I am building a website that will rely on cookies for various things.
Then I decided to have a function that sets a cookie then read the same cookie in order to see if the browser allows cookies.
But this fails.
The template in ./views/index.html
{{define "index"}}template{{end}}
The main code:
package main
import (
"fmt"
"html/template"
"log"
"net/http"
"strconv"
"time"
"github.com/gorilla/handlers"
"github.com/gorilla/mux"
)
var tmpl *template.Template
func main(){
port :=":8088"
router := mux.NewRouter()
router.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
//Set test cookie
cookieName := strconv.FormatInt(time.Now().UnixNano(), 10)
cookieValue := strconv.FormatInt(time.Now().UnixNano(), 10)
fmt.Println("cookieName:" + cookieName)
fmt.Println("cookieValue:" + cookieValue)
cookie := http.Cookie{Name: cookieName, Value: cookieValue, Path: "/"}
http.SetCookie(w, &cookie)
//Get cookies
fmt.Println("Range over cookies")
for _, c := range r.Cookies() {
fmt.Println(c)
}
//Get test cookie by name
c, err := r.Cookie(cookieName)
if err != nil {
fmt.Println("Error: " + err.Error())
} else {
fmt.Println(c.Value)
}
err = tmpl.ExecuteTemplate(w, "index", "")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
})
var err error
tmpl, err = template.ParseGlob("views/*")
if err != nil {
panic(err.Error())
}
router.PathPrefix("/").HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
http.FileServer(http.Dir("./static/")).ServeHTTP(res, req)
})
fmt.Println("Server running on localhost" + port)
err = http.ListenAndServe(port, handlers.CompressHandler(router))
if err != nil {
log.Fatal(err)
}
}
This is terminal output:
Server running on localhost:8088
cookieName:1636243636497412077
cookieValue:1636243636497413613
Range over cookies
Error: http: named cookie not present
Any pointers to what my issue might be?
You are checking r.Cookies before you have sent the cookie to the client. You must send the cookie and then if you want to check their cookie, send a second request. It would be much easier to just open the browser and look to see if your cookie is there after you send your first response.
The method Request.Cookie gets a cookie from request Cookie headers.
The function http.SetCookie adds a Set-Cookie header to the response headers. You can observe the result of http.SetCookie using this code:
fmt.Println(w.Header()["Set-Cookie"])
The named cookie is not present in the current request because http.SetCookie does not modify the current request.
The flow of cookie values is this:
The server sets cookies in a response using the Set-Cookie header.
The client stores the cookies in a "cookie jar".
The client adds matching cookies from the jar to requests using the Cookie request header.
The server gets the cookies form the request headers.
Try this code. Load the page in the browser and refresh to observe the flow of cookie values.
const cookieName = "example"
cookieValue := strconv.FormatInt(time.Now().UnixNano(), 10)
fmt.Printf("Set cookie %s=%s\n", cookieName, cookieValue)
cookie := http.Cookie{Name: cookieName, Value: cookieValue, Path: "/"}
http.SetCookie(w, &cookie)
c, err := r.Cookie(cookieName)
if err != nil {
fmt.Printf("Get cookie %s error: %v\n", cookieName, err)
} else {
fmt.Printf("Get cookie %s=%s\n", cookieName, c.Value)
}
Related
I'm building a small service that interacts with other server.
I must send a cookie with session token to that server. And use it later for my identification. But that cookie isn't set. And no cookies are sent back.
The request is made over https protocol.
Here's the code:
// ---> create Client
client := &http.Client{}
// ---> create Request
req, err := http.NewRequest("GET", indexURL, nil)
if err != nil {
fmt.Printf("NewRequest fail: %s\n", err)
}
// ---> define a cookie
cookie := http.Cookie{Name: "sess", Value: "value", HttpOnly: true, MaxAge: 0, Path: "/", Domain: "the.server.domain"}
req.AddCookie(&cookie)
// ---> fire in the hole!
resp, err := client.Do(req)
if err != nil {
fmt.Printf("client.Do fail: %s\n", err)
}
defer resp.Body.Close()
// ---> read the cookies
fmt.Printf("cookies: %d\n", len(resp.Cookies())) // prints zero (((
// ---> not even launched ((
for _, cookie := range resp.Cookies() {
fmt.Printf("GET cookie[%s] = %s\n", cookie.Name, cookie.Value)
}
What I am doing wrong?
