mirror of
https://github.com/Expand-sys/CCash
synced 2025-12-19 01:22:14 +11:00
🐛 static thread_local in filters cause highly incorrect responses
This commit is contained in:
EntireTwix
parent
6e57178dc8
commit
1d6bbb35bf
2 changed files with 18 additions and 21 deletions
|
|
@ -13,16 +13,16 @@ void JsonFilter<check_content_type>::doFilter(const HttpRequestPtr &req,
|
||||||
FilterCallback &&fcb,
|
FilterCallback &&fcb,
|
||||||
FilterChainCallback &&fccb)
|
FilterChainCallback &&fccb)
|
||||||
{
|
{
|
||||||
static thread_local std::string_view accept_header = req->getHeader("Accept");
|
std::string_view accept_header = req->getHeader("Accept");
|
||||||
if constexpr (check_content_type)
|
if constexpr (check_content_type)
|
||||||
{
|
{
|
||||||
static thread_local std::string_view content_type = req->getHeader("content-type");
|
std::string_view content_type = req->getHeader("content-type");
|
||||||
if (content_type == "application/json" && (Contains(accept_header, "*/*") || Contains(accept_header, "application/json")))
|
if (content_type == "application/json" && (Contains(accept_header, "*/*") || Contains(accept_header, "application/json")))
|
||||||
{
|
{
|
||||||
fccb();
|
fccb();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
static thread_local const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k406NotAcceptable, "\"Client must Accept and have content-type of JSON\""));
|
const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k406NotAcceptable, "\"Client must Accept and have content-type of JSON\""));
|
||||||
fcb(resp);
|
fcb(resp);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
@ -32,7 +32,7 @@ void JsonFilter<check_content_type>::doFilter(const HttpRequestPtr &req,
|
||||||
fccb();
|
fccb();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
static thread_local const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k406NotAcceptable, "\"Client must Accept JSON\""));
|
const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k406NotAcceptable, "\"Client must Accept JSON\""));
|
||||||
fcb(resp);
|
fcb(resp);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,29 +8,27 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
|
||||||
FilterCallback &&fcb,
|
FilterCallback &&fcb,
|
||||||
FilterChainCallback &&fccb)
|
FilterChainCallback &&fccb)
|
||||||
{
|
{
|
||||||
static thread_local std::string_view auth_header = req->getHeader("Authorization");
|
std::string_view auth_header = req->getHeader("Authorization");
|
||||||
if (auth_header.size() > 6 && auth_header.size() <= 517) //"Basic " + username + ':' + password
|
if (auth_header.size() > 6 && auth_header.size() <= 517) //"Basic " + username + ':' + password
|
||||||
{
|
{
|
||||||
if (auth_header.substr(0, 6) == "Basic ")
|
if (auth_header.substr(0, 6) == "Basic ")
|
||||||
{
|
{
|
||||||
static thread_local std::string_view base64_input = auth_header.substr(6);
|
std::string_view base64_input = auth_header.substr(6);
|
||||||
static thread_local std::array<char, 384> base64_result; //(255 username + ':' + 255 password) * 3/4
|
std::array<char, 384> base64_result; //(255 username + ':' + 255 password) * 3/4
|
||||||
static thread_local size_t new_sz;
|
size_t new_sz;
|
||||||
base64_decode(base64_input.data(), base64_input.size(), base64_result.begin(), &new_sz, 0);
|
base64_decode(base64_input.data(), base64_input.size(), base64_result.begin(), &new_sz, 0);
|
||||||
|
|
||||||
static thread_local std::string_view results_view(base64_result.begin(), new_sz);
|
std::string_view results_view(base64_result.begin(), new_sz);
|
||||||
static thread_local std::size_t middle = results_view.find(':');
|
std::size_t middle = results_view.find(':');
|
||||||
if (middle != std::string::npos)
|
if (middle != std::string::npos)
|
||||||
{
|
{
|
||||||
static thread_local std::string username;
|
StrFromSV_Wrapper username(results_view.substr(0, middle));
|
||||||
string_view_to_string(username, results_view.substr(0, middle));
|
|
||||||
if constexpr (require_admin)
|
if constexpr (require_admin)
|
||||||
{
|
{
|
||||||
if (bank.AdminVerifyAccount(username))
|
if (bank.AdminVerifyAccount(username.str))
|
||||||
{
|
{
|
||||||
static thread_local std::string password;
|
StrFromSV_Wrapper password(results_view.substr(middle + 1));
|
||||||
string_view_to_string(password, results_view.substr(middle + 1));
|
if (bank.VerifyPassword(username.str, password.str))
|
||||||
if (bank.VerifyPassword(username, password))
|
|
||||||
{
|
{
|
||||||
fccb();
|
fccb();
|
||||||
return;
|
return;
|
||||||
|
|
@ -39,13 +37,12 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
static thread_local std::string password;
|
StrFromSV_Wrapper password(results_view.substr(middle + 1));
|
||||||
string_view_to_string(password, results_view.substr(middle + 1));
|
if (bank.VerifyPassword(username.str, results_view.substr(middle + 1)))
|
||||||
if (bank.VerifyPassword(username, results_view.substr(middle + 1)))
|
|
||||||
{
|
{
|
||||||
if constexpr (set_body_flag)
|
if constexpr (set_body_flag)
|
||||||
{
|
{
|
||||||
req->setParameter("name", username);
|
req->setParameter("name", username.str);
|
||||||
}
|
}
|
||||||
fccb();
|
fccb();
|
||||||
return;
|
return;
|
||||||
|
|
@ -54,7 +51,7 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
static thread_local const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k401Unauthorized, "\"Invalid Credentials\""));
|
const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k401Unauthorized, "\"Invalid Credentials\""));
|
||||||
fcb(resp);
|
fcb(resp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue