Europe Pub (PieFed)Created a self-hosted API for CRUD-ing JSON data on different storage providers (local, S3, minIO, ...).
submitted by
LaVillaStrangiatoHi all. I made a self-hosted API for CRUD-ing JSON files. Built for data storage in small personal projects, or mocking an API for development. Advantages are simplicity, interoperability and performance (using the cache system).
API is based on your JSON structure. So the example below is for CRUD-ing [geralt][city] in file.json. The value (which can be anything) is then added to the body of the request. For me, it has been really flexible and useful, so I want to share it and collect feedback!
I think you should make it more clear in your docs that this is wildly insecure and should be restricted to “tinkering” usage only.
That said it seems like a fun project to write.
Thanks for checking my project out. In the readme I state it’s for ‘small personal projects’ where you want to get something quickly. However, “widly insecure” seems a bit much? If you use it for storing data that has no privacy (like public blog posts, and their comments)?
Many api implementations are bare http because security is expected to be handled / wrapped by another technology.
“Security” is not just “ssl”…
That’s true. So is my comment.
What “other technology” is going to make sure your API doesn’t have SQL injection and bad authentication vulnerabilities?
At the time I made the comment, I didn’t realize this was building with unsanitized inputs and absolute paths.
And I should know better, I use burp a couple times a month. My bad.
this round trips the entire file body on every mutation?
What happens if two concurrent mutation requests come in?