I tried also
req.Header.Set(`Cookie`, `sess=value`)
but with no effect
Your code seems fine, it must be an issue with the server. Even without sending
a cookie, I can get a cookie back:
package main
import "net/http"
func main() {
r, e := http.Get("https://stackoverflow.com")
if e != nil {
panic(e)
}
defer r.Body.Close()
c := r.Cookies()
println(len(c) == 1)
}
I want to make a get request for each param in an params array. The url is static. Is there a way to reuse my custom http client for each iteration? I don't want to reset the header for each request. Ideally, I'd like to do something like client.Do(param) for each iteration.
client := &http.Client{}
for _, param := range params {
uri := url + param
req, err := http.NewRequest(http.MethodGet, uri, nil)
req.Header.Add("Cookie", cookie)
resp, _ := client.Do(req)
defer resp.Body.Close()
// do something...
}
I think you are wanting to just keep your cookies, and not have to set it on each request? If that's the case you can do:
import (
"net/http"
"net/http/cookiejar"
"golang.org/x/net/publicsuffix"
)
// All users of cookiejar should import "golang.org/x/net/publicsuffix"
cookieJar, err := cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List})
if err != nil {
panic(err)
}
var cookies []*http.Cookie
cookies = append(cookies, cookie)
u, err := url.Parse("http://whateversite.com")
if err != nil {
panic(err)
}
jar.SetCookies(u, cookies)
client := &http.Client{
Jar: cookieJar,
}
I am exploring OAuth2 authentication and set up a server that authenticates with Github. I followed this example, and was able to get it working. I wanted to continue on with some of the suggestions and implement a basic session token system and make the Github calls from my server as opposed to sending the Authorization token to the client.
Here is my slightly modified /oauth/redirect handler
func oauthRedirectHandler(w http.ResponseWriter, r *http.Request) {
fmt.Println("/oauth/redirect")
err := r.ParseForm()
if err != nil {
fmt.Fprintf(os.Stdout, "could not parse query: %+v", err)
w.WriteHeader(http.StatusBadRequest)
}
code := r.FormValue("code")
reqURL := fmt.Sprintf("https://github.com/login/oauth/access_token?client_id=%s&client_secret=%s&code=%s", clientID, clientSecret, code)
req, err := http.NewRequest(http.MethodPost, reqURL, nil)
if err != nil {
fmt.Fprintf(os.Stdout, "could not create HTTP request: %v", err)
w.WriteHeader(http.StatusBadRequest)
}
req.Header.Set("accept", "application/json")
res, err := httpClient.Do(req)
if err != nil {
fmt.Fprintf(os.Stdout, "could not send HTTP request: %+v", err)
w.WriteHeader(http.StatusInternalServerError)
}
defer res.Body.Close()
var t oAuthAccessResponse
if err := json.NewDecoder(res.Body).Decode(&t); err != nil {
fmt.Fprintf(os.Stdout, "could not parse JSON response: %+v", err)
w.WriteHeader(http.StatusBadRequest)
}
newSession := sessionTracker{
AccessToken: accessToken,
TimeOut: time.Now().Add(time.Minute * 15),
}
sessionToken := uuid.New().String()
sessionTrackerCache[sessionToken] = newSession
http.SetCookie(w, &http.Cookie{
Name: sessionTokenConst,
Value: sessionToken,
Expires: newSession.TimeOut,
Domain: "localhost",
})
http.Redirect(w, r, "/welcome.html", http.StatusFound)
}
It redirects to the welcome page with an attached cookie that includes my SessionToken id.
