Skip to main content

dependency_check_updates_core/
http.rs

1//! Shared HTTP client construction for the registry clients.
2//!
3//! Every ecosystem registry (npm, crates.io, `PyPI`, GitHub) builds a
4//! `reqwest::Client` with the same timeout and user-agent. Centralising the
5//! builder here keeps that configuration in one place; the concurrency ceiling
6//! is exposed as a constant because each registry wraps the client in its own
7//! [`tokio::sync::Semaphore`].
8
9use std::time::Duration;
10
11use reqwest::Client;
12
13/// Default ceiling on concurrent in-flight registry requests.
14///
15/// GitHub's registry uses a lower limit (its unauthenticated rate budget is
16/// only 60 req/hr); it defines its own constant rather than using this one.
17pub const DEFAULT_MAX_CONCURRENT_REQUESTS: usize = 10;
18
19/// Default per-request timeout, in seconds.
20pub const DEFAULT_REQUEST_TIMEOUT_SECS: u64 = 30;
21
22/// Build the shared `reqwest::Client` used by every registry.
23///
24/// Applies the default timeout and a `dependency-check-updates/<version>`
25/// user-agent.
26///
27/// # Panics
28///
29/// Panics if the client cannot be built. With the fixed configuration used
30/// here this never happens in practice — a failure would indicate a broken
31/// TLS backend at the platform level, not a recoverable runtime condition.
32#[must_use]
33pub fn build_client() -> Client {
34    Client::builder()
35        .timeout(Duration::from_secs(DEFAULT_REQUEST_TIMEOUT_SECS))
36        .user_agent(concat!(
37            "dependency-check-updates/",
38            env!("CARGO_PKG_VERSION")
39        ))
40        .build()
41        .expect("failed to create HTTP client")
42}