Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using CURL for GET request

Tags:

c++

curl

minecraft

I got this nasty problem with my minecraft server program. I try to get login response from minecraft.com when you try to login to my minecraft server. Everything is fine and setup like verify token key and shared secret.

I just can't get the get request to work with curl :(

This is what I have:

    requestString.append("GET /session/minecraft/hasJoined?username=");
    requestString.append(player.Username);
    requestString.append("&");
    requestString.append("serverId=");
    requestString.append(player.loginHash);
    requestString.append(" HTTP/1.0\r\n");
    std::cout << requestString << std::endl;


    curl_easy_setopt(curl, CURLOPT_URL, "https://sessionserver.mojang.com");
    list = curl_slist_append(list, requestString.c_str());
    list = curl_slist_append(list, "User-Agent: MinecraftServerPP\r\n");
    list = curl_slist_append(list, "Connection: close\r\n");
    list = curl_slist_append(list, "\r\n");
    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list);
    curl_easy_setopt(curl, CURLOPT_CAINFO, "cacert.pem");

    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, &_write_data);
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

I get an ok from the server, but not the json object containing the data I need.

like image 780
Nils J. Avatar asked Oct 11 '25 22:10

Nils J.

1 Answers

Why are you putting the GET request line in the HTTP headers? It does not belong there at all, and in fact the libCURL documentation even points that out:

CURLOPT_HTTPHEADER explained

The first line in a request (containing the method, usually a GET or POST) is not a header and cannot be replaced using this option. Only the lines following the request-line are headers. Adding this method line in this list of headers will only cause your request to send an invalid header. Use CURLOPT_CUSTOMREQUEST to change the method.

Your current code is sending a GET request similar to this:

GET / HTTP/1.1
Host: sessionserver.mojang.com
GET /session/minecraft/hasJoined?username=<username>&serverId=<loginHash> HTTP/1.0
User-Agent: MinecraftServerPP
Connection: close

Which is why you are not getting the response you are expecting. You are not actually requesting the /session/minecraft/hasJoined resource, you are actually requesting the root / resource.

You should be sending a GET request like this instead:

GET /session/minecraft/hasJoined?username=<username>&serverId=<loginHash> HTTP/1.0
Host: sessionserver.mojang.com
User-Agent: MinecraftServerPP
Connection: close

To accomplish that, you need to pass the complete URL to CURLOPT_URL and let libCURL handle the GET line for you. You can use CURLOPT_HTTPGET to ensure that GET is actually used.

Also, you should be using CURLOPT_HTTP_VERSION if you want to specify a specific HTTP version.

Also, although you can use CURLOPT_HTTPHEADER for the User-Agent and Connection headers, you should be using CURLOPT_USERAGENT and CURLOPT_FORBID_REUSE instead.

Try this instead:

url = "https://sessionserver.mojang.com/session/minecraft/hasJoined?username=");
url.append(player.Username); // <-- NOTE: see further below!
url.append("&serverId=");
url.append(player.loginHash); // <-- NOTE: see further below!
std::cout << url << std::endl;

curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L);
curl_easy_setopt(curl, CURLOPT_FORBID_REUSE, 1L); 
curl_easy_setopt(curl, CURLOPT_CAINFO, "cacert.pem");

curl_easy_setopt(curl, CURLOPT_USERAGENT, "MinecraftServerPP");

curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, &_write_data);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

Now, with that said, there is additional logic you need to take into account to handle CURLOPT_URL correctly:

Pass in a pointer to the URL to work with. The parameter should be a char * to a zero terminated string which must be URL-encoded in the following format:

scheme://host:port/path

For a greater explanation of the format please see RFC 3986.

libcurl doesn't validate the syntax or use this variable until the transfer is issued. Even if you set a crazy value here, curl_easy_setopt will still return CURLE_OK.

