reqkit/

lib.rs

//! # reqkit
//!
//! A production-focused, client-side HTTP requester built on **hyper + rustls**.
//!
//! reqkit aims to be a small, dependable building block for API clients:
//! - **HTTPS-only** client (prevents accidental downgrade)
//! - **HTTP/2 preferred**, HTTP/1.1 fallback
//! - Connection pooling for concurrent usage
//! - One IO timeout that covers **request + full body download**
//! - Hard caps for both downloaded bytes and decoded output bytes
//! - Content decoding for `gzip`, `deflate`, and `br` (Brotli)
//! - Convenience request constructors and response decoders (feature-gated)
//!
//! ## Quickstart
//! ```no_run
//! use reqkit::{HttpClient, HttpRequest, HeaderMap, Method};
//!
//! #[tokio::main]
//! async fn main() -> Result<(), reqkit::HttpError> {
//!     let client = HttpClient::new_https("api.example.com")?;
//!     let req = HttpRequest::empty(Method::GET, "/v1/ping", HeaderMap::new());
//!     let (status, _headers, body) = client.send_bytes_decoded(req).await?;
//!     println!("status={status} body_len={}", body.len());
//!     Ok(())
//! }
//! ```
//!
//! ## Safety & hardening
//! - **No automatic retries** (retry policy is app-specific)
//! - **Body caps apply twice**:
//!   1) compressed download cap (streamed into memory), and
//!   2) decoded output cap (prevents decompression bombs)
//!
//! ## Feature flags
//! - `json` (default): enables JSON request bodies and JSON decode helpers
//! - `json5`: enables JSON5 decode helpers
//! - `form` (default): enables x-www-form-urlencoded request bodies
//!
//! ## Notes
//! - `HttpClient` is scoped to a single `host` and constructs `https://{host}{path}` URIs.
//! - `path` **must** start with `/`.
//!
//! ---
//! If you build an API-specific wrapper on top of reqkit, keep retry/backoff,
//! auth, and domain-specific error mapping in your wrapper layer.

pub mod request;

// ---- Re-exports for an ergonomic public API ----
//
// Consumers should be able to use reqkit without needing to add hyper/bytes explicitly.

pub use bytes::Bytes;

pub use hyper::header;
pub use hyper::header::{HeaderName, HeaderValue};
pub use hyper::{HeaderMap, Method, Uri};

pub use request::HttpRequest;

use bytes::{BufMut, BytesMut};
use http_body_util::{BodyExt, Full};
use hyper::{Request, Response, body::Incoming};
use hyper_rustls::HttpsConnectorBuilder;
use hyper_util::client::legacy::{Client, connect::HttpConnector};
use hyper_util::rt::TokioExecutor;
use std::time::Duration;
use thiserror::Error;
use tokio::time::timeout;

/// Errors returned by reqkit.
///
/// The variants aim to be useful both for logging and for application-level matching.
#[derive(Debug, Error)]
pub enum HttpError {
    /// Invalid URI construction (typically a bad host or path).
    #[error("invalid uri: {0}")]
    InvalidUri(String),

    /// Returned by `send_*_ok` helpers for non-2xx responses.
    #[error("http status: {0}")]
    Status(u16),

    /// IO timeout (covers request + full body download).
    #[error("timeout")]
    Timeout,

    /// Response body exceeded configured cap.
    #[error("response body too large (limit {limit_bytes} bytes)")]
    BodyTooLarge { limit_bytes: usize },

    /// Content decoding failed (gzip/deflate/br).
    #[error("content decode failed: {0}")]
    DecodeBody(String),

    /// JSON parsing error (feature: `json`).
    #[error("json parse error: {0}")]
    Json(String),

    /// JSON5 parsing error (feature: `json5`).
    #[error("json5 parse error: {0}")]
    Json5(String),

    /// Typed decoding error (serde mapping or related).
    #[error("typed decode error: {0}")]
    Decode(String),

