Created a self-hosted API for CRUD-ing JSON data on different storage providers (local, S3, minIO, ...). (github.com)

submitted 3 weeks ago by LaVillaStrangiato@infosec.pub to c/selfhosted@lemmy.world

3 comments fedilink hide all child comments

Hi all. I made a self-hosted API for CRUD-ing JSON files. Built for data storage in small personal projects, or mocking an API for development. Advantages are simplicity, interoperability and performance (using the cache system).

API is based on your JSON structure. So the example below is for CRUD-ing [geralt][city] in file.json. The value (which can be anything) is then added to the body of the request. For me, it has been really flexible and useful, so I want to share it and collect feedback!

top 3 comments

sorted by: hot top controversial new old

[-] atzanteol@sh.itjust.works 1 points 3 weeks ago

I think you should make it more clear in your docs that this is wildly insecure and should be restricted to "tinkering" usage only.

That said it seems like a fun project to write.

[-] LaVillaStrangiato@infosec.pub 0 points 3 weeks ago* (last edited 3 weeks ago)

Thanks for checking my project out. In the readme I state it's for 'small personal projects' where you want to get something quickly. However, "widly insecure" seems a bit much? If you use it for storing data that has no privacy (like public blog posts, and their comments)?

[-] atzanteol@sh.itjust.works 1 points 3 weeks ago

You try using "../../../../../etc/passwd" as the filename in your requests? I don't see anywhere where '..' is escaped or removed from file strings. Sending untrusted filenames directly to file operations without scrubbing and sanity checking is very dangerous and potentially allows a malicious user to read and overwrite any files the application has permissions for.

this post was submitted on 31 Dec 2025

2 points (100.0% liked)

Selfhosted

54767 readers

129 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz