When encountering overly large receipt data, the returned JSON will be truncated, resulting in JSON validation failure

[MissWho]

client := appstore.New()
req := appstore.IAPRequest{
	ReceiptData: "### Order credential size exceeds 200KB",
}
resp := &appstore.IAPResponse{}
ctx := context.Background()
err := client.Verify(ctx, req, resp)

I used sandbox credentials with an order of 500 during testing. After the production environment returned 21007, the data returned by the second call to c.httpCli. Do (req) was truncated. When I replaced another library, the returned data was normal

Incomplete data, JSON parsing failed

The data returned is complete, and JSON parsing is normal.

[richzw]

@MissWho Here are some questions

1. What is the status of the response of httpCli.Do on the sandbox envrionment？

When I replaced another library, the returned data was normal

2. Could you please tell us some details of the other library? like github repo?

3. Any more details of the request could be helpful for us to debug this issue.

[MissWho]

@MissWho Here are some questions

1. What is the status of the response of httpCli.Do on the sandbox envrionment？

When I replaced another library, the returned data was normal

2. Could you please tell us some details of the other library? like github repo?
3. Any more details of the request could be helpful for us to debug this issue.

Sorry for waiting for a long time. After multiple checks, it seems to be a resp The incomplete data returned by Body resulted in JSON parsing failure with error code EOF. After adding my own debugging code, the file written to the disk was legal and the data could be parsed normally

file:appstore\validator.go 188line

[richzw]

@MissWho Thank you for your response. The invalid response JSON data caused the JSON Decode failure, and the invalid JSON data with EOF returned from the test URL. Please correct me if something was misunderstanding.

[MissWho]

@richzw How could EOF occur in the data returned by Apple's server? My own test code using json.Unmarshal can decode it successfully, but when using the original json.NewDecoder, it throws an EOF error. I'm using the same body in both cases. If it weren't for the inclusion of sensitive information, I would have sent you the test code already. I need your help in investigating this issue, as I'm starting to doubt whether it's a problem with my code.

[richzw]

@MissWho Sorry for misunderstanding of your previous response.

Let's double-check the following

1. The status code of the test URL is 200?

2. The response body could be parsed by json.Unmarshal successfully, but failed by json.NewDecoder(resp.Body).Decode(result) and the error is EOF. Namely, the following codes

	buf, err := io.ReadAll(resp.Body)
	if err != nil {
		return 0, err
	}

	err = json.Unmarshal(buf, &result)
	if err != nil {
		return 0, err
	}

could parse the response body successfully.

3. Could you please share the response data under compliance requirements? We could do some further investigation. Thanks in advance.

[MissWho]

1. HTTP response code is 200.
2. The data could be successfully parsed before adding it to json.newdecoder using the provided code.
3. Please wait while I organize the request response.

However, there's still a very peculiar issue: if I execute the validation request separately within the main function, this problem doesn't occur. My current application scenario is within a web service's API. There are still many factors contributing to this issue.

[kaijietti]

you have already read resp.Body, which is a ReadCloser.
Check examples: https://go.dev/play/p/bWjUpqTD7J_0 and https://go.dev/play/p/RJcDug1ecG2

[richzw]

@MissWho , If the resp.Body was read more than once, the error EOF could come up.

[richzw]

One more thing, The verifyReceipt API has been deprecated as of 5 Jun 2023. Please use App Store Server API instead.