synt-xerror/neocities-c
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security improvements

Browse Source
This commit is contained in:
synt-xerror
2026-02-16 19:08:31 -03:00
parent 9ba4be8a92
commit 08cc4f9d75
1 changed files with 231 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
src/neocities.c
View File

@@ -13,7 +13,13 @@ struct response {
size_t len;
};
static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata) {
static size_t write_cb(
void *ptr,
size_t size,
size_t nmemb,
void *userdata
)
{
struct response *r = (struct response*)userdata;
size_t chunk = size * nmemb;
char *tmp = realloc(r->data, r->len + chunk + 1);
@@ -28,42 +34,80 @@ static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata) {
// -------------------------
// HTTP helpers
// -------------------------
static int perform_request(const char *url, const char *user, const char *pass,
const char *post_fields, struct response *resp)
static int perform_request(
const char *url,
const char *api_key,
const char *post_fields,
struct response *resp,
curl_mime *mime
)
{
CURL *curl = curl_easy_init();
if (!curl) return 1;
resp->data = malloc(1);
resp->len = 0;
resp->data[0] = '\0';
struct curl_slist *headers = NULL;
if (api_key && strlen(api_key) > 0) {
char auth_header[512];
snprintf(auth_header, sizeof(auth_header),
"Authorization: Bearer %s", api_key);
headers = curl_slist_append(headers, auth_header);
}
curl_easy_setopt(curl, CURLOPT_URL, url);
if (headers)
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
/* SSL hardening */
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 0L); // política
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10L);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 60L);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, resp);
if (user && pass) {
char auth[256];
snprintf(auth, sizeof(auth), "%s:%s", user, pass);
curl_easy_setopt(curl, CURLOPT_USERPWD, auth);
}
if (post_fields) {
curl_easy_setopt(curl, CURLOPT_POST, 1L);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, post_fields);
}
if (mime)
curl_easy_setopt(curl, CURLOPT_MIMEPOST, mime);
CURLcode res = curl_easy_perform(curl);
curl_slist_free_all(headers);
curl_easy_cleanup(curl);
long http_code = 0;
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code);
if (res != CURLE_OK || http_code >= 400) {
curl_slist_free_all(headers);
curl_easy_cleanup(curl);
if (res != CURLE_OK) {
free(resp->data);
return 2;
}
return 0;
}
// -------------------------
// JSON parsers
// -------------------------
void neocities_free_info(neocities_info_t *info) {
void neocities_free_info(
neocities_info_t *info
)
{
if (!info) return;
free(info->sitename);
free(info->created_at);
@@ -73,7 +117,10 @@ void neocities_free_info(neocities_info_t *info) {
free(info->tags);
}
void neocities_free_filelist(neocities_filelist_t *list) {
void neocities_free_filelist(
neocities_filelist_t *list
)
{
if (!list) return;
for (size_t i=0; i<list->count; i++) free(list->paths[i]);
free(list->paths);
@@ -82,7 +129,10 @@ void neocities_free_filelist(neocities_filelist_t *list) {
// -------------------------
// info — GET /api/info
// -------------------------
int neocities_info(const char *sitename, neocities_info_t *out) {
int neocities_info(
const char *sitename, neocities_info_t *out
)
{
char url[512];
if (sitename)
snprintf(url, sizeof(url), "https://neocities.org/api/info?sitename=%s", sitename);
@@ -90,7 +140,7 @@ int neocities_info(const char *sitename, neocities_info_t *out) {
snprintf(url, sizeof(url), "https://neocities.org/api/info");
struct response resp;
int ret = perform_request(url, NULL, NULL, NULL, &resp);
int ret = perform_request(url, NULL, NULL, &resp, NULL);
if (ret) return ret;
json_error_t error;
@@ -122,13 +172,17 @@ int neocities_info(const char *sitename, neocities_info_t *out) {
// -------------------------
// list — GET /api/list
// -------------------------
int neocities_list(const char *user, const char *pass, const char *path, neocities_filelist_t *out) {
int neocities_list(
const char *api_key,
const char *path, neocities_filelist_t *out
)
{
char url[512];
if (path) snprintf(url, sizeof(url), "https://neocities.org/api/list?path=%s", path);
else snprintf(url, sizeof(url), "https://neocities.org/api/list");
struct response resp;
int ret = perform_request(url, user, pass, NULL, &resp);
int ret = perform_request(url, api_key, NULL, &resp, NULL);
if (ret) return ret;
json_error_t error;
@@ -153,7 +207,13 @@ int neocities_list(const char *user, const char *pass, const char *path, neociti
// -------------------------
// delete — POST /api/delete
// -------------------------
int neocities_delete(const char *user, const char *pass, const char **filenames, size_t count, char **response) {
int neocities_delete(
const char *api_key,
const char **filenames,
size_t count,
char **response
)
{
char body[1024] = "";
for (size_t i=0; i<count; i++) {
char tmp[256];
@@ -161,7 +221,13 @@ int neocities_delete(const char *user, const char *pass, const char **filenames,
strncat(body, tmp, sizeof(body)-strlen(body)-1);
}
struct response resp;
int ret = perform_request("https://neocities.org/api/delete", user, pass, body, &resp);
int ret = perform_request(
"https://neocities.org/api/delete",
api_key,
body,
&resp,
NULL
);
if (ret) return ret;
*response = resp.data;
return 0;
@@ -171,22 +237,45 @@ int neocities_delete(const char *user, const char *pass, const char **filenames,
// upload — POST /api/upload
// (multipart/form-data)
// -------------------------
int neocities_upload(const char *user, const char *pass, const char **local_files, const char **remote_names, size_t count, char **response) {
int neocities_upload(
const char *api_key,
const char **local_files,
const char **remote_names,
size_t count,
char **response
)
{
if (!api_key || strlen(api_key) == 0)
return 3;
CURL *curl = curl_easy_init();
if (!curl) return 1;
struct response resp;
resp.data = malloc(1);
resp.len = 0;
resp.data[0] = '\0';
curl_easy_setopt(curl, CURLOPT_URL, "https://neocities.org/api/upload");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &resp);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 0L);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10L);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 60L);
curl_easy_setopt(curl, CURLOPT_USERPWD, NULL);
char auth[256];
snprintf(auth, sizeof(auth), "%s:%s", user, pass);
curl_easy_setopt(curl, CURLOPT_USERPWD, auth);
struct curl_slist *headers = NULL;
char auth_header[512];
snprintf(auth_header, sizeof(auth_header),
"Authorization: Bearer %s", api_key);
headers = curl_slist_append(headers, auth_header);
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_mime *form = curl_mime_init(curl);
for (size_t i=0; i<count; i++) {
@@ -198,6 +287,7 @@ int neocities_upload(const char *user, const char *pass, const char **local_file
CURLcode res = curl_easy_perform(curl);
curl_mime_free(form);
curl_slist_free_all(headers);
curl_easy_cleanup(curl);
if (res != CURLE_OK) { free(resp.data); return 2; }
@@ -209,18 +299,4 @@ int neocities_upload(const char *user, const char *pass, const char **local_file
// -------------------------
// get_api_key — GET /api/key
// -------------------------
int neocities_get_api_key(const char *user, const char *pass, char **api_key) {
struct response resp;
int ret = perform_request("https://neocities.org/api/key", user, pass, NULL, &resp);
if (ret) return ret;
json_error_t error;
json_t *root = json_loads(resp.data, 0, &error);
free(resp.data);
if (!root) return 3;
const char *key = json_string_value(json_object_get(root,"api_key"));
*api_key = strdup(key);
json_decref(root);
return 0;
}
// no. for security reasons of course.