atproto-client 0.4.1

HTTP client for AT Protocol services with OAuth and identity integration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201

//! HTTP client operations with DPoP authentication support.
//!
//! Provides authenticated and unauthenticated HTTP request functions for JSON APIs,
//! with support for DPoP (Demonstration of Proof-of-Possession) authentication.

use crate::errors::{ClientError, DPoPError};
use anyhow::Result;
use atproto_identity::key::KeyData;
use atproto_oauth::dpop::{request_dpop, DpopRetry};
use reqwest_chain::ChainMiddleware;
use reqwest_middleware::ClientBuilder;
use tracing::Instrument;

/// DPoP authentication credentials for authenticated HTTP requests.
///
/// Contains the private key for DPoP proof generation and OAuth access token
/// for Authorization header.
pub struct DPoPAuth {
    /// Private key data for generating DPoP proof tokens
    pub dpop_private_key_data: KeyData,
    /// OAuth access token for the Authorization header
    pub oauth_access_token: String,
    /// OAuth issuer identifier for the access token
    pub oauth_issuer: String,
}

/// Performs an unauthenticated HTTP GET request and parses the response as JSON.
///
/// # Arguments
///
/// * `http_client` - The HTTP client to use for the request
/// * `url` - The URL to request
///
/// # Returns
///
/// The parsed JSON response as a `serde_json::Value`
///
/// # Errors
///
/// Returns `ClientError::HttpRequestFailed` if the HTTP request fails,
/// or `ClientError::JsonParseFailed` if JSON parsing fails.
pub async fn get_json(http_client: &reqwest::Client, url: &str) -> Result<serde_json::Value> {
    let http_response =
        http_client
            .get(url)
            .send()
            .await
            .map_err(|error| ClientError::HttpRequestFailed {
                url: url.to_string(),
                error,
            })?;

    let value = http_response
        .json::<serde_json::Value>()
        .await
        .map_err(|error| ClientError::JsonParseFailed {
            url: url.to_string(),
            error,
        })?;

    Ok(value)
}

/// Performs a DPoP-authenticated HTTP GET request and parses the response as JSON.
///
/// # Arguments
///
/// * `http_client` - The HTTP client to use for the request
/// * `dpop_auth` - DPoP authentication credentials
/// * `url` - The URL to request
///
/// # Returns
///
/// The parsed JSON response as a `serde_json::Value`
///
/// # Errors
///
/// Returns `DPoPError::ProofGenerationFailed` if DPoP proof generation fails,
/// `DPoPError::HttpRequestFailed` if the HTTP request fails,
/// or `DPoPError::JsonParseFailed` if JSON parsing fails.
pub async fn get_dpop_json(
    http_client: &reqwest::Client,
    dpop_auth: &DPoPAuth,
    url: &str,
) -> Result<serde_json::Value> {
    let (dpop_proof_token, dpop_proof_header, dpop_proof_claim) = request_dpop(
        &dpop_auth.dpop_private_key_data,
        "GET",
        url,
        &dpop_auth.oauth_issuer,
        &dpop_auth.oauth_access_token,
    )
    .map_err(|error| DPoPError::ProofGenerationFailed { error })?;

    let dpop_retry = DpopRetry::new(
        dpop_proof_header.clone(),
        dpop_proof_claim.clone(),
        dpop_auth.dpop_private_key_data.clone(),
        true,
    );

    let dpop_retry_client = ClientBuilder::new(http_client.clone())
        .with(ChainMiddleware::new(dpop_retry.clone()))
        .build();

    let http_response = dpop_retry_client
        .get(url)
        .header(
            "Authorization",
            &format!("DPoP {}", dpop_auth.oauth_access_token),
        )
        .header("DPoP", &dpop_proof_token)
        .send()
        .instrument(tracing::info_span!("dpop_get_request", url = %url))
        .await
        .map_err(|error| DPoPError::HttpRequestFailed {
            url: url.to_string(),
            error,
        })?;

    let value = http_response
        .json::<serde_json::Value>()
        .await
        .map_err(|error| DPoPError::JsonParseFailed {
            url: url.to_string(),
            error,
        })?;

    Ok(value)
}

/// Performs a DPoP-authenticated HTTP POST request with JSON body and parses the response as JSON.
///
/// # Arguments
///
/// * `http_client` - The HTTP client to use for the request
/// * `dpop_auth` - DPoP authentication credentials
/// * `url` - The URL to request
/// * `record` - The JSON data to send in the request body
///
/// # Returns
///
/// The parsed JSON response as a `serde_json::Value`
///
/// # Errors
///
/// Returns `DPoPError::ProofGenerationFailed` if DPoP proof generation fails,
/// `DPoPError::HttpRequestFailed` if the HTTP request fails,
/// or `DPoPError::JsonParseFailed` if JSON parsing fails.
pub async fn post_dpop_json(
    http_client: &reqwest::Client,
    dpop_auth: &DPoPAuth,
    url: &str,
    record: serde_json::Value,
) -> Result<serde_json::Value> {
    let (dpop_proof_token, dpop_proof_header, dpop_proof_claim) = request_dpop(
        &dpop_auth.dpop_private_key_data,
        "POST",
        url,
        &dpop_auth.oauth_issuer,
        &dpop_auth.oauth_access_token,
    )
    .map_err(|error| DPoPError::ProofGenerationFailed { error })?;

    let dpop_retry = DpopRetry::new(
        dpop_proof_header.clone(),
        dpop_proof_claim.clone(),
        dpop_auth.dpop_private_key_data.clone(),
        true,
    );

    let dpop_retry_client = ClientBuilder::new(http_client.clone())
        .with(ChainMiddleware::new(dpop_retry.clone()))
        .build();

    let http_response = dpop_retry_client
        .post(url)
        .header(
            "Authorization",
            &format!("DPoP {}", dpop_auth.oauth_access_token),
        )
        .header("DPoP", &dpop_proof_token)
        .json(&record)
        .send()
        .instrument(tracing::info_span!("dpop_post_request", url = %url))
        .await
        .map_err(|error| DPoPError::HttpRequestFailed {
            url: url.to_string(),
            error,
        })?;

    let value = http_response
        .json::<serde_json::Value>()
        .await
        .map_err(|error| DPoPError::JsonParseFailed {
            url: url.to_string(),
            error,
        })?;

    Ok(value)
}