    /// x-www-form-urlencoded encoding error (feature: `form`).
    #[error("urlencoded encode error: {0}")]
    UrlEncoded(String),

    /// Hyper-util legacy client error.
    #[error("http client error: {0}")]
    Client(#[from] hyper_util::client::legacy::Error),

    /// Hyper protocol error.
    #[error("hyper error: {0}")]
    Hyper(#[from] hyper::Error),

    /// IO error.
    #[error("io error: {0}")]
    Io(#[from] std::io::Error),

    /// TLS configuration / verifier error.
    #[error("tls error: {0}")]
    Tls(String),
}

/// An HTTPS-only, host-scoped client capable of making requests with pooling, timeouts and body caps.
///
/// Create with [`HttpClient::new_https`].
#[derive(Clone)]
pub struct HttpClient {
    host: String,
    client: Client<hyper_rustls::HttpsConnector<HttpConnector>, Full<Bytes>>,
    io_timeout: Duration,
    max_body_bytes: usize,
}

impl HttpClient {
    /// Default max download size (compressed AND decompressed output cap) = 50 MB.
    pub const DEFAULT_MAX_BODY_BYTES: usize = 50 * 1024 * 1024;

    /// Create an HTTPS-capable client for a specific host (e.g., `"api.example.com"`).
    ///
    /// Production properties:
    /// - HTTP/2 preferred, HTTP/1.1 fallback
    /// - Connection pooling for concurrent usage
    /// - Platform TLS verification (AIA/intermediate fetching like browsers) via `rustls-platform-verifier`
    pub fn new_https(host: impl Into<String>) -> Result<Self, HttpError> {
        let host = host.into();

        // Allow https scheme. Actual enforcement happens via `.https_only()`.
        let mut http = HttpConnector::new();
        http.enforce_http(false);

        let tls_config = platform_tls_config()?;

        let https = HttpsConnectorBuilder::new()
            .with_tls_config(tls_config)
            .https_only()
            .enable_http1()
            .enable_http2()
            .build();

        let client = Client::builder(TokioExecutor::new())
            .pool_idle_timeout(Duration::from_secs(60))
            .pool_max_idle_per_host(64)
            .build(https);

        Ok(Self {
            host,
            client,
            io_timeout: Duration::from_secs(60),
            max_body_bytes: Self::DEFAULT_MAX_BODY_BYTES,
        })
    }

    /// Return the configured host.
    pub fn host(&self) -> &str {
        &self.host
    }

    /// Set a single "IO timeout" that covers:
    /// - request send + response headers
    /// - full response body download/collection
    pub fn set_timeout(&mut self, d: Duration) {
        self.io_timeout = d;
    }

    /// Set max body size (bytes) for BOTH:
    /// - downloaded compressed bytes
    /// - decoded (decompressed) output bytes
    pub fn set_max_body_bytes(&mut self, max: usize) {
        self.max_body_bytes = max;
    }

    fn uri(&self, path_and_query: &str) -> Result<Uri, HttpError> {
        if !path_and_query.starts_with('/') {
            return Err(HttpError::InvalidUri(format!(
                "path_and_query must start with '/': {}",
                path_and_query
            )));
        }
        let full = format!("https://{}{}", self.host, path_and_query);
        full.parse::<Uri>().map_err(|_| HttpError::InvalidUri(full))
    }

    /// Low-level request helper returning raw bytes.
    ///
    /// Hardening:
    /// - Adds `Accept-Encoding: gzip, deflate, br` if not present
    /// - Adds a default `User-Agent` if not present
    /// - Caps download to `max_body_bytes`
    ///
    /// IMPORTANT: This crate does **not** retry requests.
    pub async fn request_bytes(
        &self,
        method: Method,
        path_and_query: &str,
        mut headers: HeaderMap,
        body: Bytes,
    ) -> Result<(u16, HeaderMap, Bytes), HttpError> {
        let uri = self.uri(path_and_query)?;

        if !headers.contains_key(header::ACCEPT_ENCODING) {
            headers.insert(
                header::ACCEPT_ENCODING,
                HeaderValue::from_static("gzip, deflate, br"),
            );
        }

