HTTP request is aborted after response write in Golang - file

I have a server in Go that handles the files upload. It is a legacy code so I can't touch it so much.
The server should interrupt the upload if it detects some errors in the request header and it should return a message to the client that something is gone wrong.
The handler function is something like the following:
func(w http.ResponseWriter, r *http.Request) {
// Check the header. Could be more than one.
if r.Header.Get("key") == "not as expected" {
w.WriteHeader(500)
w.Write("key is wrong")
return
}
//handle the file upload
}
The header check is only an example to show the problem
The server closes the connection after Write and return from the function even if the request is not completed (file received).
On the client-side (Java) when I make a request with the key with a wrong value and the file to upload as a body, I get a broken pipe exception and It can't handle the response correctly.
Actually I can't touch the client-side code.
There is way on server side to wait until the request ends before closing the connection?

The "broken pipe" error¹ seen on the Java client suggests the client insists on sending the payload (body) of its request before attempting to read the response from the server.
In HTTP/1.1 (and 1.0), the client is correct: nothing in the spec says the client has to expect the server to respond before the whole request — that is, the header and the body, if any, — gets submitted.
In your particular case, the simplest approach is to pipe the clien's body to nowhere and after that respond with an error. One idiomatic approach is using io/ioutil.Discard type:
func(w http.ResponseWriter, r *http.Request) {
// Check the checksum header
if r.Header.Get("key") == "not as expected" {
_, err := io.Copy(ioutil.Discard, r.Body)
if err != nil {
// The client went away.
// May be log something, then bail out.
panic(http.ErrAbortHandler)
}
w.WriteHeader(500)
w.Write("key is wrong")
return
}
//handle the file upload
}
net/http.ErrAbortHandler may be used to tell the HTTP server library code the request should not be carried out the normal way.
By the way, responding with 5xx to an ill-formed client request is incorrect, you should have been using 4xx instead. But it's a legacy code, so just take this as a hint for future developments.
¹ See EPIPE in the send(2) manual page.

Related

OSB12c - Rest proxy service throwing Translation error in case of invalid JSON input

We have configured REST proxy service that accepts JSON input. If the input is not a well formed JSON OSB is throwing Translation error with HTTP 500 Staus code. Is that possible we can send Customized error message in this scenario
You need to create a global error handler for your pipeline and set the desired error message using a replace action here, followed by a "Reply" action.
Keep in mind that if you try to "read" the original request body in the global error handler, and if the original request was malformed, it will get thrown up to the system error handler and you will get the system error message again.
Here's a sample OSB 12.2.1.1 project you can use to try this: https://github.com/jvsingh/SOATestingWithCitrus/tree/develop/OSB/Samples/ServiceBusApplication1
The accompanying soapui project contains two requests. The malformed request should return this:
(I have only set the response here. You would also need to set the proper content type and decide whether you want to treat this as "success" or "failure" etc. in the reply action)

How to get correct $http error code, instead of -1?

I use $http to retrieve data from server. In case error happen, all statusCode = -1. I cannot get correct errorCode to handle in client. I don't have permission to update server code.
$http(options).then(function (response) {
if (response.status === 200) {
resolve(response.data);
} else {
exceptionHandler(response);
}
}, function (error) {
exceptionHandler(error);
});
console.log is put on exceptionHandler function.
Please help me get correct error code. Many thanks.
In the responses you have shown, the 404 error is available as error.status but the other two responses were denied access by your browser when it performed the preflight OPTIONS request.
In that case the browser returns a status of -1 to indicate that the request was aborted. There is no HTTP status code for your request because it was never sent. The status 500 shown in the console log is not made available to any javascript code.
You should handle a status of -1 as indicating that no response was received from the server, either because it was never sent (this case), or because it was sent but timed out.

