seatbelt_http 0.3.0 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270

// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.

use http::Method;
use http_extensions::routing::{Router, RouterContext};
use http_extensions::{HttpRequest, HttpRequestExt};
use seatbelt::{Attempt, RecoveryInfo};

/// A strategy for cloning HTTP requests for retries or hedging.
///
/// Limits cloning (and therefore retry/hedging attempts) to specific method
/// categories. The default is [`HttpClone::safe_only`].
///
/// If the [`HttpRequest`] extensions contain a [`Router`], it is used to
/// re-resolve the request URI on every attempt after the first. If routing
/// fails for a subsequent attempt, the clone is dropped so the caller can
/// skip that attempt.
#[derive(Debug, Default)]
pub struct HttpClone(Inner);

impl HttpClone {
    /// Clone requests for all HTTP methods.
    #[must_use]
    pub fn all() -> Self {
        Self(Inner::All)
    }

    /// Clone only idempotent methods (e.g. `GET`, `HEAD`, `PUT`, `DELETE`,
    /// `OPTIONS`).
    #[must_use]
    pub fn idempotent() -> Self {
        Self(Inner::Idempotent)
    }

    /// Clone only safe methods (e.g. `GET`, `HEAD`, `OPTIONS`). This is the
    /// default.
    #[cfg_attr(test, mutants::skip)] // SafeOnly is the default, so skip in mutation testing
    #[must_use]
    pub fn safe_only() -> Self {
        Self(Inner::SafeOnly)
    }

    pub(super) fn try_clone(
        &self,
        request: &mut HttpRequest,
        attempt: Attempt,
        previous_recovery: Option<&RecoveryInfo>,
    ) -> Option<HttpRequest> {
        let mut result = if self.can_clone(request.method()) {
            request.try_clone()
        } else {
            None
        };

        // Apply per-attempt updates to the clone when available, otherwise to the original
        // (e.g., non-cloneable streamed requests) so attempt tracking and routing stay accurate
        // across retries.
        attach_attempt(result.as_mut().unwrap_or(request), attempt);
        if !update_request_uri(result.as_mut().unwrap_or(request), attempt, previous_recovery) {
            // Routing failed; drop the clone so the caller doesn't retry against an unresolved URI.
            return None;
        }

        result
    }

    fn can_clone(&self, method: &Method) -> bool {
        match self.0 {
            Inner::All => true,
            Inner::Idempotent => method.is_idempotent(),
            Inner::SafeOnly => method.is_safe(),
        }
    }
}

/// Re-routes `request` for the given retry `attempt`.
#[must_use]
fn update_request_uri(request: &mut HttpRequest, attempt: Attempt, previous_recovery: Option<&RecoveryInfo>) -> bool {
    //  The routing only applies if:
    //
    // - Router is available
    // - The router has alternatives, meaning there are multiple URIs to choose from
    // - The attempt is not the first one (we assume caller already applied router for first attempt)
    let router = match request.extensions().get::<Router>() {
        Some(router) if router.has_alternatives() && !attempt.is_first() => router.clone(),
        _ => return true,
    };

    let mut context = RouterContext::new().with_attempt(attempt.index(), attempt.is_last());
    if let Some(previous_recovery) = previous_recovery {
        context = context.with_previous_recovery(previous_recovery.clone());
    }

    // Update the request URI based on the router's resolution.
    router.resolve_request_uri(context, request).is_ok()
}

#[derive(Debug, Default)]
enum Inner {
    #[default]
    SafeOnly,
    Idempotent,
    All,
}

fn attach_attempt(request: &mut HttpRequest, attempt: Attempt) {
    request.extensions_mut().insert(attempt);
}

#[cfg_attr(coverage_nightly, coverage(off))]
#[cfg(test)]
mod tests {
    use http_extensions::HttpRequestBuilder;
    use http_extensions::routing::BaseUriConflict;
    use templated_uri::BaseUri;

    use super::*;

    #[test]
    fn test_default_is_safe_only() {
        let clone = HttpClone::default();

        // Safe methods should be cloneable
        assert!(clone.can_clone(&Method::GET));
        assert!(clone.can_clone(&Method::HEAD));
        assert!(clone.can_clone(&Method::OPTIONS));

        // Unsafe methods should not be cloneable
        assert!(!clone.can_clone(&Method::POST));
        assert!(!clone.can_clone(&Method::PUT));
        assert!(!clone.can_clone(&Method::DELETE));
        assert!(!clone.can_clone(&Method::PATCH));
    }

    #[test]
    fn test_safe_only_strategy() {
        let clone = HttpClone::safe_only();