Here is my welcomeHandler
func welcomeHandler(w http.ResponseWriter, req *http.Request) {
fmt.Println("/welcome")
cookie, err := req.Cookie(sessionTokenConst)
if err != nil {
fmt.Fprintf(os.Stdout, "no cookie attached: %+v", err)
w.WriteHeader(http.StatusBadRequest)
return
}
dat, err := ioutil.ReadFile("./public/welcome.html")
if err != nil {
fmt.Fprintf(os.Stdout, "could not read welcome page: %+v", err)
w.WriteHeader(http.StatusInternalServerError)
}
fmt.Fprintf(w, string(dat))
}
Observing my browser's network tab, I authenticate with Github and my server is able to see the authorization token. The redirect response at the end of the oauthRedirectHandler contains the cookie with the SessionID. My issue lies in the fact that the browser does not seem to attach the token on the GET call to /welcome.html. I can confirm this in both the browser and in the welcomeHandler.
This is all hosted locally.
I'm not sure if this is a issue with my server, my browser, or if my understanding that cookies are applied by the browser to any future client requests until the cookie expiration date is wrong.
Any help is appreciated!
Browsers default the cookie path to the request path. Set the path to "/" to make the cookie available across the site.
Do not set the domain unless you specifically have a reason to do so (thank you Volker for noting that).
http.SetCookie(w, &http.Cookie{
Name: sessionTokenConst,
Value: sessionToken,
Path: "/", // <--- add this line
Expires: newSession.TimeOut,
// Domain: "localhost", <-- Remove this line
})
I'm attempting to use Go to write a utility that authenticates and uploads a file by making a multipart http request to our server. Everything seems to go okay, except the file is not arriving on the server. Looking at it further it appears the multipart in the request is empty. Code and request output below. What am I missing in my Go code?
The Code: (I've changed the URL...)
package main
import (
"net/http"
"mime/multipart"
"strings"
"fmt"
"io/ioutil"
"io"
"os"
"bytes"
"flag"
"encoding/json"
)
var (
filename = flag.String("filename", "", "file to upload")
name = flag.String("name", "", "name to give file on server")
username = flag.String("username", "", "username for authentication")
password = flag.String("password", "", "password for authentication")
)
func main() {
flag.Parse()
// Create multipart
var b bytes.Buffer
w := multipart.NewWriter(&b)
f, _ := os.Open(*filename) //open file to send
defer f.Close()
fw, err := w.CreateFormFile("file", *name) //give file a name
if err != nil {
fmt.Println(err)
}
if _, err := io.Copy(fw, f); err != nil { //copy the file to the multipart buffer
fmt.Println(err)
}
w.Close()
// print the head of the multipart data
bs := b.Bytes()
fmt.Printf("%+v\n\n", string(bs[:1000]))
// Send authentication/login
r, e := http.Post("https://mysite/login", "application/json", strings.NewReader(fmt.Sprintf("{\"username\":\"%s\",\"password\":\"%s\"}", *username, *password)))
if e != nil {
fmt.Println(e)
} else {
// Get the token from the body
type Body struct {
Token string
}
// convert json to get the token
body, _ := ioutil.ReadAll(r.Body)
bd := bytes.NewBuffer(body)
dec := json.NewDecoder(bd)
var m Body
dec.Decode(&m)
// Upload file
req, err := http.NewRequest("POST", "https://mysite/api/apps", &b)
if err != nil {
fmt.Printf("%v\n", err)
}
req.Header.Set("Authentication", fmt.Sprintf("Bearer: %s", m.Token))
req.Header.Set("Content-Type", w.FormDataContentType())
client := &http.Client{}
res, err := client.Do(req)
if err != nil {
fmt.Printf("%v\n", err)
}
// print status and request body
fmt.Println(res.Status)
fmt.Printf("%+v\n", res.Request)
}
}
The first thing I print is the byte buffer, b, which contains the multipart data, everything looks good from here. (it was an xml file)
--83451b003d8e5cc38c0e8f60ad318e522cad4818cf293745c84ec36d26d5
Content-Disposition: form-data; name="file"; filename="snapshot-162224-820-99"
Content-Type: application/octet-stream
<manifest>
<projects>
<project name=........
Next I print the status of the request.
200 OK
Then I printed out the request structure, here is where I saw the MultipartForm was empty.
