HTTP请求被其他HTTP请求篡改,包括golang和标准库

时间:2017-03-14 11:16:14

标签: rest go webserver

cat main.go:

```

package main

import (
    "encoding/json"
    "log"
    "net"
    "net/http"
    "net/http/fcgi"
    "os"
)

func main() {
    //setup the config
    configFile := "config.json"
    fd, err := os.Open(configFile)
    if err != nil {
        log.Fatalf("Can't open config file: %v", configFile)
    }
    CFG := config{}
    err = json.NewDecoder(fd).Decode(&CFG)
    if err != nil {
        log.Fatalf("parse config error: %v", err)
    }

    //init DB connection
    db.InitConnectionInfo(CFG.Database.Host, CFG.Database.Port, CFG.Database.Database, CFG.Database.Username, CFG.Database.Password)

    //register HTTP handler
    sessionHandler := &handlers.SessionHandler{}
    http.Handle("/sessions", sessionHandler)
    http.Handle("/sessions/", sessionHandler)

    userHandler := &handlers.UserHandler{
        Facebook:      &oa.OAuth{AppId: CFG.Facebook.Key, Secret: CFG.Facebook.Secret},
        Sina:          &oa.OAuth{AppId: CFG.Sina.Key, Secret: CFG.Sina.Secret},
        Google:        &oa.OAuth{AppId: CFG.Google.Key, Secret: CFG.Google.Secret},
        Tencent:       &oa.OAuth{AppId: CFG.Tencent.Key, Secret: CFG.Tencent.Secret},
        Mixpanel:      &hu.Share{Token: CFG.Mixpanel.Token},
        FacebookShare: &hu.Share{Token: CFG.Facebook.Token},
        SinaShare:     &hu.Share{Token: CFG.Sina.Token},
        GoogleShare:   &hu.Share{Token: CFG.Google.Token},
        TencentShare:  &hu.Share{Token: CFG.Tencent.Token},
    }
    http.Handle("/users", userHandler)
    http.Handle("/users/", userHandler)

    //and so on ...

    //run server
    log.Println("start listen: ", CFG.FcgiAddr)
    l, _ := net.Listen("tcp", CFG.FcgiAddr)
    log.Fatalf("server error is %v", fcgi.Serve(l, nil))
    //@@select {}
    log.Println("end listen")
}

```

构建它并在nginx后面部署。

然后是客户端查询/users/1234567/places/users/1234567,依此类推......

获得的回复是{blank data}{normal user(1234567) data}{normal user(1234567) data}{normal user(1234567) data}

查询的相同前缀和相同的处理程序看起来像是通过后续HTTP请求重载响应。

我该怎么做?

我可能需要举一个答案的例子:

正确答案是:

