leash-sdk 0.4.0

Rust SDK for the Leash platform — unified async client for auth, env, and integrations.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194

//! Shared HTTP transport for integration POSTs.
//!
//! Mirrors the TS `_call` / Python `_Transport.call` / Go `Transport.post`.
//!
//! Critical platform contract (see `leash-sdk-ts/src/leash.ts` lines 586–601):
//!
//! - Only `X-API-Key` and `Cookie` are forwarded on integration calls.
//! - `Authorization: Bearer …` is intentionally **NOT** forwarded — the
//!   platform's `verifyToken()` can reject a user JWT before the API-key check
//!   runs, breaking the call. Bearer is still captured by [`crate::Leash`]
//!   for env-fetch fallback, but never sent here.

use std::sync::Arc;

use serde::Serialize;

use crate::errors::{LeashError, Result};

#[derive(Debug, Clone)]
pub(crate) struct Transport {
    inner: Arc<Inner>,
}

#[derive(Debug)]
struct Inner {
    platform_url: String,
    api_key: Option<String>,
    cookie_value: Option<String>,
    http: reqwest::Client,
}

impl Transport {
    pub(crate) fn new(
        platform_url: String,
        api_key: Option<String>,
        cookie_value: Option<String>,
        http: reqwest::Client,
    ) -> Self {
        Self {
            inner: Arc::new(Inner {
                platform_url: platform_url.trim_end_matches('/').to_string(),
                api_key,
                cookie_value,
                http,
            }),
        }
    }

    /// POST to `/api/integrations/{provider}/{action}` and unwrap the
    /// `{ success, data }` envelope.
    pub(crate) async fn integrations_call<B>(
        &self,
        provider: &str,
        action: &str,
        body: &B,
    ) -> Result<serde_json::Value>
    where
        B: Serialize + ?Sized,
    {
        let url = format!(
            "{}/api/integrations/{}/{}",
            self.inner.platform_url, provider, action
        );
        let docs_url = format!("https://leash.build/docs/integrations/{provider}");
        self.post(&url, body, provider, &docs_url).await
    }

    async fn post<B>(
        &self,
        url: &str,
        body: &B,
        provider: &str,
        docs_url: &str,
    ) -> Result<serde_json::Value>
    where
        B: Serialize + ?Sized,
    {
        let mut req = self.inner.http.post(url).header("Content-Type", "application/json");

        // Critical: X-API-Key + Cookie only. Bearer is intentionally not
        // forwarded — see module docstring.
        if let Some(ref key) = self.inner.api_key {
            req = req.header("X-API-Key", key);
        }
        if let Some(ref cookie) = self.inner.cookie_value {
            req = req.header("Cookie", format!("leash-auth={cookie}"));
        }

        let resp = req.json(body).send().await?;
        let status = resp.status();
        let raw = resp.bytes().await?;

        if !status.is_success() {
            return Err(map_integration_error(
                status.as_u16(),
                &raw,
                provider,
                docs_url,
            ));
        }

        // Body may be `{"success":true,"data":...}` or `{"data":...}` or a
        // bare shape (Linear sometimes returns arrays directly).
        if raw.is_empty() {
            return Ok(serde_json::Value::Null);
        }
        let value: serde_json::Value =
            serde_json::from_slice(&raw).map_err(|e| LeashError::MalformedResponse {
                message: format!("Failed to parse platform response as JSON: {e}"),
            })?;

        if let serde_json::Value::Object(ref map) = value {
            // Surface envelope-level failures (some 2xx responses carry success=false).
            if let Some(serde_json::Value::Bool(false)) = map.get("success") {
                let msg = map
                    .get("error")
                    .and_then(|v| v.as_str())
                    .unwrap_or("Integration error")
                    .to_string();
                let code = map.get("code").and_then(|v| v.as_str()).unwrap_or("");
                return Err(match code {
                    "UPGRADE_REQUIRED" => LeashError::PlanBlock {
                        code: code.into(),
                        message: msg,
                        required_plan: map
                            .get("requiredPlan")
                            .and_then(|v| v.as_str())
                            .map(|s| s.to_string()),
                    },
                    "UNAUTHORIZED" => LeashError::Unauthorized { message: msg },
                    _ => LeashError::UpstreamError {
                        status: status.as_u16(),
                        message: msg,
                    },
                });
            }
            if let Some(data) = map.get("data") {
                return Ok(data.clone());
            }
        }
        Ok(value)
    }
}

fn map_integration_error(status: u16, raw: &[u8], provider: &str, docs_url: &str) -> LeashError {
    // Best-effort message + connect_url extraction.
    let parsed: Option<serde_json::Value> = serde_json::from_slice(raw).ok();
    let message = parsed
        .as_ref()
        .and_then(|v| v.get("error"))
        .and_then(|v| v.as_str())
        .map(|s| s.to_string())
        .unwrap_or_else(|| format!("HTTP {status}"));

    match status {
        401 => LeashError::Unauthorized { message },
        402 => {
            let msg = parsed
                .as_ref()
                .and_then(|v| v.get("message"))
                .and_then(|v| v.as_str())
                .map(|s| s.to_string())
                .unwrap_or_else(|| "This feature requires a higher plan.".to_string());
            let required_plan = parsed
                .as_ref()
                .and_then(|v| v.get("requiredPlan"))
                .and_then(|v| v.as_str())
                .map(|s| s.to_string());
            LeashError::PlanBlock {
                code: "UPGRADE_REQUIRED".into(),
                message: msg,
                required_plan,
            }
        }
        403 => {
            let connect_url = parsed
                .as_ref()
                .and_then(|v| v.get("connectUrl"))
                .and_then(|v| v.as_str())
                .map(|s| s.to_string());
            LeashError::ConnectionRequired {
                provider: provider.to_string(),
                message,
                connect_url,
            }
        }
        _ => {
            // Mention the docs URL so the upstream error is actionable
            // without the caller having to look it up.
            let _ = docs_url; // currently we keep docs_url out of the message body but kept for parity
            LeashError::UpstreamError { status, message }
        }
    }
}