        // Safe methods
        assert!(clone.can_clone(&Method::GET));
        assert!(clone.can_clone(&Method::HEAD));
        assert!(clone.can_clone(&Method::OPTIONS));

        // Unsafe methods (even if idempotent)
        assert!(!clone.can_clone(&Method::PUT));
        assert!(!clone.can_clone(&Method::DELETE));
        assert!(!clone.can_clone(&Method::POST));
        assert!(!clone.can_clone(&Method::PATCH));
    }

    #[test]
    fn test_idempotent_strategy() {
        let clone = HttpClone::idempotent();

        // Idempotent methods should be cloneable
        assert!(clone.can_clone(&Method::GET));
        assert!(clone.can_clone(&Method::HEAD));
        assert!(clone.can_clone(&Method::PUT));
        assert!(clone.can_clone(&Method::DELETE));
        assert!(clone.can_clone(&Method::OPTIONS));

        // Non-idempotent methods should not be cloneable
        assert!(!clone.can_clone(&Method::POST));
        assert!(!clone.can_clone(&Method::PATCH));
    }

    #[test]
    fn test_all_strategy() {
        let clone = HttpClone::all();

        // All methods should be cloneable
        assert!(clone.can_clone(&Method::GET));
        assert!(clone.can_clone(&Method::HEAD));
        assert!(clone.can_clone(&Method::POST));
        assert!(clone.can_clone(&Method::PUT));
        assert!(clone.can_clone(&Method::DELETE));
        assert!(clone.can_clone(&Method::PATCH));
        assert!(clone.can_clone(&Method::OPTIONS));
        assert!(clone.can_clone(&Method::CONNECT));
        assert!(clone.can_clone(&Method::TRACE));
    }

    #[test]
    fn test_custom_method() {
        let clone_safe = HttpClone::safe_only();
        let clone_idempotent = HttpClone::idempotent();
        let clone_all = HttpClone::all();

        // Test with a custom method (not one of the standard ones)
        let custom_method = Method::from_bytes(b"CUSTOM").unwrap();

        // Custom methods are typically not safe
        assert!(!clone_safe.can_clone(&custom_method));

        // Custom methods are typically not idempotent
        assert!(!clone_idempotent.can_clone(&custom_method));

        // But "all" strategy should allow them
        assert!(clone_all.can_clone(&custom_method));
    }

    #[test]
    fn try_clone_attaches_attempt_to_cloned_request() {
        let clone = HttpClone::all();
        let attempt = Attempt::new(3, false);

        let mut request = HttpRequestBuilder::new_fake()
            .method(Method::GET)
            .uri("https://example.com")
            .build()
            .unwrap();

        let cloned = clone.try_clone(&mut request, attempt, None);

        let cloned = cloned.expect("cloneable request should produce Some");
        let attached = cloned
            .extensions()
            .get::<Attempt>()
            .expect("attempt should be attached to the cloned request");
        assert_eq!(attached.index(), 3);
        assert!(!attached.is_last());
    }

    #[test]
    fn try_clone_returns_none_when_routing_fails() {
        // Router has alternatives and a `Fail` conflict policy. Combined with a
        // request whose target URI already carries a base URI, resolving on any
        // non-first attempt must fail, causing `try_clone` to drop the clone.
        let router =
            Router::custom(|_| Some(BaseUri::from_static("https://routed.example.com")), true).conflict_policy(BaseUriConflict::Fail);

        let mut request = HttpRequestBuilder::new_fake()
            .method(Method::GET)
            .uri("https://existing.example.com/items")
            .extension(router)
            .build()
            .unwrap();

        let clone = HttpClone::all();
        // Non-first attempt triggers re-routing inside `try_clone`.
        let attempt = Attempt::new(1, false);

        let result = clone.try_clone(&mut request, attempt, None);

        assert!(result.is_none(), "failed routing should drop the clone");
    }

    #[test]
    fn try_clone_attaches_attempt_to_original_when_clone_is_disallowed() {
        let clone = HttpClone::safe_only();
        let attempt = Attempt::new(1, true);

        // POST is not safe, so safe_only will refuse to clone it.
        let mut request = HttpRequestBuilder::new_fake()
            .method(Method::POST)
            .uri("https://example.com")
            .build()
            .unwrap();

        let result = clone.try_clone(&mut request, attempt, None);

        assert!(result.is_none(), "unsafe method should not be cloned");
        let attached = request
            .extensions()
            .get::<Attempt>()
            .expect("attempt should be attached to the original request");
        assert_eq!(attached.index(), 1);
        assert!(attached.is_last());
    }
}