How to properly add OAuth headers for a QuickBooks API call in Google Go

I am just trying to get a proof of concept working to test a connection to the QB api for a QB Online account. I have never tried to make an OAuth connection before like this, so I'm not sure that I am doing it right. Here's what I have so far, and it makes the request but I get a 401 error returned from QB's server (Unauthorized OAuth Token: signature_invalid401SERVER):
client := &http.Client{}
if req, err := http.NewRequest("GET", "https://qbo.intuit.com/qbo1/resource/customers/v2/717594130", nil); err != nil {
//handle error
} else {
req.Header.Add("Authorization", "OAuth oauth_token=\"MY_TOKEN\",oauth_nonce=\"7758caa9-e1f4-4fa1-84c5-5759fd513a88\",oauth_consumer_key=\"MY_KEY\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1369259523\",oauth_version=\"1.0\",oauth_signature=\"MY_SIG\"")
if resp, err := client.Do(req); err != nil {
//handle error
} else {
defer resp.Body.Close()
contents, err := ioutil.ReadAll(resp.Body)
if err != nil {
//handle error
}
myOutput := string(contents)
}
}
Could the problem may be with my settings on my QB account instead? There is a setting for "Host Name Domain" that I think it might only allow connections from what I have entered there (which is currently intuit.com). If that is the case, how do I set that to allow connections from my dev app on my localhost?
Are you using the correct OAuth algorithm to generate the signature?
Can you post an actual request/response that shows the outgoing signature/OAuth header, and the response you get back from Intuit?
Your code doesn't show any of that, and it doesn't look like you're using an Intuit DevKit, so that's probably the place to start. My guess would be that the signature you're sending isn't valid. I would highly recommend you find a OAuth library, and use that OAuth library, rather than try to roll your own OAuth algorithm.
As far as this goes:
Could the problem may be with my settings on my QB account instead?
There is a setting for "Host Name Domain" that I think it might only
allow connections from what I have entered there (which is currently
intuit.com).
That is not likely to be the problem... but to get any further than a simple test request, you will need to set that to your host name. If it's a local dev box, you can enter your local dev boxes hostname (e.g. http://localhost/ or http://192.168.1.2/ or anything like that is fine - whatever URL you use to hit your dev box)

Writing a GSM modem driver?

