Skip to main content

auths_infra_http/
lib.rs

1//! HTTP client adapter layer for Auths.
2//!
3//! Implements the network port traits defined in `auths-core` using `reqwest`.
4//! Each client wraps HTTP endpoints for the Auths infrastructure services.
5//!
6//! ## Modules
7//!
8//! - [`HttpRegistryClient`] — registry service client for identity and attestation operations
9//! - [`HttpWitnessClient`] — synchronous witness client for KERI event submission
10//! - [`HttpAsyncWitnessClient`] — async witness client with quorum support
11//! - [`HttpIdentityResolver`] — DID resolution over HTTP
12
13use std::time::Duration;
14
15mod async_witness_client;
16mod claim_client;
17mod error;
18mod github_gist;
19mod github_oauth;
20mod github_ssh_keys;
21mod identity_resolver;
22/// Namespace verification adapters for package ecosystem ownership proofs.
23pub mod namespace;
24mod npm_auth;
25mod oidc_platforms;
26mod oidc_tsa_client;
27mod oidc_validator;
28mod pairing_client;
29mod platform_context;
30mod registry_client;
31mod request;
32mod witness_client;
33
34pub use async_witness_client::HttpAsyncWitnessClient;
35pub use claim_client::HttpRegistryClaimClient;
36pub use github_gist::HttpGistPublisher;
37pub use github_oauth::HttpGitHubOAuthProvider;
38pub use github_ssh_keys::HttpGitHubSshKeyUploader;
39pub use identity_resolver::HttpIdentityResolver;
40pub use npm_auth::HttpNpmAuthProvider;
41pub use oidc_platforms::{
42    circleci_oidc_token, github_actions_oidc_token, gitlab_ci_oidc_token, normalize_workload_claims,
43};
44pub use oidc_tsa_client::HttpTimestampClient;
45pub use oidc_validator::{HttpJwksClient, HttpJwtValidator, OidcTokenClaims};
46pub use pairing_client::HttpPairingRelayClient;
47pub use platform_context::resolve_verified_platform_context;
48pub use registry_client::HttpRegistryClient;
49pub use witness_client::HttpWitnessClient;
50
51const DEFAULT_CONNECT_TIMEOUT: Duration = Duration::from_secs(10);
52const DEFAULT_REQUEST_TIMEOUT: Duration = Duration::from_secs(30);
53
54/// Returns a [`reqwest::ClientBuilder`] pre-configured with hardened defaults:
55/// 10s connect timeout, 30s request timeout, User-Agent, and TLS 1.2 minimum.
56pub(crate) fn default_client_builder() -> reqwest::ClientBuilder {
57    reqwest::Client::builder()
58        .connect_timeout(DEFAULT_CONNECT_TIMEOUT)
59        .timeout(DEFAULT_REQUEST_TIMEOUT)
60        .user_agent(concat!("auths/", env!("CARGO_PKG_VERSION")))
61        .min_tls_version(reqwest::tls::Version::TLS_1_2)
62}
63
64/// Builds an HTTP client with hardened defaults.
65///
66/// Usage:
67/// ```ignore
68/// let client = auths_infra_http::default_http_client();
69/// ```
70// INVARIANT: reqwest builder with these settings cannot fail
71#[allow(clippy::expect_used)]
72pub fn default_http_client() -> reqwest::Client {
73    default_client_builder()
74        .build()
75        .expect("failed to build default HTTP client")
76}