auths-infra-http 0.0.1-rc.10

HTTP client adapter for Auths - enables communication with Auths services over HTTP
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

//! HTTP client adapter layer for Auths.
//!
//! Implements the network port traits defined in `auths-core` using `reqwest`.
//! Each client wraps HTTP endpoints for the Auths infrastructure services.
//!
//! ## Modules
//!
//! - [`HttpRegistryClient`] — registry service client for identity and attestation operations
//! - [`HttpWitnessClient`] — synchronous witness client for KERI event submission
//! - [`HttpAsyncWitnessClient`] — async witness client with quorum support
//! - [`HttpIdentityResolver`] — DID resolution over HTTP

use std::time::Duration;

mod async_witness_client;
mod claim_client;
mod error;
mod github_gist;
mod github_oauth;
mod github_ssh_keys;
mod identity_resolver;
/// Namespace verification adapters for package ecosystem ownership proofs.
pub mod namespace;
mod npm_auth;
mod oidc_platforms;
mod oidc_tsa_client;
mod oidc_validator;
mod pairing_client;
mod platform_context;
mod registry_client;
mod request;
mod witness_client;

pub use async_witness_client::HttpAsyncWitnessClient;
pub use claim_client::HttpRegistryClaimClient;
pub use github_gist::HttpGistPublisher;
pub use github_oauth::HttpGitHubOAuthProvider;
pub use github_ssh_keys::HttpGitHubSshKeyUploader;
pub use identity_resolver::HttpIdentityResolver;
pub use npm_auth::HttpNpmAuthProvider;
pub use oidc_platforms::{
    circleci_oidc_token, github_actions_oidc_token, gitlab_ci_oidc_token, normalize_workload_claims,
};
pub use oidc_tsa_client::HttpTimestampClient;
pub use oidc_validator::{HttpJwksClient, HttpJwtValidator, OidcTokenClaims};
pub use pairing_client::HttpPairingRelayClient;
pub use platform_context::resolve_verified_platform_context;
pub use registry_client::HttpRegistryClient;
pub use witness_client::HttpWitnessClient;

const DEFAULT_CONNECT_TIMEOUT: Duration = Duration::from_secs(10);
const DEFAULT_REQUEST_TIMEOUT: Duration = Duration::from_secs(30);

/// Returns a [`reqwest::ClientBuilder`] pre-configured with hardened defaults:
/// 10s connect timeout, 30s request timeout, User-Agent, and TLS 1.2 minimum.
pub(crate) fn default_client_builder() -> reqwest::ClientBuilder {
    reqwest::Client::builder()
        .connect_timeout(DEFAULT_CONNECT_TIMEOUT)
        .timeout(DEFAULT_REQUEST_TIMEOUT)
        .user_agent(concat!("auths/", env!("CARGO_PKG_VERSION")))
        .min_tls_version(reqwest::tls::Version::TLS_1_2)
}

/// Builds an HTTP client with hardened defaults.
///
/// Usage:
/// ```ignore
/// let client = auths_infra_http::default_http_client();
/// ```
// INVARIANT: reqwest builder with these settings cannot fail
#[allow(clippy::expect_used)]
pub fn default_http_client() -> reqwest::Client {
    default_client_builder()
        .build()
        .expect("failed to build default HTTP client")
}