I've been working on an application which uses a GSM modem for one of two things; check its status using the built in HTTP stack by sending a GET request to the server, or sending data to the server (using UDP). I have tried several different methods to keep this as reliable as possible, and I'm finally ready to ask for help.
My application is written for the SIMCOM908 module and the PIC18 platform (I'm using a PIC18 Explorer for development).
So the problem is sometimes the modem is busy doing something, and misses a command. As a human, I would see that and just resend the command. Adding a facility for my MCU to timeout and resend isn't an issue.
What is an issue is that the modem sends unsolicited responses after different events. When the modem changes registration status (with the cell tower) it would respond with +CGREG: 1, ... or when the GPS is ready GPS Ready. These responses can happen at any time, including in the middle of a command (like creating an IP connection).
This is a problem, because I haven't thought of a way to deal with this. My application needs to send a command (to connect to the server for example, AT+CIPSTART="UDP","example.com",5000) This command will response with 'OK', and then when the command has finished 'CONNECT OK'. However, I need to be able to react to the many other possible responses, and I haven't figured out a way of doing this. What do I need to do with my code to; wait for a response from the modem, check the response, perform an action based on that response?
I am code limited (being an 8-bit microcontroller!) and would like the keep repetition to a minimum. How can I write a response function that will take a response from the GSM module (solicited or now) and then let the rest of my program know what is happening?
Ideally, I'd like to do something with those responses. Like keep an internal state (when I hear GPS Ready, I know I can power the GPS etc.
Maybe there are some things I should think about, or maybe there's an open source project that already solves this problem?
Here's what I have so far:
/* Command responses */
enum {
// Common
OK = 0,
ERROR,
TIMEOUT,
OTHER,
// CGREG
NOT_REGISTERED,
// CGATT
NOT_ATTACHED,
// Network Status
NO_NETWORK,
// GPRS status
NO_ADDRESS,
// HTTP ACTION
NETWORK_ERROR,
// IP Stack State
IP_INITIAL,
IP_STATUS,
IP_CONFIG,
UDP_CLOSING,
UDP_CLOSED,
UDP_CONNECTING
} gsmResponse;
int gsm_sendCommand(const char * cmd) {
unsigned long timeout = timer_getCurrentTime() + 5000;
uart_clearb(GSM_UART); // Clear the input buffer
uart_puts(GSM_UART, cmd); // Send the command to the module
while (strstr(bf2, "\r") == NULL) { // Keep waiting for a response from the module
if (timeout < timer_getCurrentTime()) { // Check we haven't timed out yet
printf("Command timed out: %s\r\n", cmd);
return TIMEOUT;
}
}
timer_delay(100); // Let the rest of the response be received.
return OK;
}
int gsm_simpleCommand(const char * cmd) {
if (gsm_sendCommand(cmd) == TIMEOUT)
return TIMEOUT;
// Getting an ERROR response is quick, so if there is a response, this will be there
if (strstr(bf2, "ERROR") != NULL)
return ERROR;
// Sometimes the OK (meaning the command ran) can take a while
// As long as there wasn't an error, we can wait for the OK
while (strstr(bf2, "OK") == NULL);
return OK;
}
A simple command is any AT command that is specifically looking for OK or ERROR in response. Something like AT. However, I also use it for more advanced commands like AT+CPIN? because it means I will have captured the whole response, and can further search for the +CPIN: READY. However, none of this actually response to the unsolicited responses. In fact, the gsm_sendCommand() function will return early when the unsolicited response is received.
What a good way to manage complex, occasionally unsolicited, status messages like this? Please take note that this application is written in C, and runs on an 8bit microcontroller!
Having to handle both unsolicited messages as well as responses to requests in the same data stream is difficult since you will need to demultiplex the incoming stream and dispatch the results to the appropriate handler. It's a bit like an interrupt handler in that you have to drop what you were doing and handle this other bit of information which you were not necessarily expecting.
Some modules have a secondary serial port which can also be used for messages. If this is possible you could have unsolicited messages only appear on a single serial port while the main port is for your AT commands. This may not be possible, and some GSM modules will not support the complete command set on a secondary port.
Perhaps a better approach is to just disable unsolicited messages. Most commands all the state to be requested. eg While waiting for registration, instead of waiting for an unsolicited registration message to appear, simply poll the module for the current registration state. This allows you to always be in control, and you only have to handle the responses for the command just sent. If you're waiting for multiple events you can poll in a loop for each item in turn. This will generally make the code simpler as you only have to handle a single response at a time. The downside is that your response times are limited by your polling rate.
If you're set on continuing with the unsolicited message approach, I'd suggest implementing a small queue for unsolicited messages. While waiting for responses to a command, if the response does not match the command, just push the response on a queue. Then, when you've either received a response to your AT command or timed out you can process the unsolicited message queue afterwards.

Specified method is not supported httpwebrequest - Silverlight

I am trying to use an HttpWebRequest object in Silverlight 2.0, to do a "POST".
Upon return from the BeginGetStream method I end up with the following error :
Message: "Specified method is not supported."
StackTrace: " at System.Net.BHWRAsyncResult.get_AsyncWaitHandle()"
Here's some sample code: Note I have used fiddler to see if anything is being sent across the wire and there is no network activity.
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(new Uri("http://someurl"));
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.Accept = "text/plain, */*";
req.Headers["X-Requested-With"] = "XMLHttpRequest";
AsyncCallback callBack = new AsyncCallback(streamResponse);
req.BeginGetRequestStream(callBack, null);
Thanks,
Dave
I just found one solution for this problem. HTTP Client need to know Content-Length to fill the Content-Length HTTP header value. Client can'not start request before it length became known. When You get RequestStream WebRequest can'not know how much bytes you will send to server. You must Close stream to commit Content-Length and only after closing the RequestStream You can call BeginGetResponse. It is strange that this not done inside WebRequest.
Hope this helps,
Dmitry
I just ran into this a while ago. Off the top of my head:
1) clientaccesspolicy.xml / crossdomain.xml isn't around on the server you are calling. Like flash, silverlight won't talk to a domain that doesn't have one.
1.1) Does fiddler log 404 errors? If it doesn't, you won't see the failed attempts Silverlight is making trying to get those policy files.
2) Failing that, sending your custom header might be upsetting things.

Resources