>
-              </select>
-            </div>
-          </div>
-          <div className="mt-6 flex justify-end space-x-2">
-            <button
-              type="button"
-              onClick={onClose}
-              className="px-4 py-2 border rounded-lg hover:bg-gray-50 transition-colors"
-            >
-              Cancel
-            </button>
-            <button
-              type="submit"
-              className="px-4 py-2 bg-blue-500 text-white rounded-lg hover:bg-blue-600 transition-colors"
-            >
-              Save Changes
-            </button>
-          </div>
-        </form>
-      </div>
-    </div>
-  );
-}
+import { getAdminChallenges, deleteChallenge } from '../../api/challenges';
 
 function Challenges() {
   const navigate = useNavigate();
-  const [challenges, setChallenges] = useState(dummyChallenges);
-  const [selectedChallenges, setSelectedChallenges] = useState([]);
+  const [challenges, setChallenges] = useState([]);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState(null);
   const [searchQuery, setSearchQuery] = useState('');
-  const [showModal, setShowModal] = useState(false);
 
-  const filteredChallenges = challenges.filter(challenge =>
-    challenge.name.toLowerCase().includes(searchQuery.toLowerCase())
-  );
+  useEffect(() => {
+    const fetchChallenges = async () => {
+      try {
+        const data = await getAdminChallenges();
+        setChallenges(data);
+      } catch (err) {
+        setError('Failed to fetch challenges');
+        console.error(err);
+      } finally {
+        setLoading(false);
+      }
+    };
 
-  const handleSelectChallenge = (id) => {
-    setSelectedChallenges(prev =>
-      prev.includes(id)
-        ? prev.filter(cId => cId !== id)
-        : [...prev, id]
-    );
-  };
+    fetchChallenges();
+  }, []);
 
-  const handleEditClick = () => {
-    if (selectedChallenges.length === 0) {
-      alert('Please select challenges to edit');
-      return;
+  const handleDelete = async (id) => {
+    if (window.confirm('Are you sure you want to delete this challenge?')) {
+      try {
+        await deleteChallenge(id);
+        // Remove from local state after successful deletion
+        setChallenges(challenges.filter(challenge => challenge.id !== id));
+      } catch (error) {
+        console.error('Error deleting challenge:', error);
+        alert('Failed to delete challenge');
+      }
     }
-    setShowModal(true);
   };
 
-  const handleDeleteChallenges = () => {
-    if (selectedChallenges.length === 0) {
-      alert('Please select challenges to delete');
-      return;
-    }
-    if (window.confirm(`Are you sure you want to delete ${selectedChallenges.length} challenge(s)?`)) {
-      setChallenges(challenges.filter(challenge => !selectedChallenges.includes(challenge.id)));
-      setSelectedChallenges([]);
-    }
-  };
+  const filteredChallenges = challenges.filter(challenge =>
+    challenge.title.toLowerCase().includes(searchQuery.toLowerCase())
+  );
 
-  const handleSaveChallenge = (challengeData) => {
-    setChallenges(challenges.map(challenge => {
-      if (!selectedChallenges.includes(challenge.id)) return challenge;
-      return {
-        ...challenge,
-        ...(challengeData.category && { category: challengeData.category }),
-        ...(challengeData.value && { value: parseInt(challengeData.value) }),
-        ...(challengeData.isHidden !== '' && { isHidden: challengeData.isHidden === 'true' })
-      };
-    }));
-    setShowModal(false);
-    setSelectedChallenges([]);
-  };
+  if (loading) return <div>Loading...</div>;
+  if (error) return <div className="text-red-500">{error}</div>;
 
   return (
     <div className="p-6">
       <div className="mb-6">
         <div className="flex justify-between items-center">
           <h1 className="text-2xl font-bold">Challenges</h1>
-          <div className="flex space-x-3">
-            <Link
-              to="/admin/challenges/create"
-              className="px-4 py-2 bg-green-500 text-white rounded-lg hover:bg-green-600 transition-colors flex items-center"
-            >
-              <svg className="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M12 4v16m8-8H4" />
-              </svg>
-              Create Challenge
-            </Link>
-            <button
-              onClick={handleEditClick}
-              className="px-4 py-2 bg-blue-500 text-white rounded-lg hover:bg-blue-600 transition-colors flex items-center"
-              disabled={selectedChallenges.length === 0}
-            >
-              <svg className="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
-              </svg>
-              Edit Selected
-            </button>
-            <button
-              onClick={handleDeleteChallenges}
-              className="px-4 py-2 bg-red-500 text-white rounded-lg hover:bg-red-600 transition-colors flex items-center"
-              disabled={selectedChallenges.length === 0}
-            >
-              <svg className="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
-              </svg>
-              Delete Selected
-            </button>
-          </div>
+          <Link
+            to="/admin/challenges/create"
+            className="px-4 py-2 bg-green-500 text-white rounded-lg hover:bg-green-600 transition-colors flex items-center"
+          >
+            <svg className="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M12 4v16m8-8H4" />
+            </svg>
+            Create Challenge
+          </Link>
         </div>
       </div>
 
@@ -172,7 +66,7 @@ function Challenges() {
         <div className="relative">
           <input
             type="text"
-            placeholder="Search challenges by name..."
+            placeholder="Search challenges by title..."
             value={searchQuery}
             onChange={(e) => setSearchQuery(e.target.value)}
             className="w-full px-4 py-2 pl-10 pr-4 border rounded-lg focus:outline-none focus:ring-2 focus:ring-blue-500"
@@ -199,69 +93,51 @@ function Challenges() {
         <table className="min-w-full bg-white">
           <thead>
             <tr className="bg-gray-100">
-              <th className="w-12 px-4 py-2 text-center">
-                <input
-                  type="checkbox"
-                  onChange={(e) => {
-                    if (e.target.checked) {
-                      setSelectedChallenges(filteredChallenges.map(challenge => challenge.id));
-                    } else {
-                      setSelectedChallenges([]);
-                    }
-                  }}
-                  checked={selectedChallenges.length === filteredChallenges.length}
-                />
-              </th>
               <th className="px-4 py-2 text-left">ID</th>
-              <th className="px-4 py-2 text-left">Name</th>
+              <th className="px-4 py-2 text-left">Title</th>
               <th className="px-4 py-2 text-left">Category</th>
-              <th className="px-4 py-2 text-left">Type</th>
-              <th className="px-4 py-2 text-center">Value</th>
+              <th className="px-4 py-2 text-center">Points</th>
               <th className="w-24 px-4 py-2 text-center">Hidden</th>
+              <th className="w-24 px-4 py-2 text-center">Actions</th>
             </tr>
           </thead>
           <tbody>
             {filteredChallenges.map(challenge => (
               <tr key={challenge.id} className="border-t">
-                <td className="px-4 py-2 text-center">
-                  <input
-                    type="checkbox"
-                    checked={selectedChallenges.includes(challenge.id)}
-                    onChange={() => handleSelectChallenge(challenge.id)}
-                  />
-                </td>
                 <td className="px-4 py-2">{challenge.id}</td>
                 <td className="px-4 py-2">
                   <Link 
                     to={`/admin/challenges/${challenge.id}`}
                     className="text-blue-500 hover:underline"
                   >
-                    {challenge.name}
+                    {challenge.title}
                   </Link>
                 </td>
                 <td className="px-4 py-2">{challenge.category}</td>
-                <td className="px-4 py-2">{challenge.type}</td>
-                <td className="px-4 py-2 text-center">{challenge.value}</td>
+                <td className="px-4 py-2 text-center">{challenge.max_points}</td>
                 <td className="px-4 py-2 text-center">
-                  {challenge.isHidden && (
+                  {challenge.is_hidden && (
                     <span className="inline-block px-2.5 py-0.5 rounded-full text-xs font-medium bg-yellow-100 text-yellow-800">
                       Hidden
                     </span>
                   )}
                 </td>
+                <td className="px-4 py-2 text-center">
+                  <button
+                    onClick={() => handleDelete(challenge.id)}
+                    className="text-red-500 hover:text-red-700"
+                    title="Delete Challenge"
+                  >
+                    <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                      <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16" />
+                    </svg>
+                  </button>
+                </td>
               </tr>
             ))}
           </tbody>
         </table>
       </div>
-
-      {showModal && (
-        <ChallengeFormModal
-          challenges={challenges.filter(challenge => selectedChallenges.includes(challenge.id))}
-          onClose={() => setShowModal(false)}
-          onSave={handleSaveChallenge}
-        />
-      )}
     </div>
   );
 }
diff --git a/frontend/src/pages/admin/CreateChallenge.jsx b/frontend/src/pages/admin/CreateChallenge.jsx
index cec92fe..4afc3b2 100644
--- a/frontend/src/pages/admin/CreateChallenge.jsx
+++ b/frontend/src/pages/admin/CreateChallenge.jsx
@@ -1,354 +1,289 @@
 import React, { useState } from 'react';
 import { useNavigate } from 'react-router-dom';
-import { getChallengeTypes } from '../../data/dummyChallenges';
+import { createChallenge } from '../../api/challenges';
 
 function CreateChallenge() {
   const navigate = useNavigate();
-  const [selectedType, setSelectedType] = useState('standard');
   const [formData, setFormData] = useState({
-    name: '',
-    category: '',
-    message: '',
-    value: '',
+    title: '',
+    description: '',
+    category: 'web',
+    docker_image: '',
     flag: '',
-    caseSensitive: true,
-    isHidden: false,
-    files: [],
-    // Code specific
-    language: '',
-    version: '',
-    // Dynamic specific
-    decayFunction: 'linear',
-    decayValue: '',
-    minimumValue: ''
+    max_points: '',
+    max_team_size: 3,
+    is_hidden: false,
+    hints: [],
+    file_links: []
   });
-  const [hints, setHints] = useState([
-    { id: Date.now(), content: '', cost: 0 }
-  ]);
 
