synt-xerror/neocities-c
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security improvements

Browse Source
This commit is contained in:
synt-xerror
2026-02-16 19:08:31 -03:00
parent 9ba4be8a92
commit 08cc4f9d75
1 changed files with 231 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
src/neocities.c
View File

@@ -5,7 +5,7 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
// ------------------------- // -------------------------
// HTTP responde buffer // HTTP responde buffer
// ------------------------- // -------------------------
struct response { struct response {
@@ -13,7 +13,13 @@ struct response {
size_t len; size_t len;
}; };
static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata) { static size_t write_cb(
void *ptr,
size_t size,
size_t nmemb,
void *userdata
)
{
struct response *r = (struct response*)userdata; struct response *r = (struct response*)userdata;
size_t chunk = size * nmemb; size_t chunk = size * nmemb;
char *tmp = realloc(r->data, r->len + chunk + 1); char *tmp = realloc(r->data, r->len + chunk + 1);
@@ -28,42 +34,80 @@ static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata) {
// ------------------------- // -------------------------
// HTTP helpers // HTTP helpers
// ------------------------- // -------------------------
static int perform_request(const char *url, const char *user, const char *pass, static int perform_request(
const char *post_fields, struct response *resp) const char *url,
const char *api_key,
const char *post_fields,
struct response *resp,
curl_mime *mime
)
{ {
CURL *curl = curl_easy_init(); CURL *curl = curl_easy_init();
if (!curl) return 1; if (!curl) return 1;
resp->data = malloc(1); resp->data = malloc(1);
resp->len = 0; resp->len = 0;
resp->data[0] = '\0';
struct curl_slist *headers = NULL;
if (api_key && strlen(api_key) > 0) {
char auth_header[512];
snprintf(auth_header, sizeof(auth_header),
"Authorization: Bearer %s", api_key);
headers = curl_slist_append(headers, auth_header);
}
curl_easy_setopt(curl, CURLOPT_URL, url); curl_easy_setopt(curl, CURLOPT_URL, url);
if (headers)
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
/* SSL hardening */
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 0L); // política
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10L);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 60L);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, resp); curl_easy_setopt(curl, CURLOPT_WRITEDATA, resp);
if (user && pass) {
char auth[256];
snprintf(auth, sizeof(auth), "%s:%s", user, pass);
curl_easy_setopt(curl, CURLOPT_USERPWD, auth);
}
if (post_fields) { if (post_fields) {
curl_easy_setopt(curl, CURLOPT_POST, 1L); curl_easy_setopt(curl, CURLOPT_POST, 1L);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, post_fields); curl_easy_setopt(curl, CURLOPT_POSTFIELDS, post_fields);
} }
if (mime)
curl_easy_setopt(curl, CURLOPT_MIMEPOST, mime);
CURLcode res = curl_easy_perform(curl); CURLcode res = curl_easy_perform(curl);
curl_slist_free_all(headers);
curl_easy_cleanup(curl);
long http_code = 0;
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
if (res != CURLE_OK || http_code >= 400) {
curl_slist_free_all(headers);
curl_easy_cleanup(curl); curl_easy_cleanup(curl);
if (res != CURLE_OK) {
free(resp->data); free(resp->data);
return 2; return 2;
} }
return 0; return 0;
} }
// ------------------------- // -------------------------
// JSON parsers // JSON parsers
// ------------------------- // -------------------------
void neocities_free_info(neocities_info_t *info) { void neocities_free_info(
neocities_info_t *info
)
{
if (!info) return; if (!info) return;
free(info->sitename); free(info->sitename);
free(info->created_at); free(info->created_at);
@@ -73,7 +117,10 @@ void neocities_free_info(neocities_info_t *info) {
free(info->tags); free(info->tags);
} }
void neocities_free_filelist(neocities_filelist_t *list) { void neocities_free_filelist(
neocities_filelist_t *list
)
{
if (!list) return; if (!list) return;
for (size_t i=0; i<list->count; i++) free(list->paths[i]); for (size_t i=0; i<list->count; i++) free(list->paths[i]);
free(list->paths); free(list->paths);
@@ -82,7 +129,10 @@ void neocities_free_filelist(neocities_filelist_t *list) {
// ------------------------- // -------------------------
// info — GET /api/info // info — GET /api/info
// ------------------------- // -------------------------
int neocities_info(const char *sitename, neocities_info_t *out) { int neocities_info(
const char *sitename, neocities_info_t *out
)
{
char url[512]; char url[512];
if (sitename) if (sitename)
snprintf(url, sizeof(url), "https://neocities.org/api/info?sitename=%s", sitename); snprintf(url, sizeof(url), "https://neocities.org/api/info?sitename=%s", sitename);
@@ -90,7 +140,7 @@ int neocities_info(const char *sitename, neocities_info_t *out) {
snprintf(url, sizeof(url), "https://neocities.org/api/info"); snprintf(url, sizeof(url), "https://neocities.org/api/info");
struct response resp; struct response resp;
int ret = perform_request(url, NULL, NULL, NULL, &resp); int ret = perform_request(url, NULL, NULL, &resp, NULL);
if (ret) return ret; if (ret) return ret;
json_error_t error; json_error_t error;
