fraiseql-core 2.2.0

Core execution engine for FraiseQL v2 - Compiled GraphQL over SQL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

//! SSRF-safe HTTP client construction.
//!
//! All outbound HTTP clients that contact external services (OIDC JWKS endpoints,
//! Vault, federation subgraphs, webhooks) must be built with this module to ensure
//! a consistent security baseline.

use std::time::Duration;

use reqwest::{Client, ClientBuilder, redirect};

/// Build an HTTP client that is safe for SSRF-sensitive outbound requests.
///
/// # Policy
///
/// - **Redirects disabled**: a redirect response (`3xx`) is treated as an error, preventing
///   redirect-chain attacks that bypass URL-validation guards applied to the initial URL (e.g. a
///   subgraph redirecting to `169.254.169.254`).
/// - **HTTPS only**: plain HTTP connections are rejected, preventing protocol-downgrade via
///   redirect.
/// - **Caller-supplied timeout**: applied to all requests; prevents slow-loris hangs on malicious
///   or misconfigured endpoints.
///
/// # Errors
///
/// Returns a [`reqwest::Error`] if TLS initialisation fails (extremely rare;
/// indicates a platform TLS misconfiguration).
pub fn build_ssrf_safe_client(timeout: Duration) -> reqwest::Result<Client> {
    ClientBuilder::new()
        .redirect(redirect::Policy::none())
        .https_only(true)
        .timeout(timeout)
        .build()
}