-  const programmingLanguages = [
-    { name: 'Python', versions: ['3.8', '3.9', '3.10', '3.11'] },
-    { name: 'JavaScript', versions: ['Node 16', 'Node 18', 'Node 20'] },
-    { name: 'Java', versions: ['11', '17', '21'] },
-    { name: 'C++', versions: ['C++17', 'C++20'] }
+  const [error, setError] = useState('');
+  const [loading, setLoading] = useState(false);
+
+  const categoryOptions = [
+    'web',
+    'crypto',
+    'pwn',
+    'reverse',
+    'forensics',
+    'misc'
   ];
 
-  const handleSubmit = (e) => {
+  const handleSubmit = async (e) => {
     e.preventDefault();
-    // In a real app, this would be an API call
-    const newId = Math.floor(Math.random() * 10000) + 1;
-    navigate(`/admin/challenges/${newId}`);
-  };
-
-  const addHint = () => {
-    setHints([...hints, { id: Date.now(), content: '', cost: 0 }]);
-  };
+    setError('');
+    setLoading(true);
 
-  const removeHint = (hintId) => {
-    setHints(hints.filter(hint => hint.id !== hintId));
-  };
+    try {
+      const challengeData = {
+        title: formData.title.trim(),
+        description: formData.description.trim(),
+        category: formData.category,
+        docker_image: formData.docker_image.trim(),
+        flag: formData.flag.trim(),
+        max_points: parseInt(formData.max_points),
+        max_team_size: 3,
+        is_hidden: formData.is_hidden,
+        hints: formData.hints.map(hint => ({
+          content: hint.content.trim(),
+          cost: parseInt(hint.cost)
+        })),
+        file_links: formData.file_links.filter(link => link.trim() !== '')
+      };
 
-  const updateHint = (hintId, field, value) => {
-    setHints(hints.map(hint => 
-      hint.id === hintId ? { ...hint, [field]: value } : hint
-    ));
+      const response = await createChallenge(challengeData);
+      console.log('Challenge created:', response);
+      navigate(`/admin/challenges/${response.challenge_id}`);
+    } catch (error) {
+      console.error('Error creating challenge:', error);
+      setError(error.response?.data?.error || 'Failed to create challenge');
+    } finally {
+      setLoading(false);
+    }
   };
 
-  const renderHints = () => (
-    <div className="bg-white p-6 rounded-lg shadow-md">
-      <div className="flex justify-between items-center mb-4">
-        <h3 className="text-lg font-medium">Hints</h3>
-        <button
-          type="button"
-          onClick={addHint}
-          className="px-4 py-2 bg-green-500 text-white rounded-lg hover:bg-green-600 transition-colors flex items-center"
-        >
-          <svg className="w-4 h-4 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-            <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M12 4v16m8-8H4" />
-          </svg>
-          Add Hint
-        </button>
-      </div>
+  return (
+    <div className="max-w-4xl mx-auto p-6">
+      <h1 className="text-2xl font-bold mb-6">Create Challenge</h1>
       
-      <div className="space-y-4">
-        {hints.map((hint, index) => (
-          <div key={hint.id} className="bg-gray-50 p-4 rounded-lg border border-gray-200">
-            <div className="flex justify-between items-center mb-3">
-              <span className="font-medium text-gray-700">Hint {index + 1}</span>
-              <button
-                type="button"
-                onClick={() => removeHint(hint.id)}
-                className="text-red-500 hover:text-red-700"
-              >
-                <svg className="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" d="M6 18L18 6M6 6l12 12" />
-                </svg>
-              </button>
-            </div>
-            <div className="grid grid-cols-3 gap-4">
-              <div className="col-span-2">
-                <label className="block text-sm font-medium mb-1 text-gray-700">Content</label>
-                <textarea
-                  className="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-                  value={hint.content}
-                  onChange={(e) => updateHint(hint.id, 'content', e.target.value)}
-                  placeholder="Enter hint content"
-                  rows={2}
-                />
-              </div>
-              <div>
-                <label className="block text-sm font-medium mb-1 text-gray-700">Cost</label>
-                <input
-                  type="number"
-                  className="w-full border rounded-lg px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-                  value={hint.cost}
-                  onChange={(e) => updateHint(hint.id, 'cost', parseInt(e.target.value) || 0)}
-                  placeholder="Points"
-                  min="0"
-                />
-              </div>
-            </div>
-          </div>
-        ))}
-      </div>
-    </div>
-  );
-
-  const renderStandardForm = () => (
-    <div className="space-y-6">
-      <div className="bg-white p-6 rounded-lg shadow-md space-y-6">
-        <div>
-          <label className="block mb-2 font-medium">Name</label>
-          <input
-            type="text"
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            value={formData.name}
-            onChange={(e) => setFormData({...formData, name: e.target.value})}
-            placeholder="Enter challenge name"
-            required
-          />
-        </div>
-        <div>
-          <label className="block mb-2 font-medium">Category</label>
-          <input
-            type="text"
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            value={formData.category}
-            onChange={(e) => setFormData({...formData, category: e.target.value})}
-            placeholder="Enter challenge category"
-            required
-          />
+      {error && (
+        <div className="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded mb-4">
+          {error}
         </div>
-        <div>
-          <label className="block mb-2 font-medium">Description</label>
-          <textarea
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            value={formData.message}
-            onChange={(e) => setFormData({...formData, message: e.target.value})}
-            placeholder="Challenge description"
-            rows={4}
-            required
-          />
-        </div>
-        <div>
-          <label className="block mb-2 font-medium">Value</label>
-          <input
-            type="number"
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            value={formData.value}
-            onChange={(e) => setFormData({...formData, value: e.target.value})}
-            placeholder="Enter point value"
-            required
-          />
-        </div>
-        <div>
-          <label className="block mb-2 font-medium">Flag</label>
-          <input
-            type="text"
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            value={formData.flag}
-            onChange={(e) => setFormData({...formData, flag: e.target.value})}
-            placeholder="Enter flag"
-            required
-          />
-          <div className="mt-2">
-            <label className="inline-flex items-center">
-              <input
-                type="checkbox"
-                className="form-checkbox"
-                checked={formData.caseSensitive}
-                onChange={(e) => setFormData({...formData, caseSensitive: e.target.checked})}
-              />
-              <span className="ml-2">Case Sensitive</span>
-            </label>
-          </div>
-        </div>
-        <div>
-          <label className="block mb-2 font-medium">Files</label>
-          <input
-            type="file"
-            multiple
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            onChange={(e) => setFormData({...formData, files: Array.from(e.target.files)})}
-          />
-        </div>
-        <div>
-          <label className="inline-flex items-center">
+      )}
+
+      <form onSubmit={handleSubmit} className="space-y-6">
+        <div className="bg-white p-6 rounded-lg shadow-md space-y-6">
+          <div>
+            <label className="block mb-2 font-medium">Title</label>
             <input
-              type="checkbox"
-              className="form-checkbox"
-              checked={formData.isHidden}
-              onChange={(e) => setFormData({...formData, isHidden: e.target.checked})}
+              type="text"
+              value={formData.title}
+              onChange={(e) => setFormData({...formData, title: e.target.value})}
+              className="w-full border rounded-lg px-4 py-2"
+              maxLength={200}
+              required
             />
-            <span className="ml-2">Hidden</span>
-          </label>
-        </div>
-      </div>
-      {renderHints()}
-    </div>
-  );
+          </div>
 
-  const renderCodeForm = () => (
-    <div className="space-y-6">
-      {renderStandardForm()}
-      <div className="bg-white p-6 rounded-lg shadow-md space-y-6">
-        <div>
-          <label className="block mb-2 font-medium">Programming Language</label>
-          <select
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            value={formData.language}
-            onChange={(e) => setFormData({...formData, language: e.target.value})}
-            required
-          >
-            <option value="">Select Language</option>
-            {programmingLanguages.map(lang => (
-              <option key={lang.name} value={lang.name}>{lang.name}</option>
-            ))}
-          </select>
-        </div>
-        {formData.language && (
           <div>
-            <label className="block mb-2 font-medium">Version</label>
+            <label className="block mb-2 font-medium">Category</label>
             <select
-              className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-              value={formData.version}
-              onChange={(e) => setFormData({...formData, version: e.target.value})}
+              value={formData.category}
+              onChange={(e) => setFormData({...formData, category: e.target.value})}
+              className="w-full border rounded-lg px-4 py-2"
               required
             >
-              <option value="">Select Version</option>
-              {programmingLanguages
-                .find(lang => lang.name === formData.language)
-                ?.versions.map(version => (
-                  <option key={version} value={version}>{version}</option>
-                ))
-              }
+              {categoryOptions.map(cat => (
+                <option key={cat} value={cat}>
+                  {cat.charAt(0).toUpperCase() + cat.slice(1)}
+                </option>
+              ))}
             </select>
           </div>
-        )}
-      </div>
-    </div>
-  );
 
-  const renderDynamicForm = () => (
-    <div className="space-y-6">
-      {renderStandardForm()}
-      <div className="bg-white p-6 rounded-lg shadow-md space-y-6">
-        <div>
-          <label className="block mb-2 font-medium">Decay Function</label>
-          <select
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            value={formData.decayFunction}
-            onChange={(e) => setFormData({...formData, decayFunction: e.target.value})}
-            required
-          >
-            <option value="linear">Linear</option>
-            <option value="logarithmic">Logarithmic</option>
-          </select>
-          <p className="text-sm text-gray-600 mt-1">
-            {formData.decayFunction === 'linear' 
-              ? 'Calculated as Initial - (Decay * SolveCount)'
-              : 'Calculated as (((Minimum - Initial) / (Decay^2)) * (SolveCount^2)) + Initial'}
-          </p>
-        </div>
-        <div>
-          <label className="block mb-2 font-medium">Decay Value</label>
-          <input
-            type="number"
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            value={formData.decayValue}
-            onChange={(e) => setFormData({...formData, decayValue: e.target.value})}
-            placeholder="Enter decay value"
-            required
-          />
-          <p className="text-sm text-gray-600 mt-1">
-            {formData.decayFunction === 'linear'
-              ? 'The amount of points deducted per solve. Equal deduction per solve.'
-              : 'The amount of solves before the challenge reaches its minimum value.'}
-          </p>
-        </div>
-        <div>
-          <label className="block mb-2 font-medium">Minimum Value</label>
-          <input
-            type="number"
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500"
-            value={formData.minimumValue}
-            onChange={(e) => setFormData({...formData, minimumValue: e.target.value})}
-            placeholder="Enter minimum value"
-            required
-          />
-        </div>
-      </div>
-    </div>
-  );
+          <div>
+            <label className="block mb-2 font-medium">Description</label>
+            <textarea
+              value={formData.description}
+              onChange={(e) => setFormData({...formData, description: e.target.value})}
+              className="w-full border rounded-lg px-4 py-2"
+              rows={4}
+              required
+            />
+          </div>
 