{ "meta": { "code": 200, "text": "OK" }, "data": { "count": 21, "place-tag-maps": [{ "id": "95842310160384", "place-id": "95551731663150", "tag-id": "95551579750669", "ct": "2014-07-01T09:07:28Z" }, { "id": "95842310160385", "place-id": "95551731663150", "tag-id": "95551579750694", "ct": "2015-01-15T17:41:23Z" }, { "id": "96262389694470", "place-id": "95551731663150", "tag-id": "95910120456455", "ct": "2016-07-18T13:11:39Z" }, ...], "places": [{ "id": "95551731663150", "name": "Kam Fung Restaurant", "address": "G/F, 41 Spring Garden Ln", "coordinate": { "latitude": 22.275576, "longitude": 114.172582 }, "telephone": "+852 2572 0526", "city-id": "95530516807703", "city": "Hong Kong", "country": "Hong Kong", "type": "4sq", "ref-id": "4b1613f8f964a520cdb623e3", "ct": "2016-02-23T07:42:43.565489Z", "mt": "2017-02-22T09:35:48.302929Z", "rating": 7.5, "stats": { "foursquare": { "count": 111, "value": 7.5 }, "spottly": { "save-count": 12 } }, "permanent-close": false, "price": "" }, ...], "posts": [{ "collection-id": "95551746474003", "coordinate": { "latitude": 22.275576, "longitude": 114.172582 }, "ct": "2017-02-22T09:35:47Z", "facebook-tag-users": [], "id": "97501586849795", "medias": [], "message": "", "mt": "2017-02-22T09:35:47Z", "owner-id": "96527264645120", "place-id": "95551731663150", "share-to": [], "star": 5, "status": "Done", "tags": [] }, ...], "users": [{ "id": "95551581323446", "uid": "hk_epicurus", "uid-ignore-case": "hk_epicurus", "name": "Hk Epicurus", "head": "https://d278wa0j9nq2mp.cloudfront.net/uploader/54aa335ddf4e63450002919a.jpeg", "site": "www.hkepicurus.com", "location": "Hong Kong", "description": "Hong Kong Food \u0026 Travel Bear.\nGrew up in Aust, Malaysia, Tokyo \u0026 HK. \nInstagram: EpicurusHongKong\nFacebook, Spottly \u0026 Twitter: HK Epicurus \n微博: 香港美食-伊比\nFacebook Fans Page: http://on.fb.me/1qDyiIk", "ct": "2013-10-13T19:12:41Z", "mt": "2015-11-08T15:22:45Z" }, ...] } } { "meta": { "code": 200, "text": "OK" }, "data": { "friends": [{ "id": "97331335725056", "from-id": "97273770803200", "to-id": "96527264645120", "ct": "2017-01-23T07:58:41Z" }], "user": { "ct": "2013-04-30T23:30:05Z", "description": "Founder and Chief Everything Officer of Spottly. Loves to eat. Have a really bad memory. Wants to remember the best places and make travel research better", "followers": { "count": 41291 }, "followings": { "count": 322 }, "head": "https://d278wa0j9nq2mp.cloudfront.net/uploader/525ffac8df4e6347870145ef.jpeg", "id": "96527264645120", "location": "Vancouver | Hong Kong | Beijing ", "mt": "2015-10-27T09:47:12Z", "name": "Edwyn Chan", "site": "http://spottly.com/edwyn", "uid": "edwyn", "uid-ignore-case": "edwyn" } } }

但错误回应是

{ "meta": { "code": 200, "text": "OK" } } { "meta": { "code": 200, "text": "OK" }, "data": { "friends": [{ "id": "97331335725056", "from-id": "97273770803200", "to-id": "96527264645120", "ct": "2017-01-23T07:58:41Z" }], "user": { "ct": "2013-04-30T23:30:05Z", "description": "Founder and Chief Everything Officer of Spottly. Loves to eat. Have a really bad memory. Wants to remember the best places and make travel research better", "followers": { "count": 41291 }, "followings": { "count": 322 }, "head": "https://d278wa0j9nq2mp.cloudfront.net/uploader/525ffac8df4e6347870145ef.jpeg", "id": "96527264645120", "location": "Vancouver | Hong Kong | Beijing ", "mt": "2015-10-27T09:47:12Z", "name": "Edwyn Chan", "site": "http://spottly.com/edwyn", "uid": "edwyn", "uid-ignore-case": "edwyn" } } }

第一个回应是错误。或者与第二次回复相同。

序列请求是正确的响应,并行请求是错误的响应。

2 个答案:

答案 0 :(得分:0)

问题解决了。

基本原因是这种情况:

var x = &{...} //init value
fillX(..., x) //fill the fields of x pointer 
//here the fields of x pointer is not same to inner of fillX func

所以,改为

var x = &{...}
x = fullX(..., x)
the problem resolved.

但为什么指针是行为?

答案 1 :(得分:0)

最后,这个问题解决了。

由于http.Handle寄存器的路径模式和处理程序对,该处理程序仅通过寄存器时间构造一次,而不是针对任何路径模式的请求。

如果在处理程序中记录信息,将在请求后更改。

相关问题
最新问题