awa / go-iap

go-iap verifies the purchase receipt via AppStore, GooglePlayStore, AmazonAppStore and Huawei HMS.
MIT License
902 stars 249 forks source link

When encountering overly large receipt data, the returned JSON will be truncated, resulting in JSON validation failure #240

Open MissWho opened 1 year ago

MissWho commented 1 year ago
client := appstore.New()
req := appstore.IAPRequest{
    ReceiptData: "### Order credential size exceeds 200KB",
}
resp := &appstore.IAPResponse{}
ctx := context.Background()
err := client.Verify(ctx, req, resp)

I used sandbox credentials with an order of 500 during testing. After the production environment returned 21007, the data returned by the second call to c.httpCli. Do (req) was truncated. When I replaced another library, the returned data was normal

Incomplete data, JSON parsing failed 689e178a8c44a56af2bc3fc24bea91d

The data returned is complete, and JSON parsing is normal. 7151af6f4afa1509c2df4aa825bde0e

richzw commented 1 year ago

@MissWho Here are some questions

  1. What is the status of the response of httpCli.Do on the sandbox envrionment?

When I replaced another library, the returned data was normal

  1. Could you please tell us some details of the other library? like github repo?
  1. Any more details of the request could be helpful for us to debug this issue.
MissWho commented 1 year ago

@MissWho Here are some questions

  1. What is the status of the response of httpCli.Do on the sandbox envrionment?

When I replaced another library, the returned data was normal

  1. Could you please tell us some details of the other library? like github repo?
  2. Any more details of the request could be helpful for us to debug this issue.

Sorry for waiting for a long time. After multiple checks, it seems to be a resp The incomplete data returned by Body resulted in JSON parsing failure with error code EOF. After adding my own debugging code, the file written to the disk was legal and the data could be parsed normally

file:appstore\validator.go 188line

image 1695652110848 1695652379062

richzw commented 1 year ago

@MissWho Thank you for your response. The invalid response JSON data caused the JSON Decode failure, and the invalid JSON data with EOF returned from the test URL. Please correct me if something was misunderstanding.

MissWho commented 1 year ago

@richzw How could EOF occur in the data returned by Apple's server? My own test code using json.Unmarshal can decode it successfully, but when using the original json.NewDecoder, it throws an EOF error. I'm using the same body in both cases. If it weren't for the inclusion of sensitive information, I would have sent you the test code already. I need your help in investigating this issue, as I'm starting to doubt whether it's a problem with my code.

richzw commented 1 year ago

@MissWho Sorry for misunderstanding of your previous response.

Let's double-check the following

  1. The status code of the test URL is 200?

  2. The response body could be parsed by json.Unmarshal successfully, but failed by json.NewDecoder(resp.Body).Decode(result) and the error is EOF. Namely, the following codes

    buf, err := io.ReadAll(resp.Body)
    if err != nil {
        return 0, err
    }

    err = json.Unmarshal(buf, &result)
    if err != nil {
        return 0, err
    }

could parse the response body successfully.

  1. Could you please share the response data under compliance requirements? We could do some further investigation. Thanks in advance.
MissWho commented 1 year ago
  1. HTTP response code is 200.
  2. The data could be successfully parsed before adding it to json.newdecoder using the provided code.
  3. Please wait while I organize the request response.

However, there's still a very peculiar issue: if I execute the validation request separately within the main function, this problem doesn't occur. My current application scenario is within a web service's API. There are still many factors contributing to this issue.

kaijietti commented 1 year ago

image you have already read resp.Body, which is a ReadCloser. Check examples: https://go.dev/play/p/bWjUpqTD7J_0 and https://go.dev/play/p/RJcDug1ecG2

richzw commented 1 year ago

@MissWho , If the resp.Body was read more than once, the error EOF could come up.

richzw commented 1 year ago

One more thing, The verifyReceipt API has been deprecated as of 5 Jun 2023. Please use App Store Server API instead.