cairn_cli/

client.rs

use reqwest::header::{HeaderMap, HeaderValue, AUTHORIZATION, CONTENT_TYPE};
use serde_json::Value;

use crate::config::{CairnConfig, Credentials};
use crate::errors::CairnError;

/// HTTP client wrapper with automatic JWT injection and x402 payment fallback.
pub struct BackpacClient {
    inner: reqwest::Client,
    base_url: String,
    jwt: Option<String>,
}

impl BackpacClient {
    /// Create a new client. Reads JWT from env, flag, or saved credentials.
    pub fn new(jwt_override: Option<&str>, api_url: Option<&str>) -> Self {
        let config = CairnConfig::load();

        let base_url = api_url
            .map(|s| s.to_string())
            .or(config.api_url.clone())
            .or_else(|| std::env::var("BACKPAC_API_URL").ok())
            .unwrap_or_else(|| "https://api.backpac.xyz".to_string());

        let jwt = jwt_override
            .map(|s| s.to_string())
            .or_else(|| std::env::var("BACKPAC_JWT").ok())
            .or_else(|| Credentials::load().map(|c| c.jwt));

        let inner = reqwest::Client::builder()
            .timeout(std::time::Duration::from_secs(30))
            .build()
            .expect("Failed to create HTTP client");

        Self { inner, base_url, jwt }
    }

    /// Build headers with JWT Bearer auth.
    fn auth_headers(&self) -> Result<HeaderMap, CairnError> {
        let mut headers = HeaderMap::new();
        headers.insert(CONTENT_TYPE, HeaderValue::from_static("application/json"));

        if let Some(ref jwt) = self.jwt {
            let val = format!("Bearer {}", jwt);
            headers.insert(
                AUTHORIZATION,
                HeaderValue::from_str(&val).map_err(|e| CairnError::Auth(e.to_string()))?,
            );
        }
        Ok(headers)
    }

    /// GET request with auth.
    pub async fn get(&self, path: &str) -> Result<Value, CairnError> {
        let url = format!("{}{}", self.base_url, path);
        let resp = self
            .inner
            .get(&url)
            .headers(self.auth_headers()?)
            .send()
            .await?;

        self.handle_response(resp).await
    }

    /// Create an EventSource for Server-Sent Events (SSE).
    pub fn stream(&self, path: &str) -> Result<reqwest_eventsource::EventSource, CairnError> {
        let url = format!("{}{}", self.base_url, path);
        let req = self.inner.get(&url).headers(self.auth_headers()?);
        reqwest_eventsource::EventSource::new(req).map_err(|e| CairnError::General(e.to_string()))
    }

    /// POST request with auth and JSON body.
    pub async fn post(&self, path: &str, body: &Value) -> Result<Value, CairnError> {
        let url = format!("{}{}", self.base_url, path);
        let resp = self
            .inner
            .post(&url)
            .headers(self.auth_headers()?)
            .json(body)
            .send()
            .await?;

        self.handle_response(resp).await
    }

    /// PUT request with auth and JSON body.
    pub async fn put(&self, path: &str, body: &Value) -> Result<Value, CairnError> {
        let url = format!("{}{}", self.base_url, path);
        let resp = self
            .inner
            .put(&url)
            .headers(self.auth_headers()?)
            .json(body)
            .send()
            .await?;

        self.handle_response(resp).await
    }

    /// POST for RPC route (root path /) with custom headers for PoI binding.
    pub async fn rpc_post(
        &self,
        body: &Value,
        poi_id: Option<&str>,
        confidence: Option<f64>,
    ) -> Result<Value, CairnError> {
        let url = format!("{}/", self.base_url);
        let mut headers = self.auth_headers()?;

        if let Some(poi) = poi_id {
            headers.insert(
                "X-Backpac-Poi-Id",
                HeaderValue::from_str(poi).map_err(|e| CairnError::InvalidInput(e.to_string()))?,
            );
        }
        if let Some(conf) = confidence {
            headers.insert(
                "X-Backpac-Confidence",
                HeaderValue::from_str(&conf.to_string())
                    .map_err(|e| CairnError::InvalidInput(e.to_string()))?,
            );
        }

        let resp = self.inner.post(&url).headers(headers).json(body).send().await?;
        self.handle_response(resp).await
    }

    /// Handle HTTP response, mapping status codes to CairnErrors.
    async fn handle_response(&self, resp: reqwest::Response) -> Result<Value, CairnError> {
        let status = resp.status();

        // Extract headers before taking ownership of resp body
        let mut l402_challenge = String::new();
        if let Some(header) = resp.headers().get("WWW-Authenticate") {
            if let Ok(val) = header.to_str() {
                l402_challenge = val.to_string();
            }
        } else if let Some(header) = resp.headers().get("L402") {
            if let Ok(val) = header.to_str() {
                l402_challenge = val.to_string();
            }
        }

        if status.is_success() {
            let body: Value = resp.json().await?;
            return Ok(body);
        }

        // Try to parse error body
        let body_text = resp.text().await.unwrap_or_default();
        let error_msg = serde_json::from_str::<Value>(&body_text)
            .ok()
            .and_then(|v| v.get("error").and_then(|e| e.as_str()).map(String::from))
            .unwrap_or_else(|| body_text.clone());

        match status.as_u16() {
            400 => Err(CairnError::InvalidInput(error_msg)),
            401 => {
                if error_msg.contains("expired") {
                    Err(CairnError::TokenExpired)
                } else {
                    Err(CairnError::Auth(error_msg))
                }
            }
            402 => {
                if !l402_challenge.is_empty() {
                    // x402 Payment Required — parse macaroon and invoice
                    let is_auto_pay = std::env::var("CAIRN_AUTO_PAY").map(|v| v == "1").unwrap_or(false);
                    
                    if is_auto_pay {
                        // TODO: Parse L402 macaroon & invoice, sign with wallet via ethers,
                        // and re-submit the RPC request with Authorization: L402 <macaroon> <sig>
                        return Err(CairnError::InsufficientFunds(
                            format!("Credits exhausted. Auto-payment attempted for L402 challenge but signing logic is pending implementation. Challenge: {}", l402_challenge),
                        ));
                    } else {
                        return Err(CairnError::InsufficientFunds(
                            format!("Credits exhausted. Payment required: {}\nHint: Set CAIRN_AUTO_PAY=1 to enable wallet auto-payment.", l402_challenge),
                        ));
                    }
                }

                Err(CairnError::InsufficientFunds(
                    "Credits exhausted. x402 auto-payment not available (missing L402 headers).".to_string(),
                ))
            }
            403 => Err(CairnError::Auth(error_msg)),
            404 => Err(CairnError::NotFound(error_msg)),
            409 => Err(CairnError::Conflict(error_msg)),
            410 => {
                if error_msg.contains("expired") {
                    Err(CairnError::IntentExpired(error_msg))
                } else {
                    Err(CairnError::IntentAborted(error_msg))
                }
            }
            _ => Err(CairnError::General(format!("HTTP {}: {}", status, error_msg))),
        }
    }
}