-  return (
-    <div className="max-w-4xl mx-auto p-6">
-      <div className="mb-6">
-        <h1 className="text-2xl font-bold mb-6">Create Challenge</h1>
-        
-        <div className="bg-white p-6 rounded-lg shadow-md mb-6">
-          <label className="block mb-2 font-medium">Challenge Type</label>
-          <div className="grid grid-cols-5 gap-2">
-            {getChallengeTypes().map(type => (
+          <div>
+            <label className="block mb-2 font-medium">Docker Image</label>
+            <input
+              type="text"
+              value={formData.docker_image}
+              onChange={(e) => setFormData({...formData, docker_image: e.target.value})}
+              className="w-full border rounded-lg px-4 py-2"
+              maxLength={200}
+              required
+            />
+          </div>
+
+          <div>
+            <label className="block mb-2 font-medium">Points</label>
+            <input
+              type="number"
+              value={formData.max_points}
+              onChange={(e) => setFormData({...formData, max_points: e.target.value})}
+              className="w-full border rounded-lg px-4 py-2"
+              min="0"
+              required
+            />
+          </div>
+
+          <div>
+            <label className="block mb-2 font-medium">Flag</label>
+            <input
+              type="text"
+              value={formData.flag}
+              onChange={(e) => setFormData({...formData, flag: e.target.value})}
+              className="w-full border rounded-lg px-4 py-2"
+              maxLength={200}
+              required
+            />
+          </div>
+
+          <div>
+            <label className="flex items-center">
+              <input
+                type="checkbox"
+                checked={formData.is_hidden}
+                onChange={(e) => setFormData({...formData, is_hidden: e.target.checked})}
+                className="mr-2"
+              />
+              <span>Hidden Challenge</span>
+            </label>
+          </div>
+
+          <div>
+            <label className="block mb-2 font-medium">File Links</label>
+            <div className="space-y-2">
+              {formData.file_links.map((link, index) => (
+                <div key={index} className="flex gap-2">
+                  <input
+                    type="text"
+                    value={link}
+                    onChange={(e) => {
+                      const newLinks = [...formData.file_links];
+                      newLinks[index] = e.target.value;
+                      setFormData({...formData, file_links: newLinks});
+                    }}
+                    className="flex-grow border rounded-lg px-4 py-2"
+                    placeholder="Enter file link URL"
+                  />
+                  <button
+                    type="button"
+                    onClick={() => {
+                      const newLinks = formData.file_links.filter((_, i) => i !== index);
+                      setFormData({...formData, file_links: newLinks});
+                    }}
+                    className="px-3 py-2 bg-red-500 text-white rounded-lg"
+                  >
+                    Remove
+                  </button>
+                </div>
+              ))}
               <button
-                key={type}
-                onClick={() => setSelectedType(type)}
-                className={`p-2 rounded-lg text-center ${
-                  selectedType === type
-                    ? 'bg-blue-500 text-white'
-                    : 'bg-gray-100 hover:bg-gray-200'
-                }`}
+                type="button"
+                onClick={() => setFormData({
+                  ...formData,
+                  file_links: [...formData.file_links, '']
+                })}
+                className="px-4 py-2 bg-green-500 text-white rounded-lg"
               >
-                {type}
+                Add File Link
               </button>
-            ))}
+            </div>
           </div>
-        </div>
 
-        <form onSubmit={handleSubmit}>
-          {selectedType === 'standard' && renderStandardForm()}
-          {selectedType === 'code' && renderCodeForm()}
-          {selectedType === 'dynamic' && renderDynamicForm()}
-          {selectedType === 'manual_verification' && renderStandardForm()}
-          {selectedType === 'multiple_choice' && renderStandardForm()}
-
-          <div className="mt-6 flex justify-end space-x-2">
-            <button
-              type="button"
-              onClick={() => navigate('/admin/challenges')}
-              className="px-4 py-2 border rounded-lg hover:bg-gray-50 transition-colors"
-            >
-              Cancel
-            </button>
-            <button
-              type="submit"
-              className="px-4 py-2 bg-blue-500 text-white rounded-lg hover:bg-blue-600 transition-colors"
-            >
-              Create Challenge
-            </button>
+          <div>
+            <label className="block mb-2 font-medium">Hints</label>
+            <div className="space-y-4">
+              {formData.hints.map((hint, index) => (
+                <div key={index} className="bg-gray-50 p-4 rounded-lg">
+                  <div className="flex justify-between items-center mb-2">
+                    <span className="font-medium">Hint {index + 1}</span>
+                    <button
+                      type="button"
+                      onClick={() => {
+                        const newHints = formData.hints.filter((_, i) => i !== index);
+                        setFormData({...formData, hints: newHints});
+                      }}
+                      className="text-red-500"
+                    >
+                      Remove
+                    </button>
+                  </div>
+                  <div className="grid grid-cols-3 gap-4">
+                    <div className="col-span-2">
+                      <input
+                        type="text"
+                        value={hint.content}
+                        onChange={(e) => {
+                          const newHints = [...formData.hints];
+                          newHints[index] = { ...hint, content: e.target.value };
+                          setFormData({...formData, hints: newHints});
+                        }}
+                        className="w-full border rounded-lg px-4 py-2"
+                        placeholder="Hint content"
+                      />
+                    </div>
+                    <div>
+                      <input
+                        type="number"
+                        value={hint.cost}
+                        onChange={(e) => {
+                          const newHints = [...formData.hints];
+                          newHints[index] = { ...hint, cost: parseInt(e.target.value) };
+                          setFormData({...formData, hints: newHints});
+                        }}
+                        className="w-full border rounded-lg px-4 py-2"
+                        placeholder="Cost"
+                        min="0"
+                      />
+                    </div>
+                  </div>
+                </div>
+              ))}
+              <button
+                type="button"
+                onClick={() => setFormData({
+                  ...formData,
+                  hints: [...formData.hints, { content: '', cost: 0 }]
+                })}
+                className="px-4 py-2 bg-green-500 text-white rounded-lg"
+              >
+                Add Hint
+              </button>
+            </div>
           </div>
-        </form>
-      </div>
+        </div>
+
+        <div className="flex justify-end gap-4">
+          <button
+            type="button"
+            onClick={() => navigate('/admin/challenges')}
+            className="px-6 py-2 border rounded-lg hover:bg-gray-50"
+          >
+            Cancel
+          </button>
+          <button
+            type="submit"
+            disabled={loading}
+            className={`px-6 py-2 bg-blue-500 text-white rounded-lg hover:bg-blue-600 ${
+              loading ? 'opacity-50 cursor-not-allowed' : ''
+            }`}
+          >
+            {loading ? 'Creating...' : 'Create Challenge'}
+          </button>
+        </div>
+      </form>
     </div>
   );
 }
diff --git a/frontend/src/pages/user/UserProfile.jsx b/frontend/src/pages/user/UserProfile.jsx
index a5c6c06..d2af199 100644
--- a/frontend/src/pages/user/UserProfile.jsx
+++ b/frontend/src/pages/user/UserProfile.jsx
@@ -1,117 +1,63 @@
 import React, { useState, useEffect } from 'react';
 import { useAuth } from '../../hooks/useAuth';
-import { updateUserInfo, getTeamHistory, leaveTeam } from '../../api/user';
+import { getTeamHistory } from '../../api/user';
 
 function UserProfile() {
-  const { user, setUser } = useAuth();
-  const [username, setUsername] = useState(user.username);
-  const [email, setEmail] = useState(user.email);
+  const { user } = useAuth();
   const [teamHistory, setTeamHistory] = useState(null);
-  const [isEditing, setIsEditing] = useState(false);
+  const [error, setError] = useState('');
+  const [loading, setLoading] = useState(true);
 
   useEffect(() => {
-    const fetchTeamHistory = async () => {
-      try {
-        const history = await getTeamHistory(user.token);
-        setTeamHistory(history);
-      } catch (error) {
-        console.error('Failed to fetch team history:', error);
-      }
-    };
-
     fetchTeamHistory();
-  }, [user.token]);
+  }, []);
 
-  const handleUpdateInfo = async () => {
+  const fetchTeamHistory = async () => {
     try {
-      const updatedUser = await updateUserInfo({ username, email }, user.token);
-      setUser(updatedUser);
-      setIsEditing(false);
-      alert('Profile updated successfully!');
+      const history = await getTeamHistory();
+      setTeamHistory(history);
+      setLoading(false);
     } catch (error) {
-      console.error('Failed to update profile:', error);
-      alert('Failed to update profile. Please try again.');
+      console.error('Failed to fetch team history:', error);
+      setError('Failed to load team history');
+      setLoading(false);
     }
   };
 
-  const handleLeaveTeam = async () => {
-    try {
-      await leaveTeam(user.token);
-      setUser({ ...user, teamId: null, team: null });
-      setTeamHistory(null);
-      alert('You have left the team.');
-    } catch (error) {
-      console.error('Failed to leave team:', error);
-      alert('Failed to leave the team. Please try again.');
-    }
-  };
+  if (loading) return <div>Loading...</div>;
+  if (error) return <div className="text-red-500">{error}</div>;
 
   return (
     <div className="max-w-4xl mx-auto p-4 sm:p-6 lg:p-8">
-      <h1 className="text-3xl font-bold mb-6 text-gray-800">User Profile</h1>
-      <div className="bg-white p-6 rounded-lg shadow-lg mb-8 transition-all duration-300 hover:shadow-xl">
+      <h1 className="text-3xl font-bold mb-6 text-gray-800">Team Profile</h1>
+      <div className="bg-white p-6 rounded-lg shadow-lg mb-8">
+        <div className="mb-6">
+          <label className="block mb-2 font-semibold text-gray-700">Team Name</label>
+          <div className="text-xl">{user.teamName}</div>
+        </div>
         <div className="mb-6">
-          <label className="block mb-2 font-semibold text-gray-700">Username</label>
-          <input
-            type="text"
-            value={username}
-            onChange={(e) => setUsername(e.target.value)}
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500 transition-all duration-300"
-            disabled={!isEditing}
-          />
+          <label className="block mb-2 font-semibold text-gray-700">Team Email</label>
+          <div className="text-xl">{user.teamEmail}</div>
         </div>
         <div className="mb-6">
-          <label className="block mb-2 font-semibold text-gray-700">Email</label>
-          <input
-            type="email"
-            value={email}
-            onChange={(e) => setEmail(e.target.value)}
-            className="w-full border rounded-lg px-4 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500 transition-all duration-300"
-            disabled={!isEditing}
-          />
+          <label className="block mb-2 font-semibold text-gray-700">Team Members</label>
+          <div className="text-xl">{user.memberEmails.join(', ')}</div>
         </div>
-        {isEditing ? (
-          <button
-            onClick={handleUpdateInfo}
-            className="px-6 py-2 bg-blue-500 text-white rounded-lg hover:bg-blue-600 transition-colors duration-300 focus:outline-none focus:ring-2 focus:ring-blue-500 focus:ring-opacity-50"
-          >
-            Confirm Changes
-          </button>
-        ) : (
-          <button
-            onClick={() => setIsEditing(true)}
-            className="px-6 py-2 bg-gray-500 text-white rounded-lg hover:bg-gray-600 transition-colors duration-300 focus:outline-none focus:ring-2 focus:ring-gray-500 focus:ring-opacity-50"
-          >
-            Edit Profile
-          </button>
-        )}
       </div>
 
       {teamHistory && (
-        <div className="bg-white p-6 rounded-lg shadow-lg transition-all duration-300 hover:shadow-xl">
-          <h2 className="text-2xl font-bold mb-4 text-gray-800">Team Information</h2>
-          <div className="flex flex-wrap items-center justify-between mb-4">
-            <div className="flex items-center space-x-4 mb-2 sm:mb-0">
-              <p className="text-lg">
-                <span className="font-semibold">Team:</span> {teamHistory.teamName}
-              </p>
-              <button
-                onClick={handleLeaveTeam}
-                className="px-4 py-1 bg-red-500 text-white text-sm rounded-lg hover:bg-red-600 transition-colors duration-300 focus:outline-none focus:ring-2 focus:ring-red-500 focus:ring-opacity-50"
-              >
-                Leave Team
-              </button>
-            </div>
-          </div>
+        <div className="bg-white p-6 rounded-lg shadow-lg">
+          <h2 className="text-2xl font-bold mb-4 text-gray-800">Team History</h2>
           <div className="bg-blue-100 p-3 rounded-lg mb-6">
             <p className="text-lg text-blue-800">
               <span className="font-semibold">Score:</span> {teamHistory.teamScore}
             </p>
           </div>
+          
           <h3 className="text-xl font-semibold mb-4 text-gray-800">Submissions:</h3>
           <ul className="space-y-2">
             {teamHistory.submissions.map((submission) => (
-              <li key={submission.id} className="bg-gray-100 p-3 rounded-lg transition-all duration-300 hover:bg-gray-200">
+              <li key={submission.id} className="bg-gray-100 p-3 rounded-lg">
                 <span className="font-semibold">{submission.challengeName}</span> - {submission.points} points
                 <span className="block text-sm text-gray-600 mt-1">{submission.solvedAt}</span>
               </li>

From fcf2ff91a1be1fac641f793ce7ae1d9f6ac7ff65 Mon Sep 17 00:00:00 2001
From: spkap <sourabhkapure@gmail.com>
Date: Mon, 20 Jan 2025 20:07:05 +0530
Subject: [PATCH 3/7] Fix inconsistencies

---
 .gitignore                      | 3 +--
 backend/Dockerfile              | 2 +-
 backend/atlas_backend/models.py | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7fdaa38..87df992 100644
--- a/.gitignore
+++ b/.gitignore
@@ -81,5 +81,4 @@ test-report.xml
 .DS_Store
 Thumbs.db
 ehthumbs.db
-Desktop.ini
-codebase_review.txt
+Desktop.ini
\ No newline at end of file
diff --git a/backend/Dockerfile b/backend/Dockerfile
index ddc227d..f353394 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,5 +1,5 @@
 # Use Python base image
-FROM python:3.12
+FROM python:3.12-slim
 
 # Set environment variables
 ENV PYTHONDONTWRITEBYTECODE=1
diff --git a/backend/atlas_backend/models.py b/backend/atlas_backend/models.py
index f85b146..8dfe53e 100644
--- a/backend/atlas_backend/models.py
+++ b/backend/atlas_backend/models.py
@@ -124,7 +124,7 @@ class Submission(models.Model):
     timestamp = models.DateTimeField(auto_now_add=True)
 
     class Meta:
-        unique_together = ("team", "challenge")
+        unique_together = ("team", "challenge", "attempt_number")
         ordering = ["-timestamp"]
 
     def __str__(self):

From dd818c4e011f5398f9cb2a13c17e40163437879f Mon Sep 17 00:00:00 2001
From: Vatsal <vjg239@gmail.com>
Date: Wed, 22 Jan 2025 23:48:22 +0530
Subject: [PATCH 4/7] Fix : Make required changes

---
 README.md                            |  8 ++++-
 backend/atlas_backend/serializers.py |  5 +--
 backend/atlas_backend/urls.py        | 14 ++++----
 backend/atlas_backend/views.py       | 50 ++++++++++++++++++++++++----
 frontend/src/api/auth.js             |  2 +-
 frontend/src/api/challenges.js       | 10 +++---
 6 files changed, 67 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index ba1c770..e0cf717 100644
--- a/README.md
+++ b/README.md
@@ -29,9 +29,15 @@ Atlas is an open-source platform for hosting CTF competitions, utilizing dynamic
 3. Build and run the docker containers
    
    ```bash
-   docker-compose up --build
+   docker compose up --build
    ```
 
+4. For admin panel
+    ```bash
+    docker exec -it atlas_backend python manage.py createsuperuser
+    ```
+    The corresponding email and the password would be used for logging in to admin panel and use its functionality. 
+
 ## Coding Guidelines
 
 ### Comments
diff --git a/backend/atlas_backend/serializers.py b/backend/atlas_backend/serializers.py
index 1a2929c..d0735e3 100644
--- a/backend/atlas_backend/serializers.py
+++ b/backend/atlas_backend/serializers.py
@@ -2,9 +2,10 @@
 from .models import User, Challenge, Team, Submission, Container
 
 class UserSerializer(serializers.ModelSerializer):
+    team_name = serializers.CharField(source='team.name',read_only=True)
     class Meta:
         model = User
-        fields = ['id', 'username', 'email', 'team']
+        fields = ['id', 'username', 'email', 'team', 'team_name']
 
 class SignupSerializer(serializers.ModelSerializer):
     class Meta:
@@ -20,7 +21,7 @@ class ChallengeSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = Challenge
-        fields = ['id', 'name', 'description', 'points', 'category', 
+        fields = ['id', 'title', 'description', 'max_points', 'category', 
                  'difficulty', 'is_solved']
 
     def get_is_solved(self, obj):
diff --git a/backend/atlas_backend/urls.py b/backend/atlas_backend/urls.py
index 7445bee..d2014dd 100644
--- a/backend/atlas_backend/urls.py
+++ b/backend/atlas_backend/urls.py
@@ -5,7 +5,7 @@
 
 urlpatterns = [
     # Auth routes
-    path('auth/register', views.signup, name='signup'),
+    path('auth/signup', views.signup, name='signup'),
     path('auth/login', views.signin, name='signin'),
     path('auth/refresh', views.token_refresh, name='token_refresh'),
     
@@ -19,15 +19,15 @@
     
     # Scoreboard route
     path('scoreboard', views.get_scoreboard, name='get_scoreboard'),
-    path('auth/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
+    # path('auth/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
 
     # Admin routes
     path('auth/admin/login', views.admin_login, name='admin_login'),
-    path('challenges/admin', views.admin_get_challenges, name='admin_get_challenges'),
-    path('challenges/create', views.create_challenge, name='create_challenge'),
-    path('challenges/<int:challenge_id>/update', views.update_challenge, name='update_challenge'),
-    path('challenges/<int:challenge_id>/delete', views.delete_challenge, name='delete_challenge'),
-    path('challenges/<int:challenge_id>', views.get_challenge_detail, name='get_challenge_by_id'),
+    path('api/admin/challenges', views.admin_get_challenges, name='admin_get_challenges'),
+    path('api/admin/challenges/create', views.create_challenge, name='create_challenge'),
+    path('api/admin/challenges/<int:challenge_id>/update', views.update_challenge, name='update_challenge'),
+    path('api/admin/challenges/<int:challenge_id>/delete', views.delete_challenge, name='delete_challenge'),
+    path('api/admin/challenges/<int:challenge_id>', views.get_challenge_detail, name='get_challenge_by_id'),
 