&{Method:GET URL:https://mysite/home/ Proto: ProtoMajor:0 ProtoMinor:0 Header:map[Authentication:[Bearer: DY0LCJL0g] Content-Type:[multipart/form-data; boundary=83451b003d8e5cc38c0e8f60ad318e522cad4818cf293745c84ec36d26d5] Referer:[http://mysite/home/]] Body:<nil> GetBody:<nil> ContentLength:0 TransferEncoding:[] Close:false Host: Form:map[] PostForm:map[] MultipartForm:<nil> Trailer:map[] RemoteAddr: RequestURI: TLS:<nil> Cancel:<nil> Response:0xc42018a360 ctx:<nil>}
I highly doubt if the server really received nothing. The behavior of the printed body having a nil body is expected and documented in http.Response
// Request is the request that was sent to obtain this Response.
// Request's Body is nil (having already been consumed).
// This is only populated for Client requests.
Request *Request
If you want to debug the request body sented, you should either use a mock server or a proxy.
On another note, your code's attempt to login is not going to work. It does not maintain the cookie of login info, so the later requests cannot utilize them.
I wrote a simple web sever that gets the content of a given URL and writes it out using a http.ResponseWriter. But the problem is that it does not display any images and CSS on the page. The code is given bellow:
func factHandler(w http.ResponseWriter, r *http.Request) {
res, err := http.Get("http://www.meaningfultype.com/")
if err != nil {
log.Fatal(err)
}
robots, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
log.Fatal(err)
}
w.Write(robots)
}
What do I need to change so that the the whole page content as seen in the web browser is returned?
The problem here is presumably that the website you refer is using relative paths for the images and stylesheets, e.g. "/css/main.css". The local website that you deliver to the browser with your Go service has another domain (for example localhost) and thus the relative path cannot be resolved by the browser (there is no http://localhost/css/main.css).
So what you need to do is either set a base URL in the document you deliver or, alternatively, rewrite every relative path to an absolute path (/css/main.css to http://originalwebsite.com/css/main.css).
For adding the base tag or rewriting the URLs in the document I suggest employing something like goquery which lets you manipulate the HTML structure similar to how jQuery does it.
Example of adding a <base> tag:
import (
"github.com/PuerkitoBio/goquery"
"fmt"
)
func main() {
doc,err := goquery.NewDocument("http://www.meaningfultype.com/")
if err != nil {
panic(err)
}
m := doc.Find("head")
m.Children().First().BeforeHtml(`<base url="http://localhost/">`)
fmt.Println(doc.Html())
}
TL;DR
You are only serving the root HTML page, you need to respond to requests to other resources too (you can see what resource is being requested with the URL variable of the *http.Request variable)
When serving the resources, you need to write the Header's Content-Type to let the browser know what's the type of the resource (like image/png)
Full Answer
What you are doing in your request handler is getting http://www.meaningfultype.com/, the HTML page, then the browser finds an image like /images/header-logo.png and makes the request to get it but your server in localhost doesn't know how to respond to http://localhost/images/header-logo.png.
Assuming your handler function is handling requests at the root of the server ("/"), you could get the requested URL r.URL and use it to get the required resource:
url := "http://www.meaningfultype.com/"
if r.URL.Host == "" {
url += r.URL.String()
} else {
url = r.URL.String()
}
res, err := http.Get(url)
The problem is that, even after doing this, all the resources are sent as plain/text because you are not setting the Header's Content-Type. That's why you need to specify the type of the resource before writing. In order to know what the type of the resource is, just get it from the Content-Type you just received in the Header of the response of http.Get:
contentType := res.Header.Get("Content-Type")
w.Header().Set("Content-Type", contentType)
w.Write(robots)
The final result:
package main
import (
"io/ioutil"
"log"
"net/http"
)
func main() {
http.HandleFunc("/", factHandler)
http.ListenAndServe(":8080", nil)
}
func factHandler(w http.ResponseWriter, r *http.Request) {
url := "http://www.meaningfultype.com/"
if r.URL.Host == "" {
url += r.URL.String()
} else {
url = r.URL.String()
}
res, err := http.Get(url)
if err != nil {
log.Fatal(err)
}
robots, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
log.Fatal(err)
}
contentType := res.Header.Get("Content-Type")
w.Header().Set("Content-Type", contentType)
w.Write(robots)
}