In particular, these sections of the RFC are relevant to your code:

2.1. Percent-Encoding

A percent-encoding mechanism is used to represent a data octet in a component when that octet's corresponding character is outside the allowed set or is being used as a delimiter of, or within, the component. A percent-encoded octet is encoded as a character triplet, consisting of the percent character "%" followed by the two hexadecimal digits representing that octet's numeric value. For example, "%20" is the percent-encoding for the binary octet "00100000" (ABNF: %x20), which in US-ASCII corresponds to the space character (SP). Section 2.4 describes when percent-encoding and decoding is applied.

pct-encoded = "%" HEXDIG HEXDIG

The uppercase hexadecimal digits 'A' through 'F' are equivalent to the lowercase digits 'a' through 'f', respectively. If two URIs differ only in the case of hexadecimal digits used in percent-encoded octets, they are equivalent. For consistency, URI producers and normalizers should use uppercase hexadecimal digits for all percent-encodings.

2.4. When to Encode or Decode

Under normal circumstances, the only time when octets within a URI are percent-encoded is during the process of producing the URI from its component parts. This is when an implementation determines which of the reserved characters are to be used as subcomponent delimiters and which can be safely used as data. Once produced, a URI is always in its percent-encoded form.

When a URI is dereferenced, the components and subcomponents significant to the scheme-specific dereferencing process (if any) must be parsed and separated before the percent-encoded octets within those components can be safely decoded, as otherwise the data may be mistaken for component delimiters. The only exception is for percent-encoded octets corresponding to characters in the unreserved set, which can be decoded at any time. For example, the octet corresponding to the tilde ("~") character is often encoded as "%7E" by older URI processing implementations; the "%7E" can be replaced by "~" without changing its interpretation.

Because the percent ("%") character serves as the indicator for percent-encoded octets, it must be percent-encoded as "%25" for that octet to be used as data within a URI. Implementations must not percent-encode or decode the same string more than once, as decoding an already decoded string might lead to misinterpreting a percent data octet as the beginning of a percent-encoding, or vice versa in the case of percent-encoding an already percent-encoded string.

The query component of a URL is defined in section 3.4:

query = *( pchar / "/" / "?" )

pchar is defined in section 3.3:

pchar = unreserved / pct-encoded / sub-delims / ":" / "@"

unreserved is defined in section 2.3:

unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"

sub-delims is defined in section 2.2:

sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="

So, if any characters in your player.Username and player.loginHash strings are outside of these allowed characters, you MUST percent-encode them when putting them into your URL's query string. For example:

std::string encodeForUrlQuery(std::string s)
{
    static const char* allowed = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~!$&'()*+,;=:@/?";

    // this is just an example, in practice you should first convert the
    // input string to Unicode and charset-encode it, usually to UTF-8,
    // and then percent-encode the resulting octets...

    std::string::size_type idx = s.find_first_not_of(allowed);
    while (idx != std::string::npos)
    {
        std::ostringstream oss;
        oss << '%' << std::hex << std::setw(2) << std::setfill('0') << std::uppercase << (int)s[idx];
        std::string encoded = oss.str();
        s.replace(idx, 1, encoded);
        idx = s.find_first_not_of(allowed, idx+encoded.length());
    }
    return s;
}

url = "https://sessionserver.mojang.com/session/minecraft/hasJoined?username=");
url.append(encodeForUrlQuery(player.Username));
url.append("&serverId=");
url.append(encodeForUrlQuery(player.loginHash));
std::cout << url << std::endl;
like image 99
Remy Lebeau Avatar answered Oct 15 '25 18:10

Remy Lebeau
Sign in to Comment

Related questions

How can I know the value of a variable in bison while debugging with GDB?
Loading non-power-of-two textures in Vulkan
Send windows message to a console application
Split a line using std::regex and discard empty elements
std::binary_search curious issue with char array
Why does gcc 12.2 not optimise divisions into shifts in this constexpr function called from main()
std::tuple as class member
How to gracefully quit a multi-threaded application?
Overload resolution of int vs std::vector<int> with an initializer list of a single int
why do they have a system string and standard string
C++ Check whether the user input is float or not
I would like to use the span slider from Qxt without having to install it. Is this possible?
Cartesian product for multiple sets at compile time
Does the STL set equality operator check size first?
Thread-safety of reading and writing from/to std::map in C++
How to read a fix-sized packet using boost asio?
How to fit a circle to a set of points with a constrained radius?
Syntax to initialize an anonymous union
Parallelize computation over ensemble with OpenMP
C++ - construct vector of unique_ptr via initialization list

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!