🐛 static thread_local in filters cause highly incorrect responses

2025-12-17 00:22:14 +11:00 · 2021-07-09 00:06:49 -07:00 · 2021-07-09 00:06:49 -07:00 · 1d6bbb35bf
commit 1d6bbb35bf
parent 6e57178dc8
2 changed files with 18 additions and 21 deletions
--- a/src/json_filter.cpp
+++ b/src/json_filter.cpp
@ -13,16 +13,16 @@ void JsonFilter<check_content_type>::doFilter(const HttpRequestPtr &req,
                                              FilterCallback &&fcb,
                                              FilterChainCallback &&fccb)
 {
-    static thread_local std::string_view accept_header = req->getHeader("Accept");
+    std::string_view accept_header = req->getHeader("Accept");
    if constexpr (check_content_type)
    {
-        static thread_local std::string_view content_type = req->getHeader("content-type");
+        std::string_view content_type = req->getHeader("content-type");
        if (content_type == "application/json" && (Contains(accept_header, "*/*") || Contains(accept_header, "application/json")))
        {
            fccb();
            return;
        }
-        static thread_local const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k406NotAcceptable, "\"Client must Accept and have content-type of JSON\""));
+        const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k406NotAcceptable, "\"Client must Accept and have content-type of JSON\""));
        fcb(resp);
    }
    else
@ -32,7 +32,7 @@ void JsonFilter<check_content_type>::doFilter(const HttpRequestPtr &req,
            fccb();
            return;
        }
-        static thread_local const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k406NotAcceptable, "\"Client must Accept JSON\""));
+        const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k406NotAcceptable, "\"Client must Accept JSON\""));
        fcb(resp);
    }
 }
--- a/src/user_filter.cpp
+++ b/src/user_filter.cpp
@ -8,29 +8,27 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
                                                        FilterCallback &&fcb,
                                                        FilterChainCallback &&fccb)
 {
-    static thread_local std::string_view auth_header = req->getHeader("Authorization");
+    std::string_view auth_header = req->getHeader("Authorization");
    if (auth_header.size() > 6 && auth_header.size() <= 517) //"Basic " + username + ':' + password
    {
        if (auth_header.substr(0, 6) == "Basic ")
        {
-            static thread_local std::string_view base64_input = auth_header.substr(6);
-            static thread_local std::array<char, 384> base64_result; //(255 username + ':' + 255 password) * 3/4
-            static thread_local size_t new_sz;
+            std::string_view base64_input = auth_header.substr(6);
+            std::array<char, 384> base64_result; //(255 username + ':' + 255 password) * 3/4
+            size_t new_sz;
            base64_decode(base64_input.data(), base64_input.size(), base64_result.begin(), &new_sz, 0);

-            static thread_local std::string_view results_view(base64_result.begin(), new_sz);
-            static thread_local std::size_t middle = results_view.find(':');
+            std::string_view results_view(base64_result.begin(), new_sz);
+            std::size_t middle = results_view.find(':');
            if (middle != std::string::npos)
            {
-                static thread_local std::string username;
-                string_view_to_string(username, results_view.substr(0, middle));
+                StrFromSV_Wrapper username(results_view.substr(0, middle));
                if constexpr (require_admin)
                {
-                    if (bank.AdminVerifyAccount(username))
+                    if (bank.AdminVerifyAccount(username.str))
                    {
-                        static thread_local std::string password;
-                        string_view_to_string(password, results_view.substr(middle + 1));
-                        if (bank.VerifyPassword(username, password))
+                        StrFromSV_Wrapper password(results_view.substr(middle + 1));
+                        if (bank.VerifyPassword(username.str, password.str))
                        {
                            fccb();
                            return;
@ -39,13 +37,12 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
                }
                else
                {
-                    static thread_local std::string password;
-                    string_view_to_string(password, results_view.substr(middle + 1));
-                    if (bank.VerifyPassword(username, results_view.substr(middle + 1)))
+                    StrFromSV_Wrapper password(results_view.substr(middle + 1));
+                    if (bank.VerifyPassword(username.str, results_view.substr(middle + 1)))
                    {
                        if constexpr (set_body_flag)
                        {
-                            req->setParameter("name", username);
+                            req->setParameter("name", username.str);
                        }
                        fccb();
                        return;
@ -54,7 +51,7 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
            }
        }
    }
-    static thread_local const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k401Unauthorized, "\"Invalid Credentials\""));
+    const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k401Unauthorized, "\"Invalid Credentials\""));
    fcb(resp);
 }