Files
ObsidianDragon/src/util/http_download.h
DanS 9c533fa485 refactor(audit): batch 5 — share the updater HTTP/download layer
XmrigUpdater and DaemonUpdater carried byte-identical libcurl code —
httpGet, downloadToFile, and the write/progress callbacks — including the
security-critical TLS-verify (SSL_VERIFYPEER=1 / SSL_VERIFYHOST=2) and
max-body-size options, duplicated across two signature-verified
download-and-execute files that had to be hand-kept in sync.

Hoist that machinery into src/util/http_download.{h,cpp}:
- util::httpGetString(url, logTag)
- util::httpDownloadToFile(url, dest, logTag, maxBytes, onProgress)
threading progress + cancellation through a std::function (returning false
aborts the transfer) instead of the class `this` pointer. Each updater's
httpGet/downloadToFile become one-line forwarders that bind their own log
tag and archive-size cap (64 MiB miner / 256 MiB node, both preserved).

Every curl option is preserved byte-identically (verified by diffing the
setopt lines against the pre-change code — the only deltas are the
now-parameterized MAXFILESIZE cap and the XFERINFODATA payload). No behavior
change; the TLS/size-guard options now live in exactly one place.

Deliberately scoped DOWN per the audit's own guidance: the divergent
per-updater logic (release DTOs/parsers, checksum-table parsing, version
compare, and installResolved's per-member-SHA vs transitive-trust verify,
install strategy, and chmod scope) stays in each class — NOT merged behind a
base-class/virtual-hook layer, which would raise review cost on
signature-verified execute-code and risk a subtle security regression. The
shared-DTO/parser consolidation (~77 test refs of churn on stable code) is
left as a separate, lower-value follow-up.

Full-node + Lite build clean; ctest 1/1; source-hygiene clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-02 19:17:44 -05:00

35 lines
1.7 KiB
C++

// DragonX Wallet - ImGui Edition
// Copyright 2024-2026 The Hush Developers
// Released under the GPLv3
//
// Shared libcurl download primitives for the in-app updaters (miner + daemon). Both the
// XmrigUpdater and DaemonUpdater workers issued byte-identical libcurl GET/download code —
// including the security-critical TLS-verify and max-body-size options. Sharing it here means
// those options are defined exactly once, so a curl/TLS change can't silently drift between the
// two signature-verified download-and-execute paths. The header stays curl-free (callers that
// only download don't need <curl/curl.h>).
#pragma once
#include <functional>
#include <string>
namespace dragonx {
namespace util {
// GET `url` over TLS (peer + host verified) into a string. Follows redirects; 30s transfer /
// 15s connect timeout; browser-agnostic User-Agent. Returns "" on ANY failure (curl error or
// non-2xx status). `logTag` (e.g. "[xmrig-updater]") prefixes the debug log on failure.
std::string httpGetString(const std::string& url, const char* logTag);
// Download `url` over TLS (peer + host verified) to `destPath`, refusing bodies larger than
// `maxBytes` (a defense ahead of the checksum/signature check). `onProgress(downloaded, total)`
// is invoked live during the transfer; returning false aborts it (used for cancellation). On
// any failure the partial file is removed and false is returned. `logTag` prefixes debug logs.
bool httpDownloadToFile(const std::string& url, const std::string& destPath,
const char* logTag, long long maxBytes,
const std::function<bool(double downloaded, double total)>& onProgress);
} // namespace util
} // namespace dragonx