 
 ]
diff --git a/backend/atlas_backend/views.py b/backend/atlas_backend/views.py
index 2253391..6ad685f 100644
--- a/backend/atlas_backend/views.py
+++ b/backend/atlas_backend/views.py
@@ -8,6 +8,7 @@
 import jwt
 from django.core.mail import send_mail
 from django.contrib.auth.hashers import make_password, check_password
+import re
 
 from rest_framework import status
 from rest_framework.decorators import api_view, permission_classes
@@ -26,14 +27,48 @@
 @permission_classes([AllowAny])
 def signup(request):
     data = request.data
+    
+    # Required fields validation
+    required_fields = ['teamName', 'teamEmail', 'password', 'member1Name', 'member1Email']
+    for field in required_fields:
+        if not data.get(field):
+            return Response(
+                {'error': f'{field} is required'}, 
+                status=status.HTTP_400_BAD_REQUEST
+            )
+    
+    # Email format validation
+    email_fields = ['teamEmail', 'member1Email']
+    for field in email_fields:
+        email = data.get(field)
+        if not re.match(r'^[\w\.-]+@[\w\.-]+\.\w+$', email):
+            return Response(
+                {'error': f'Invalid email format for {field}'}, 
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+    # Check if team name already exists
+    if Team.objects.filter(name=data['teamName']).exists():
+        return Response(
+            {'error': 'Team name already exists'}, 
+            status=status.HTTP_400_BAD_REQUEST
+        )
+
+    # Check if team email already exists
+    if Team.objects.filter(team_email=data['teamEmail']).exists():
+        return Response(
+            {'error': 'Team email already exists'}, 
+            status=status.HTTP_400_BAD_REQUEST
+        )
+
     try:
-        # Create team first
+        # Create team
         team = Team.objects.create(
             name=data['teamName'],
-            team_email=data['teamEmail'],
-            team_size=3,
-            password=make_password(data['password'])
+            team_email=data['teamEmail']
         )
+        team.set_password(data['password'])
+        team.save()
 
         # Create users for all team members
         users = []
@@ -80,7 +115,10 @@ def signup(request):
         }, status=status.HTTP_201_CREATED)
 
     except Exception as e:
-        return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+        return Response(
+            {'error': str(e)}, 
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
+        )
 
 @api_view(['POST'])
 @permission_classes([AllowAny])
@@ -742,7 +780,7 @@ def admin_login(request):
         )
 
 @api_view(['GET'])
-@permission_classes([IsAuthenticated])
+@permission_classes([IsAdminUser])
 def admin_get_challenges(request):
     # Check if user is superuser
     if not request.user.is_superuser:
diff --git a/frontend/src/api/auth.js b/frontend/src/api/auth.js
index b7ba1be..f66e84c 100644
--- a/frontend/src/api/auth.js
+++ b/frontend/src/api/auth.js
@@ -9,7 +9,7 @@ export const login = async (teamName, password) => {
 };
 
 export const register = async (formData) => {
-  const response = await apiClient.post('/auth/register', formData);
+  const response = await apiClient.post('/auth/signup', formData);
   return response.data;
 };
 
diff --git a/frontend/src/api/challenges.js b/frontend/src/api/challenges.js
index 4a03f64..3e7e40a 100644
--- a/frontend/src/api/challenges.js
+++ b/frontend/src/api/challenges.js
@@ -42,7 +42,7 @@ export const startChallenge = async (challengeId) => {
 // Admin challenge APIs
 export const getAdminChallenges = async () => {
   try {
-    const response = await apiClient.get('/challenges/admin');
+    const response = await apiClient.get('/api/admin/challenges');
     return response.data;
   } catch (error) {
     console.error('Error fetching admin challenges:', error);
@@ -52,7 +52,7 @@ export const getAdminChallenges = async () => {
 
 export const createChallenge = async (challengeData) => {
   try {
-    const response = await apiClient.post('/challenges/create', challengeData);
+    const response = await apiClient.post('/api/admin/challenges/create', challengeData);
     return response.data;
   } catch (error) {
     console.error('Error creating challenge:', error);
@@ -63,7 +63,7 @@ export const createChallenge = async (challengeData) => {
 export const updateChallenge = async (challengeData, challengeId) => {
   try {
     const response = await apiClient.patch(
-      `/challenges/${challengeId}/update`, 
+      `/api/admin/challenges/${challengeId}/update`, 
       challengeData
     );
     return response.data;
@@ -75,7 +75,7 @@ export const updateChallenge = async (challengeData, challengeId) => {
 
 export const deleteChallenge = async (challengeId) => {
   try {
-    const response = await apiClient.delete(`/challenges/${challengeId}/delete`);
+    const response = await apiClient.delete(`/api/admin/challenges/${challengeId}/delete`);
     return response.data;
   } catch (error) {
     console.error('Error deleting challenge:', error);
@@ -85,7 +85,7 @@ export const deleteChallenge = async (challengeId) => {
 
 export const getChallengeById = async (challengeId) => {
   try {
-    const response = await apiClient.get(`/challenges/${challengeId}`);
+    const response = await apiClient.get(`/api/admin/challenges/${challengeId}`);
     return response.data;
   } catch (error) {
     console.error('Error fetching challenge:', error);

From 678a28130698d6aabd085bf5c6259a3db47fb8bc Mon Sep 17 00:00:00 2001
From: spkap <sourabhkapure@gmail.com>
Date: Thu, 23 Jan 2025 17:36:01 +0530
Subject: [PATCH 5/7] Implement user flag submission and scoreboard update
 logic

---
 backend/atlas_backend/models.py      |  14 ++-
 backend/atlas_backend/serializers.py |  17 ++--
 backend/atlas_backend/urls.py        |   3 +
 backend/atlas_backend/views.py       | 123 +++++++++++++++++++--------
 backend/backend/settings.py          |   9 ++
 frontend/src/api/submissions.js      |  11 +++
 frontend/src/pages/Scoreboard.jsx    |  96 +++++++++++++--------
 7 files changed, 194 insertions(+), 79 deletions(-)
 create mode 100644 frontend/src/api/submissions.js

diff --git a/backend/atlas_backend/models.py b/backend/atlas_backend/models.py
index 8dfe53e..8ca7fca 100644
--- a/backend/atlas_backend/models.py
+++ b/backend/atlas_backend/models.py
@@ -92,6 +92,16 @@ class Challenge(models.Model):
     def __str__(self):
         return self.title
 
+    def get_remaining_attempts(self, team):
+        """Get remaining submission attempts for a team"""
+        from django.conf import settings
+        submission_count = self.submissions.filter(team=team).count()
+        return max(0, settings.FLAG_SUBMIT_MAX_ATTEMPTS - submission_count)
+
+    def can_submit(self, team):
+        """Check if team can submit a flag"""
+        return self.get_remaining_attempts(team) > 0
+
 class Container(models.Model):
     STATUS_CHOICES = [
         ("running", "Running"),
@@ -121,11 +131,11 @@ class Submission(models.Model):
     is_correct = models.BooleanField(default=False)
     points_awarded = models.IntegerField(validators=[MinValueValidator(0)])
     attempt_number = models.IntegerField(default=1)
-    timestamp = models.DateTimeField(auto_now_add=True)
+    timestamp = models.DateTimeField(auto_now_add=True) 
 
     class Meta:
-        unique_together = ("team", "challenge", "attempt_number")
         ordering = ["-timestamp"]
+        unique_together = [['team', 'challenge', 'attempt_number']]
 
     def __str__(self):
         return f"{self.team.name} - {self.challenge.title}"
\ No newline at end of file
diff --git a/backend/atlas_backend/serializers.py b/backend/atlas_backend/serializers.py
index d0735e3..057f753 100644
--- a/backend/atlas_backend/serializers.py
+++ b/backend/atlas_backend/serializers.py
@@ -21,8 +21,18 @@ class ChallengeSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = Challenge
-        fields = ['id', 'title', 'description', 'max_points', 'category', 
-                 'difficulty', 'is_solved']
+        fields = [
+            'id', 
+            'title', 
+            'description', 
+            'max_points', 
+            'category',
+            'docker_image', 
+            'is_hidden', 
+            'hints', 
+            'file_links', 
+            'is_solved'
+        ]
 
     def get_is_solved(self, obj):
         user_team = self.context.get('user_team')
@@ -46,9 +56,6 @@ class Meta:
                  'total_score', 'member_count', 'solved_count', 'challenges']
 
 class SubmissionSerializer(serializers.ModelSerializer):
-    challenge_name = serializers.CharField(source='challenge.title')
-    submitted_by = serializers.CharField(source='user.username')
-    
     class Meta:
         model = Submission
         fields = ['id', 'challenge_name', 'submitted_by', 'flag_submitted', 
diff --git a/backend/atlas_backend/urls.py b/backend/atlas_backend/urls.py
index d2014dd..cbd6029 100644
--- a/backend/atlas_backend/urls.py
+++ b/backend/atlas_backend/urls.py
@@ -12,6 +12,9 @@
     # Challenge routes
     path('challenges', views.get_challenges, name='get_challenges'),
     path('challenges/<int:challenge_id>/submit', views.submit_flag, name='submit_flag'),
+    path('challenges/<int:challenge_id>/submissions', 
+         views.get_challenge_submissions, 
+         name='get_challenge_submissions'),
     
     # Team routes
     path('teams', views.get_teams, name='get_teams'),
diff --git a/backend/atlas_backend/views.py b/backend/atlas_backend/views.py
index 6ad685f..1bf4016 100644
--- a/backend/atlas_backend/views.py
+++ b/backend/atlas_backend/views.py
@@ -208,6 +208,10 @@ def get_challenges(request):
     
     return Response(challenges_list)
 
+from django.core.cache import cache
+from django.conf import settings
+
+
 @api_view(['POST'])
 @permission_classes([IsAuthenticated])
 def submit_flag(request, challenge_id):
@@ -216,57 +220,71 @@ def submit_flag(request, challenge_id):
             {'error': 'You must be in a team to submit flags'},
             status=status.HTTP_400_BAD_REQUEST
         )
-    
+
     challenge = get_object_or_404(Challenge, id=challenge_id)
-    flag = request.data.get('flag')
+    flag = request.data.get('flag', '').strip()
     
     if not flag:
         return Response(
             {'error': 'Flag is required'},
             status=status.HTTP_400_BAD_REQUEST
         )
-    
-    existing_submission = Submission.objects.filter(
+
+    # Get submission count for attempt limiting
+    submission_count = Submission.objects.filter(
         team=request.user.team,
         challenge=challenge
-    ).first()
-    
-    if existing_submission:
-        if existing_submission.is_correct:
-            return Response(
-                {'error': 'Challenge already solved'},
-                status=status.HTTP_400_BAD_REQUEST
-            )
-        attempt_number = existing_submission.attempt_number + 1
-        existing_submission.delete()  # Remove previous attempt
-    else:
-        attempt_number = 1
-    
+    ).count()
+
+    max_attempts = settings.FLAG_SUBMIT_MAX_ATTEMPTS
+    if submission_count >= max_attempts:
+        return Response(
+            {'error': f'Maximum {max_attempts} attempts allowed for this challenge'},
+            status=status.HTTP_429_TOO_MANY_REQUESTS
+        )
+
+    # Check if already solved
+    if Submission.objects.filter(
+        team=request.user.team,
+        challenge=challenge,
+        is_correct=True
+    ).exists():
+        return Response(
+            {'error': 'Challenge already solved'},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+
+    attempt_number = submission_count + 1
     is_correct = challenge.flag == flag
-    points = challenge.max_points if is_correct else 0
     