@@ -122,13 +172,17 @@ int neocities_info(const char *sitename, neocities_info_t *out) {
// ------------------------- // -------------------------
// list — GET /api/list // list — GET /api/list
// ------------------------- // -------------------------
int neocities_list(const char *user, const char *pass, const char *path, neocities_filelist_t *out) { int neocities_list(
const char *api_key,
const char *path, neocities_filelist_t *out
)
{
char url[512]; char url[512];
if (path) snprintf(url, sizeof(url), "https://neocities.org/api/list?path=%s", path); if (path) snprintf(url, sizeof(url), "https://neocities.org/api/list?path=%s", path);
else snprintf(url, sizeof(url), "https://neocities.org/api/list"); else snprintf(url, sizeof(url), "https://neocities.org/api/list");
struct response resp; struct response resp;
int ret = perform_request(url, user, pass, NULL, &resp); int ret = perform_request(url, api_key, NULL, &resp, NULL);
if (ret) return ret; if (ret) return ret;
json_error_t error; json_error_t error;
@@ -153,7 +207,13 @@ int neocities_list(const char *user, const char *pass, const char *path, neociti
// ------------------------- // -------------------------
// delete — POST /api/delete // delete — POST /api/delete
// ------------------------- // -------------------------
int neocities_delete(const char *user, const char *pass, const char **filenames, size_t count, char **response) { int neocities_delete(
const char *api_key,
const char **filenames,
size_t count,
char **response
)
{
char body[1024] = ""; char body[1024] = "";
for (size_t i=0; i<count; i++) { for (size_t i=0; i<count; i++) {
char tmp[256]; char tmp[256];
@@ -161,7 +221,13 @@ int neocities_delete(const char *user, const char *pass, const char **filenames,
strncat(body, tmp, sizeof(body)-strlen(body)-1); strncat(body, tmp, sizeof(body)-strlen(body)-1);
} }
struct response resp; struct response resp;
int ret = perform_request("https://neocities.org/api/delete", user, pass, body, &resp); int ret = perform_request(
"https://neocities.org/api/delete",
api_key,
body,
&resp,
NULL
);
if (ret) return ret; if (ret) return ret;
*response = resp.data; *response = resp.data;
return 0; return 0;
@@ -171,22 +237,45 @@ int neocities_delete(const char *user, const char *pass, const char **filenames,
// upload — POST /api/upload // upload — POST /api/upload
// (multipart/form-data) // (multipart/form-data)
// ------------------------- // -------------------------
int neocities_upload(const char *user, const char *pass, const char **local_files, const char **remote_names, size_t count, char **response) { int neocities_upload(
const char *api_key,
const char **local_files,
const char **remote_names,
size_t count,
char **response
)
{
if (!api_key || strlen(api_key) == 0)
return 3;
CURL *curl = curl_easy_init(); CURL *curl = curl_easy_init();
if (!curl) return 1; if (!curl) return 1;
struct response resp; struct response resp;
resp.data = malloc(1); resp.data = malloc(1);
resp.len = 0; resp.len = 0;
resp.data[0] = '\0';
curl_easy_setopt(curl, CURLOPT_URL, "https://neocities.org/api/upload"); curl_easy_setopt(curl, CURLOPT_URL, "https://neocities.org/api/upload");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &resp); curl_easy_setopt(curl, CURLOPT_WRITEDATA, &resp);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 0L);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10L);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 60L);
curl_easy_setopt(curl, CURLOPT_USERPWD, NULL); curl_easy_setopt(curl, CURLOPT_USERPWD, NULL);
char auth[256];
snprintf(auth, sizeof(auth), "%s:%s", user, pass); struct curl_slist *headers = NULL;
curl_easy_setopt(curl, CURLOPT_USERPWD, auth); char auth_header[512];
snprintf(auth_header, sizeof(auth_header),
"Authorization: Bearer %s", api_key);
headers = curl_slist_append(headers, auth_header);
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_mime *form = curl_mime_init(curl); curl_mime *form = curl_mime_init(curl);
for (size_t i=0; i<count; i++) { for (size_t i=0; i<count; i++) {
@@ -198,6 +287,7 @@ int neocities_upload(const char *user, const char *pass, const char **local_file
CURLcode res = curl_easy_perform(curl); CURLcode res = curl_easy_perform(curl);
curl_mime_free(form); curl_mime_free(form);
curl_slist_free_all(headers);
curl_easy_cleanup(curl); curl_easy_cleanup(curl);
if (res != CURLE_OK) { free(resp.data); return 2; } if (res != CURLE_OK) { free(resp.data); return 2; }
@@ -209,18 +299,4 @@ int neocities_upload(const char *user, const char *pass, const char **local_file
// ------------------------- // -------------------------
// get_api_key — GET /api/key // get_api_key — GET /api/key
// ------------------------- // -------------------------
int neocities_get_api_key(const char *user, const char *pass, char **api_key) { // no. for security reasons of course.
struct response resp;
int ret = perform_request("https://neocities.org/api/key", user, pass, NULL, &resp);
if (ret) return ret;
json_error_t error;
json_t *root = json_loads(resp.data, 0, &error);
free(resp.data);
if (!root) return 3;
const char *key = json_string_value(json_object_get(root,"api_key"));
*api_key = strdup(key);
json_decref(root);
return 0;
}