c++ - 使用 CURL 进行 GET 请求

Question

我的 Minecraft 服务器程序遇到了这个讨厌的问题。当您尝试登录到我的 minecraft 服务器时，我尝试从 minecraft.com 获得登录响应。一切都很好，并设置了验证 token key 和共享 key 。

我只是无法获得使用 curl 的 get 请求 :(

这是我的:

    requestString.append("GET /session/minecraft/hasJoined?username=");
    requestString.append(player.Username);
    requestString.append("&");
    requestString.append("serverId=");
    requestString.append(player.loginHash);
    requestString.append(" HTTP/1.0\r\n");
    std::cout << requestString << std::endl;


    curl_easy_setopt(curl, CURLOPT_URL, "https://sessionserver.mojang.com");
    list = curl_slist_append(list, requestString.c_str());
    list = curl_slist_append(list, "User-Agent: MinecraftServerPP\r\n");
    list = curl_slist_append(list, "Connection: close\r\n");
    list = curl_slist_append(list, "\r\n");
    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list);
    curl_easy_setopt(curl, CURLOPT_CAINFO, "cacert.pem");

    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, &_write_data);
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

我从服务器得到一个 ok，但不是包含我需要的数据的 json 对象。

Answer 1

为什么要将 GET 请求行放在 HTTP header 中？它根本不属于那里，事实上 libCURL 文档甚至指出了这一点:

CURLOPT_HTTPHEADER explained

The first line in a request (containing the method, usually a GET or POST) is not a header and cannot be replaced using this option. Only the lines following the request-line are headers. Adding this method line in this list of headers will only cause your request to send an invalid header. Use CURLOPT_CUSTOMREQUEST to change the method.

您当前的代码正在发送与此类似的 GET 请求:

GET / HTTP/1.1Host: sessionserver.mojang.comGET /session/minecraft/hasJoined?username=<username>&serverId=<loginHash> HTTP/1.0User-Agent: MinecraftServerPPConnection: close

Which is why you are not getting the response you are expecting. You are not actually requesting the /session/minecraft/hasJoined resource, you are actually requesting the root / resource.

You should be sending a GET request like this instead:

GET /session/minecraft/hasJoined?username=<username>&serverId=<loginHash> HTTP/1.0Host: sessionserver.mojang.comUser-Agent: MinecraftServerPPConnection: close

To accomplish that, you need to pass the complete URL to CURLOPT_URL and let libCURL handle the GET line for you. You can use CURLOPT_HTTPGET to ensure that GET is actually used.

Also, you should be using CURLOPT_HTTP_VERSION if you want to specify a specific HTTP version.

Also, although you can use CURLOPT_HTTPHEADER for the User-Agent and Connection headers, you should be using CURLOPT_USERAGENT and CURLOPT_FORBID_REUSE instead.

Try this instead:

url = "https://sessionserver.mojang.com/session/minecraft/hasJoined?username=");
url.append(player.Username); // <-- NOTE: see further below!
url.append("&serverId=");
url.append(player.loginHash); // <-- NOTE: see further below!
std::cout << url << std::endl;

curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L);
curl_easy_setopt(curl, CURLOPT_FORBID_REUSE, 1L); 
curl_easy_setopt(curl, CURLOPT_CAINFO, "cacert.pem");

curl_easy_setopt(curl, CURLOPT_USERAGENT, "MinecraftServerPP");

curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, &_write_data);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

现在，话虽如此，您需要考虑额外的逻辑才能正确处理 CURLOPT_URL:

Pass in a pointer to the URL to work with. The parameter should be a char * to a zero terminated string which must be URL-encoded in the following format:

scheme://host:port/path

For a greater explanation of the format please see RFC 3986.

libcurl doesn't validate the syntax or use this variable until the transfer is issued. Even if you set a crazy value here, curl_easy_setopt will still return CURLE_OK.

特别是，RFC 的这些部分与您的代码相关:

2.1. Percent-Encoding

A percent-encoding mechanism is used to represent a data octet in a component when that octet's corresponding character is outside the allowed set or is being used as a delimiter of, or within, the component. A percent-encoded octet is encoded as a character triplet, consisting of the percent character "%" followed by the two hexadecimal digits representing that octet's numeric value. For example, "%20" is the percent-encoding for the binary octet "00100000" (ABNF: %x20), which in US-ASCII corresponds to the space character (SP). Section 2.4 describes when percent-encoding and decoding is applied.

pct-encoded = "%" HEXDIG HEXDIG

The uppercase hexadecimal digits 'A' through 'F' are equivalent to the lowercase digits 'a' through 'f', respectively. If two URIs differ only in the case of hexadecimal digits used in percent-encoded octets, they are equivalent. For consistency, URI producers and normalizers should use uppercase hexadecimal digits for all percent-encodings.

2.4. When to Encode or Decode

Under normal circumstances, the only time when octets within a URI are percent-encoded is during the process of producing the URI from its component parts. This is when an implementation determines which of the reserved characters are to be used as subcomponent delimiters and which can be safely used as data. Once produced, a URI is always in its percent-encoded form.

When a URI is dereferenced, the components and subcomponents significant to the scheme-specific dereferencing process (if any) must be parsed and separated before the percent-encoded octets within those components can be safely decoded, as otherwise the data may be mistaken for component delimiters. The only exception is for percent-encoded octets corresponding to characters in the unreserved set, which can be decoded at any time. For example, the octet corresponding to the tilde ("~") character is often encoded as "%7E" by older URI processing implementations; the "%7E" can be replaced by "~" without changing its interpretation.

Because the percent ("%") character serves as the indicator for percent-encoded octets, it must be percent-encoded as "%25" for that octet to be used as data within a URI. Implementations must not percent-encode or decode the same string more than once, as decoding an already decoded string might lead to misinterpreting a percent data octet as the beginning of a percent-encoding, or vice versa in the case of percent-encoding an already percent-encoded string.

URL 的 query 组件在 section 3.4 中定义:

query = *( pchar / "/" / "?" )

pchar 在 section 3.3 中定义:

pchar = unreserved / pct-encoded / sub-delims / ":" / "@"

unreserved 在 section 2.3 中定义:

unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"

sub-delims 在 section 2.2 中定义:

sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="

因此，如果您的 player.Username 和 player.loginHash 字符串中有任何字符在这些允许的字符之外，您必须在将它们放入 URL 的查询字符串时对它们进行百分比编码。例如:

std::string encodeForUrlQuery(std::string s)
{
    static const char* allowed = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~!$&'()*+,;=:@/?";

    // this is just an example, in practice you should first convert the
    // input string to Unicode and charset-encode it, usually to UTF-8,
    // and then percent-encode the resulting octets...

    std::string::size_type idx = s.find_first_not_of(allowed);
    while (idx != std::string::npos)
    {
        std::ostringstream oss;
        oss << '%' << std::hex << std::setw(2) << std::setfill('0') << std::uppercase << (int)s[idx];
        std::string encoded = oss.str();
        s.replace(idx, 1, encoded);
        idx = s.find_first_not_of(allowed, idx+encoded.length());
    }
    return s;
}

url = "https://sessionserver.mojang.com/session/minecraft/hasJoined?username=");
url.append(encodeForUrlQuery(player.Username));
url.append("&serverId=");
url.append(encodeForUrlQuery(player.loginHash));
std::cout << url << std::endl;