fix(openapi): fix auth scheme loss in OnBeforeRequest hook#59
Open
fan4w wants to merge 1 commit intotencent-connect:masterfrom
Open
fix(openapi): fix auth scheme loss in OnBeforeRequest hook#59fan4w wants to merge 1 commit intotencent-connect:masterfrom
fan4w wants to merge 1 commit intotencent-connect:masterfrom
Conversation
- 修复升级 go-resty v2.17+ 后,首次请求鉴权前缀丢失退化为 Bearer 导致 500 的问题 - 且修复高并发场景下,多个协程同时在 Hook 中修改全局 Client 可能导致的竞态 - 方案:改为直接操作当前上下文的 r *resty.Request 注入而不是 client
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
bug 现象
当项目将底层间接依赖
github.com/go-resty/resty/v2升级至较高版本(如v2.17.2)时,机器人发起的首次 API 请求会稳定复现 500 错误(报错体:{"message": "fetch robot info failed", "code": 340067})。而之后的请求正常。通过日志发现,首次请求的请求头中,认证体为:
Authorization: Bearer,而能正常发送的认证体为:Authorization: QQBot。高版本go-resty在首次请求时,默认回退使用了Bearer作为 Authorization Scheme。原因
问题出在
openapi/v1/openapi.go的setupClient函数中的OnBeforeRequest钩子设计上:c.SetAuthScheme(tk.TokenType)来挂载鉴权。但在高版本的go-resty中,行为有所不同,此时修改全局的Client (c),不会影响当前正在发出的这个Request的TokenType,导致当前请求鉴权失败。c *resty.Client。可能存在多个并发请求同时修改全局 Client 的属性,存在数据竞争隐患。