-    try:
+    try: 
         submission = Submission.objects.create(
             team=request.user.team,
             challenge=challenge,
             user=request.user,
             flag_submitted=flag,
             is_correct=is_correct,
-            points_awarded=points,
+            points_awarded=challenge.max_points if is_correct else 0,
             attempt_number=attempt_number
         )
-        
+
+        if is_correct:
+            request.user.team.challenges.add(challenge)
+
         return Response({
             'message': 'Correct flag!' if is_correct else 'Incorrect flag',
-            'points_awarded': points,
+            'points_awarded': submission.points_awarded,
             'is_correct': is_correct,
-            'attempt_number': attempt_number
+            'attempt_number': attempt_number,
+            'attempts_remaining': max_attempts - attempt_number,
+            'timestamp': submission.timestamp.isoformat() 
         })
-    except IntegrityError:
-        return Response(
-            {'error': 'Submission error occurred'},
-            status=status.HTTP_400_BAD_REQUEST
-        )
+
+    except ValidationError as e:
+        return Response({'error': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+    except Exception as e:
+        return Response({'error': 'Submission error occurred'}, 
+                       status=status.HTTP_500_INTERNAL_SERVER_ERROR)
 
 @api_view(['POST'])
 @permission_classes([IsAuthenticated])
@@ -427,14 +445,27 @@ def leave_team(request):
 @api_view(['GET'])
 @permission_classes([AllowAny])
 def get_scoreboard(request):
+    cache_key = "scoreboard_data"
+    cached_data = cache.get(cache_key)
+
+    if cached_data:
+        return Response(cached_data)
+
     teams = Team.objects.annotate(
-        total_score=Sum('submissions__points_awarded', default=0),
+        total_score=Sum('submissions__points_awarded', 
+                       filter=Q(submissions__is_correct=True)),
         member_count=Count('members', distinct=True),
-        solved_count=Count('submissions', filter=Q(submissions__is_correct=True))
+        solved_count=Count('submissions', 
+                         filter=Q(submissions__is_correct=True))
     ).order_by('-total_score')
     
     serializer = TeamSerializer(teams, many=True)
-    return Response(serializer.data)
+    data = serializer.data
+
+    # Cache for 1 minute
+    cache.set(cache_key, data, 60)
+    
+    return Response(data)
 
 @api_view(['POST'])
 @permission_classes([AllowAny])
@@ -678,12 +709,12 @@ def team_profile(request):
         
         # Get total score
         total_score = team.submissions.filter(is_correct=True).aggregate(
-            total=Sum('challenge__points')
+            total=Sum('points_awarded')   
         )['total'] or 0
         
         # Get team rank
         teams_ranking = Team.objects.annotate(
-            score=Sum('submissions__challenge__points', 
+            score=Sum('submissions__points_awarded', 
                      filter=Q(submissions__is_correct=True))
         ).order_by('-score')
         team_rank = list(teams_ranking.values_list('id', flat=True)).index(team_id) + 1
@@ -707,8 +738,8 @@ def team_profile(request):
             'rank': team_rank,
             'recent_activity': [{
                 'id': sub.id,
-                'challenge_name': sub.challenge.name,
-                'points': sub.challenge.points,
+                'challenge_name': sub.challenge.title,
+                'points': sub.points_awarded,
                 'solved_at': sub.submitted_at.isoformat()
             } for sub in recent_submissions]
         }
@@ -841,4 +872,26 @@ def get_challenge_detail(request, challenge_id):
             {"error": "Challenge not found"}, 
             status=status.HTTP_404_NOT_FOUND
         )
+@api_view(['GET'])
+@permission_classes([IsAuthenticated])
+def get_challenge_submissions(request, challenge_id):
+    challenge = get_object_or_404(Challenge, id=challenge_id)
+    
+    # For regular users, show only their team's submissions
+    if not request.user.is_superuser:
+        if not request.user.team:
+            return Response(
+                {'error': 'You must be in a team to view submissions'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+        submissions = Submission.objects.filter(
+            team=request.user.team,
+            challenge=challenge
+        )
+    else:
+        # Admins can see all submissions
+        submissions = Submission.objects.filter(challenge=challenge)
+    
+    serializer = SubmissionSerializer(submissions, many=True)
+    return Response(serializer.data)
 
diff --git a/backend/backend/settings.py b/backend/backend/settings.py
index d8f116b..c100500 100644
--- a/backend/backend/settings.py
+++ b/backend/backend/settings.py
@@ -188,3 +188,12 @@
 
 # Security settings
 # CSRF_TRUSTED_ORIGINS = ["https://yourfrontenddomain.com"]  # Update with your frontend domain
+  # Maximum attempts allowed per challenge
+FLAG_SUBMIT_MAX_ATTEMPTS = 10
+
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
+        'LOCATION': 'unique-snowflake',
+    }
+}
\ No newline at end of file
diff --git a/frontend/src/api/submissions.js b/frontend/src/api/submissions.js
new file mode 100644
index 0000000..6da755a
--- /dev/null
+++ b/frontend/src/api/submissions.js
@@ -0,0 +1,11 @@
+import apiClient from './config';
+
+export const getChallengeSubmissions = async (challengeId) => {
+  try {
+    const response = await apiClient.get(`/challenges/${challengeId}/submissions`);
+    return response.data;
+  } catch (error) {
+    console.error('Error fetching submissions:', error);
+    throw error;
+  }
+};
\ No newline at end of file
diff --git a/frontend/src/pages/Scoreboard.jsx b/frontend/src/pages/Scoreboard.jsx
index 26898cb..fe42962 100644
--- a/frontend/src/pages/Scoreboard.jsx
+++ b/frontend/src/pages/Scoreboard.jsx
@@ -1,57 +1,79 @@
-import React, { useState, useEffect } from 'react'
-import { getScoreboard } from '../api/scoreboard'
-import { useAuth } from '../hooks/useAuth'
+import React, { useState, useEffect } from 'react';
+import { getScoreboard } from '../api/scoreboard';
 
 function Scoreboard() {
-  const [scores, setScores] = useState([])
-  const [error, setError] = useState('')
-  const [loading, setLoading] = useState(true)
+  const [scores, setScores] = useState([]);
+  const [error, setError] = useState('');
+  const [loading, setLoading] = useState(true);
 
   useEffect(() => {
-    fetchScoreboard()
-  }, [])
+    fetchScoreboard();
+    const interval = setInterval(fetchScoreboard, 10000);
+    
+    const handleScoreboardUpdate = () => {
+      fetchScoreboard();
+    };
+
+    window.addEventListener('scoreboardUpdate', handleScoreboardUpdate);
+
+    return () => {
+      clearInterval(interval);
+      window.removeEventListener('scoreboardUpdate', handleScoreboardUpdate);
+    };
+  }, []);
 
   const fetchScoreboard = async () => {
     try {
-      const scoreboard = await getScoreboard()
-      setScores(scoreboard)
+      const scoreboard = await getScoreboard();
+      console.log('Fetched scoreboard data:', scoreboard);
+      setScores(scoreboard);
+      setError('');
     } catch (err) {
-      console.error('Error fetching scoreboard:', err)
-      setError('Failed to fetch scoreboard')
+      console.error('Error fetching scoreboard:', err);
+      setError('Failed to fetch scoreboard');
     } finally {
-      setLoading(false)
+      setLoading(false);
     }
-  }
+  };
 
   if (loading) {
-    return <div>Loading...</div>
+    return <div className="flex justify-center items-center h-64">
+      <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-blue-500"></div>
+    </div>;
   }
 
   return (
-    <div>
-      <h2 className="text-2xl font-semibold mb-4">Scoreboard</h2>
-      {error && <p className="text-red-500 mb-4">{error}</p>}
-      <table className="w-full">
-        <thead>
-          <tr className="bg-gray-200">
-            <th className="p-2 text-left">Rank</th>
-            <th className="p-2 text-left">Team</th>
-            <th className="p-2 text-left">Score</th>
-          </tr>
-        </thead>
-        <tbody>
-          {scores.map((score, index) => (
-            <tr key={score.teamId} className={index % 2 === 0 ? 'bg-gray-100' : ''}>
-              <td className="p-2">{index + 1}</td>
-              <td className="p-2">{score.teamName}</td>
-              <td className="p-2">{score.score}</td>
+    <div className="container mx-auto px-4 py-8">
+      <h2 className="text-2xl font-semibold mb-6">Scoreboard</h2>
+      {error && <p className="text-red-500 mb-4 p-2 bg-red-50 rounded">{error}</p>}
+      
+      <div className="bg-white shadow-md rounded-lg overflow-hidden">
+        <table className="min-w-full">
+          <thead className="bg-gray-50">
+            <tr>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Rank</th>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Team</th>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Score</th>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Solved</th>
+              <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Members</th>
             </tr>
-          ))}
-        </tbody>
-      </table>
+          </thead>
+          <tbody className="bg-white divide-y divide-gray-200">
+            {scores.map((team, index) => (
+              <tr key={team.id} className={index % 2 === 0 ? 'bg-white' : 'bg-gray-50'}>
+                <td className="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900">{index + 1}</td>
+                <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-900">{team.name}</td>
+                <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-900">{team.total_score}</td>
+                <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-900">{team.solved_count}</td>
+                <td className="px-6 py-4 whitespace-nowrap text-sm text-gray-900">{team.member_count}</td>
+              </tr>
+            ))}
+          </tbody>
+        </table>
+      </div>
     </div>
-  )
+  );
 }
 
-export default Scoreboard
+export default Scoreboard;
 

From 7f01633bd0485da5bb10d3c4c5314e93b4fb8d0b Mon Sep 17 00:00:00 2001
From: spkap <sourabhkapure@gmail.com>
Date: Mon, 27 Jan 2025 22:52:51 +0530
Subject: [PATCH 6/7] restored changes from commit
 '678a28130698d6aabd085bf5c6259a3db47fb8bc'. Fixed issues and removed unused
 imports, views

---
 backend/atlas_backend/models.py      |   4 +-
 backend/atlas_backend/serializers.py |  21 ++-
 backend/atlas_backend/urls.py        |  19 +-
 backend/atlas_backend/views.py       | 263 ++++++++++-----------------
 backend/backend/settings.py          |   2 -
 5 files changed, 127 insertions(+), 182 deletions(-)

diff --git a/backend/atlas_backend/models.py b/backend/atlas_backend/models.py
index 8b07a79..16fc242 100644
--- a/backend/atlas_backend/models.py
+++ b/backend/atlas_backend/models.py
@@ -40,6 +40,7 @@ class Team(models.Model):
     updated_at = models.DateTimeField(auto_now=True)
     password = models.CharField(max_length=128, default=make_password('default_password'))
     team_email = models.EmailField(unique=True, default='team@example.com')
+    max_attempts_per_challenge = models.IntegerField(default=10)  # Add this line
 
     def __str__(self):
         return self.name
@@ -82,7 +83,7 @@ class Challenge(models.Model):
     docker_image = models.CharField(max_length=200)
     flag = models.CharField(max_length=200)
     max_points = models.IntegerField(validators=[MinValueValidator(0)])
-    max_team_size = models.IntegerField(default=4)
+    max_team_size = models.IntegerField(default=3)
     created_at = models.DateTimeField(auto_now_add=True)
     updated_at = models.DateTimeField(auto_now=True)
     is_hidden = models.BooleanField(default=False)
@@ -124,7 +125,6 @@ class Submission(models.Model):
     timestamp = models.DateTimeField(auto_now_add=True)
 
     class Meta:
-        unique_together = ("team", "challenge", "attempt_number")
         ordering = ["-timestamp"]
         unique_together = [['team', 'challenge', 'attempt_number']]
 
diff --git a/backend/atlas_backend/serializers.py b/backend/atlas_backend/serializers.py
index c991782..2546806 100644
--- a/backend/atlas_backend/serializers.py
+++ b/backend/atlas_backend/serializers.py
@@ -5,7 +5,7 @@ class UserSerializer(serializers.ModelSerializer):
     team_name = serializers.CharField(source='team.name',read_only=True)
     class Meta:
         model = User
-        fields = ['id', 'username', 'email', 'team']
+        fields = ['id', 'username', 'email', 'team', 'team_name']
 
 class SignupSerializer(serializers.ModelSerializer):
     class Meta:
@@ -21,8 +21,18 @@ class ChallengeSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = Challenge
-        fields = ['id', 'name', 'description', 'points', 'category', 
-                 'difficulty', 'is_solved']
+        fields = [
+            'id', 
+            'title', 
+            'description', 
+            'max_points', 
+            'category',
+            'docker_image', 
+            'is_hidden', 
+            'hints', 
+            'file_links', 
+            'is_solved'
+        ]
 
     def get_is_solved(self, obj):
         user_team = self.context.get('user_team')
@@ -46,10 +56,7 @@ class Meta:
                  'total_score', 'member_count', 'solved_count', 'challenges']
 
 class SubmissionSerializer(serializers.ModelSerializer):
-    challenge_name = serializers.CharField(source='challenge.title')
-    submitted_by = serializers.CharField(source='user.username')
-    
     class Meta:
         model = Submission
         fields = ['id', 'challenge_name', 'submitted_by', 'flag_submitted', 
-                 'is_correct', 'points_awarded', 'attempt_number', 'timestamp']
+                 'is_correct', 'points_awarded', 'attempt_number', 'timestamp']
\ No newline at end of file
diff --git a/backend/atlas_backend/urls.py b/backend/atlas_backend/urls.py
index 7445bee..f8296f6 100644
--- a/backend/atlas_backend/urls.py
+++ b/backend/atlas_backend/urls.py
@@ -5,13 +5,15 @@
 
 urlpatterns = [
     # Auth routes
-    path('auth/register', views.signup, name='signup'),
+    path('auth/signup', views.signup, name='signup'),
     path('auth/login', views.signin, name='signin'),
     path('auth/refresh', views.token_refresh, name='token_refresh'),
     
     # Challenge routes
     path('challenges', views.get_challenges, name='get_challenges'),
     path('challenges/<int:challenge_id>/submit', views.submit_flag, name='submit_flag'),
+    path('challenges/<int:challenge_id>/submissions', views.get_challenge_submissions, name='get_challenge_submissions'),
+    path('challenges/<int:challenge_id>/start', views.start_challenge, name='start_challenge'),
     
     # Team routes
     path('teams', views.get_teams, name='get_teams'),
@@ -19,15 +21,14 @@
     
     # Scoreboard route
     path('scoreboard', views.get_scoreboard, name='get_scoreboard'),
-    path('auth/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
+    # path('auth/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
 
     # Admin routes
     path('auth/admin/login', views.admin_login, name='admin_login'),
-    path('challenges/admin', views.admin_get_challenges, name='admin_get_challenges'),
-    path('challenges/create', views.create_challenge, name='create_challenge'),
-    path('challenges/<int:challenge_id>/update', views.update_challenge, name='update_challenge'),
-    path('challenges/<int:challenge_id>/delete', views.delete_challenge, name='delete_challenge'),
-    path('challenges/<int:challenge_id>', views.get_challenge_detail, name='get_challenge_by_id'),
+    path('api/admin/challenges', views.admin_get_challenges, name='admin_get_challenges'),
+    path('api/admin/challenges/create', views.create_challenge, name='create_challenge'),
+    path('api/admin/challenges/<int:challenge_id>/update', views.update_challenge, name='update_challenge'),
+    path('api/admin/challenges/<int:challenge_id>/delete', views.delete_challenge, name='delete_challenge'),
+    path('api/admin/challenges/<int:challenge_id>', views.get_challenge_detail, name='get_challenge_by_id'),
 
-
-]
+]
\ No newline at end of file
diff --git a/backend/atlas_backend/views.py b/backend/atlas_backend/views.py
index 2253391..ea89777 100644
--- a/backend/atlas_backend/views.py
+++ b/backend/atlas_backend/views.py
@@ -1,22 +1,19 @@
 from django.shortcuts import get_object_or_404
-from django.contrib.auth import authenticate
-from django.core.exceptions import ValidationError
 from django.conf import settings
-from django.db.models import Sum, Count, Max, Q
-from django.db import IntegrityError
+from django.db.models import Sum, Count, Q
 from datetime import datetime, timedelta
 import jwt
 from django.core.mail import send_mail
 from django.contrib.auth.hashers import make_password, check_password
-
 from rest_framework import status
 from rest_framework.decorators import api_view, permission_classes
 from rest_framework.response import Response
 from rest_framework.permissions import AllowAny, IsAuthenticated, IsAdminUser
 from rest_framework_simplejwt.tokens import RefreshToken, AccessToken
-
+from django.core.cache import cache
 from .models import User, Challenge, Submission, Team, Container
 from .serializers import SignupSerializer, ChallengeSerializer, TeamSerializer, SubmissionSerializer, UserSerializer
+from .docker_plugin import DockerManager
 
 import logging
 
@@ -142,7 +139,13 @@ def signin(request):
             {'error': 'Invalid credentials'},
             status=status.HTTP_401_UNAUTHORIZED
         )
-
+    except Exception as e:
+        logger.error(f"Error during signin: {str(e)}")
+        return Response(
+            {'error': 'Signin failed'},
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
+        )
+        
 @api_view(['GET'])
 @permission_classes([IsAuthenticated])
 def get_challenges(request):
@@ -173,61 +176,74 @@ def get_challenges(request):
 @api_view(['POST'])
 @permission_classes([IsAuthenticated])
 def submit_flag(request, challenge_id):
-    if not request.user.team:
-        return Response(
-            {'error': 'You must be in a team to submit flags'},
-            status=status.HTTP_400_BAD_REQUEST
-        )
-    
-    challenge = get_object_or_404(Challenge, id=challenge_id)
-    flag = request.data.get('flag')
-    
-    if not flag:
-        return Response(
-            {'error': 'Flag is required'},
-            status=status.HTTP_400_BAD_REQUEST
-        )
-    
-    existing_submission = Submission.objects.filter(
-        team=request.user.team,
-        challenge=challenge
-    ).first()
-    
-    if existing_submission:
-        if existing_submission.is_correct:
+    try:
+        if not request.user.team:
+            return Response(
+                {'error': 'You must be in a team to submit flags'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        challenge = get_object_or_404(Challenge, id=challenge_id)
+        flag = request.data.get('flag', '').strip()
+        
+        if not flag:
+            return Response(
+                {'error': 'Flag is required'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+
+        # Get submission count for attempt limiting
+        submission_count = Submission.objects.filter(
+            team=request.user.team,
+            challenge=challenge
+        ).count()
+
+        if submission_count >= request.user.team.max_attempts_per_challenge:
+            return Response(
+                {'error': f'Maximum {request.user.team.max_attempts_per_challenge} attempts allowed for this challenge'},
+                status=status.HTTP_429_TOO_MANY_REQUESTS
+            )
+
+        # Check if already solved
+        if Submission.objects.filter(
+            team=request.user.team,
+            challenge=challenge,
+            is_correct=True
+        ).exists():
             return Response(
                 {'error': 'Challenge already solved'},
                 status=status.HTTP_400_BAD_REQUEST
             )
-        attempt_number = existing_submission.attempt_number + 1
-        existing_submission.delete()  # Remove previous attempt
-    else:
-        attempt_number = 1
-    
-    is_correct = challenge.flag == flag
-    points = challenge.max_points if is_correct else 0
-    
-    try:
+
+        attempt_number = submission_count + 1
+        is_correct = challenge.flag == flag
+        
         submission = Submission.objects.create(
             team=request.user.team,
             challenge=challenge,
             user=request.user,
             flag_submitted=flag,
             is_correct=is_correct,
-            points_awarded=points,
+            points_awarded=challenge.max_points if is_correct else 0,
             attempt_number=attempt_number
         )
-        
+
+        if is_correct:
+            request.user.team.challenges.add(challenge)
+
         return Response({
             'message': 'Correct flag!' if is_correct else 'Incorrect flag',
-            'points_awarded': points,
+            'points_awarded': submission.points_awarded,
             'is_correct': is_correct,
-            'attempt_number': attempt_number
+            'attempt_number': attempt_number,
+            'attempts_remaining': request.user.team.max_attempts_per_challenge - attempt_number,
+            'timestamp': submission.timestamp.isoformat() 
         })
-    except IntegrityError:
+
+    except Exception as e:
         return Response(
-            {'error': 'Submission error occurred'},
-            status=status.HTTP_400_BAD_REQUEST
+            {'error': 'Submission error occurred'}, 
+            status=status.HTTP_500_INTERNAL_SERVER_ERROR
         )
 
 @api_view(['POST'])
@@ -257,7 +273,6 @@ def start_challenge(request, challenge_id):
         })
     
     try:
-        from .docker_plugin import DockerManager
         docker_mgr = DockerManager()
         
         container_info = docker_mgr.create_container(
@@ -303,92 +318,14 @@ def get_teams(request):
     serializer = TeamSerializer(teams, many=True)
     return Response(serializer.data)
 
-@api_view(['POST'])
-@permission_classes([IsAuthenticated])
-def create_team(request):
-    if request.user.team:
-        return Response(
-            {'error': 'You are already in a team'},
-            status=status.HTTP_400_BAD_REQUEST
-        )
-        
-    name = request.data.get('name')
-    description = request.data.get('description', '')
-    team_size = request.data.get('team_size', 4)
-    
-    if not name:
-        return Response(
-            {'error': 'Team name is required'},
-            status=status.HTTP_400_BAD_REQUEST
-        )
-    
-    try:
-        team = Team.objects.create(
-            name=name,
-            description=description,
-            team_size=team_size
-        )
-        request.user.team = team
-        request.user.save()
-        
-        return Response(TeamSerializer(team).data, status=status.HTTP_201_CREATED)
-    except Exception as e:
-        return Response(
-            {'error': str(e)},
-            status=status.HTTP_400_BAD_REQUEST
-        )
-
-@api_view(['POST'])
-@permission_classes([IsAuthenticated])
-def join_team(request):
-    if request.user.team:
-        return Response(
-            {'error': 'You are already in a team'},
-            status=status.HTTP_400_BAD_REQUEST
-        )
-        
-    team_id = request.data.get('team_id')
-    if not team_id:
-        return Response(
-            {'error': 'Team ID is required'},
-            status=status.HTTP_400_BAD_REQUEST
-        )
-    
-    try:
-        team = Team.objects.get(id=team_id)
-        current_size = team.members.count()
-        
-        if current_size >= team.team_size:
-            return Response(
-                {'error': 'Team is full'},
-                status=status.HTTP_400_BAD_REQUEST
-            )
-            
-        request.user.team = team
-        request.user.save()
-        return Response({'message': 'Successfully joined team'})
-    except Team.DoesNotExist:
-        return Response(
-            {'error': 'Team not found'},
-            status=status.HTTP_404_NOT_FOUND
-        )
-
-@api_view(['POST'])
-@permission_classes([IsAuthenticated])
-def leave_team(request):
-    if not request.user.team:
-        return Response(
-            {'error': 'You are not in a team'},
-            status=status.HTTP_400_BAD_REQUEST
-        )
-        
-    request.user.team = None
-    request.user.save()
-    return Response({'message': 'Successfully left team'})
-
 @api_view(['GET'])
 @permission_classes([AllowAny])
 def get_scoreboard(request):
+    cache_key = "scoreboard_data"
+    cached_data = cache.get(cache_key)
+
+    if cached_data:
+        return Response(cached_data)
     teams = Team.objects.annotate(
         total_score=Sum('submissions__points_awarded', default=0),
         member_count=Count('members', distinct=True),
@@ -396,7 +333,12 @@ def get_scoreboard(request):
     ).order_by('-total_score')
     
     serializer = TeamSerializer(teams, many=True)
-    return Response(serializer.data)
+    data = serializer.data
+
+    # Cache for 5 seconds
+    cache.set(cache_key, data, 5)
+    
+    return Response(data)
 
 @api_view(['POST'])
 @permission_classes([AllowAny])
@@ -581,31 +523,6 @@ def delete_challenge(request, challenge_id):
             status=status.HTTP_500_INTERNAL_SERVER_ERROR
         )
 
-@api_view(['GET'])
-@permission_classes([IsAuthenticated])
-def get_user_profile(request):
-    serializer = UserSerializer(request.user)
-    return Response(serializer.data)
-
-@api_view(['POST'])
-@permission_classes([IsAuthenticated])
-def update_user_info(request):
-    serializer = UserSerializer(request.user, data=request.data, partial=True)
-    if serializer.is_valid():
-        serializer.save()
-        return Response(serializer.data)
-    return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
-
-@api_view(['GET'])
-@permission_classes([IsAuthenticated])
-def get_team_history(request):
-    if not request.user.team:
-        return Response({'error': 'User not in a team'}, status=status.HTTP_400_BAD_REQUEST)
-    
-    submissions = Submission.objects.filter(team=request.user.team)
-    serializer = SubmissionSerializer(submissions, many=True)
-    return Response(serializer.data)
-
 @api_view(['GET'])
 @permission_classes([IsAuthenticated])
 def team_profile(request):
@@ -640,12 +557,12 @@ def team_profile(request):
         
         # Get total score
         total_score = team.submissions.filter(is_correct=True).aggregate(
-            total=Sum('challenge__points')
+            total=Sum('points_awarded')   
         )['total'] or 0
         
         # Get team rank
         teams_ranking = Team.objects.annotate(
-            score=Sum('submissions__challenge__points', 
+            score=Sum('submissions__points_awarded', 
                      filter=Q(submissions__is_correct=True))
         ).order_by('-score')
         team_rank = list(teams_ranking.values_list('id', flat=True)).index(team_id) + 1
@@ -653,7 +570,7 @@ def team_profile(request):
         # Get recent activity
         recent_submissions = team.submissions.filter(
             is_correct=True
-        ).order_by('-submitted_at')[:5]
+        ).order_by('-timestamp')[:5]
         
         response_data = {
             'id': team_id,
@@ -669,9 +586,9 @@ def team_profile(request):
             'rank': team_rank,
             'recent_activity': [{
                 'id': sub.id,
-                'challenge_name': sub.challenge.name,
-                'points': sub.challenge.points,
-                'solved_at': sub.submitted_at.isoformat()
+                'challenge_name': sub.challenge.title,
+                'points': sub.points_awarded,
+                'solved_at': sub.timestamp.isoformat()  # Changed from submitted_at to timestamp
             } for sub in recent_submissions]
         }
         
@@ -803,4 +720,26 @@ def get_challenge_detail(request, challenge_id):
             {"error": "Challenge not found"}, 
             status=status.HTTP_404_NOT_FOUND
         )
-
+        
+@api_view(['GET'])
+@permission_classes([IsAuthenticated])
+def get_challenge_submissions(request, challenge_id):
+    challenge = get_object_or_404(Challenge, id=challenge_id)
+    
+    # For regular users, show only their team's submissions
+    if not request.user.is_superuser:
+        if not request.user.team:
+            return Response(
+                {'error': 'You must be in a team to view submissions'},
+                status=status.HTTP_400_BAD_REQUEST
+            )
+        submissions = Submission.objects.filter(
+            team=request.user.team,
+            challenge=challenge
+        )
+    else:
+        # Admins can see all submissions
+        submissions = Submission.objects.filter(challenge=challenge)
+    
+    serializer = SubmissionSerializer(submissions, many=True)
+    return Response(serializer.data)
\ No newline at end of file
diff --git a/backend/backend/settings.py b/backend/backend/settings.py
index c100500..ac1ec0a 100644
--- a/backend/backend/settings.py
+++ b/backend/backend/settings.py
@@ -188,8 +188,6 @@
 
 # Security settings
 # CSRF_TRUSTED_ORIGINS = ["https://yourfrontenddomain.com"]  # Update with your frontend domain
-  # Maximum attempts allowed per challenge
-FLAG_SUBMIT_MAX_ATTEMPTS = 10
 
 CACHES = {
     'default': {

From 5ebdcf710ea4a022e991df928258d39cf13398bd Mon Sep 17 00:00:00 2001
From: Sourabh Kapure <140597815+Spkap@users.noreply.github.com>
Date: Mon, 27 Jan 2025 23:04:12 +0530
Subject: [PATCH 7/7] Update models.py

---
 backend/atlas_backend/models.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/atlas_backend/models.py b/backend/atlas_backend/models.py
index 16fc242..0e9a7d8 100644
--- a/backend/atlas_backend/models.py
+++ b/backend/atlas_backend/models.py
@@ -40,7 +40,7 @@ class Team(models.Model):
     updated_at = models.DateTimeField(auto_now=True)
     password = models.CharField(max_length=128, default=make_password('default_password'))
     team_email = models.EmailField(unique=True, default='team@example.com')
-    max_attempts_per_challenge = models.IntegerField(default=10)  # Add this line
+    max_attempts_per_challenge = models.IntegerField(default=10)
 
     def __str__(self):
         return self.name
@@ -129,4 +129,4 @@ class Meta:
         unique_together = [['team', 'challenge', 'attempt_number']]
 
     def __str__(self):
-        return f"{self.team.name} - {self.challenge.title}"
\ No newline at end of file
+        return f"{self.team.name} - {self.challenge.title}"