        if !headers.contains_key(header::USER_AGENT) {
            // "reqkit/<version>" at compile-time.
            const UA: &str = concat!("reqkit/", env!("CARGO_PKG_VERSION"));
            headers.insert(header::USER_AGENT, HeaderValue::from_static(UA));
        }

        async fn attempt(
            client: &Client<hyper_rustls::HttpsConnector<HttpConnector>, Full<Bytes>>,
            io_timeout: Duration,
            max_body_bytes: usize,
            method: Method,
            uri: Uri,
            headers: HeaderMap,
            body: Bytes,
        ) -> Result<(u16, HeaderMap, Bytes), HttpError> {
            let mut builder = Request::builder().method(method).uri(uri);
            {
                let h = builder.headers_mut().expect("builder headers");
                *h = headers;
            }

            let req = builder
                .body(Full::new(body))
                .map_err(|e| HttpError::InvalidUri(e.to_string()))?;

            let resp: Response<Incoming> = match timeout(io_timeout, client.request(req)).await {
                Ok(Ok(r)) => r,
                Ok(Err(e)) => return Err(HttpError::Client(e)),
                Err(_) => return Err(HttpError::Timeout),
            };

            let status = resp.status().as_u16();
            let headers = resp.headers().clone();

            let bytes = collect_limited(resp.into_body(), io_timeout, max_body_bytes).await?;
            Ok((status, headers, bytes))
        }

        attempt(
            &self.client,
            self.io_timeout,
            self.max_body_bytes,
            method,
            uri,
            headers,
            body,
        )
        .await
    }
}

/// Collect an Incoming body into `Bytes` with an upper bound.
///
/// Timeout covers full body download.
async fn collect_limited(
    mut body: Incoming,
    io_timeout: Duration,
    max: usize,
) -> Result<Bytes, HttpError> {
    let fut = async move {
        let mut out = BytesMut::new();
        while let Some(frame) = body.frame().await {
            let frame = frame?;
            if let Some(chunk) = frame.data_ref() {
                if out.len().saturating_add(chunk.len()) > max {
                    return Err(HttpError::BodyTooLarge { limit_bytes: max });
                }
                out.put_slice(chunk);
            }
        }
        Ok::<Bytes, HttpError>(out.freeze())
    };

    match timeout(io_timeout, fut).await {
        Ok(r) => r,
        Err(_) => Err(HttpError::Timeout),
    }
}

/// Decode the response bytes according to `Content-Encoding`.
///
/// Supports: `gzip`, `deflate`, `br` (Brotli).
///
/// Safety:
/// - Caps the decoded output to `max_out`
/// - Runs in `spawn_blocking` because flate2/brotli decode paths are synchronous
pub async fn decode_content(
    headers: &HeaderMap,
    body: Bytes,
    max_out: usize,
) -> Result<Bytes, HttpError> {
    if body.is_empty() {
        return Ok(body);
    }

    let encs: Vec<String> = headers
        .get_all(header::CONTENT_ENCODING)
        .iter()
        .filter_map(|v| v.to_str().ok())
        .flat_map(|s| s.split(','))
        .map(|t| t.trim().to_ascii_lowercase())
        .filter(|t| !t.is_empty() && t != "identity")
        .collect();

    if encs.is_empty() {
        return Ok(body);
    }

    let body_vec = body.to_vec();
    let res = tokio::task::spawn_blocking(move || {
        let mut cur = body_vec;

        for enc in encs.into_iter().rev() {
            cur = match enc.as_str() {
                "gzip" => decode_gzip_limited(&cur, max_out)?,
                "deflate" => decode_deflate_limited(&cur, max_out)?,
                "br" => decode_brotli_limited(&cur, max_out)?,
                other => {
                    return Err(HttpError::DecodeBody(format!(
                        "unsupported content-encoding: {}",
                        other
                    )));
                }
            };
        }

        Ok::<Vec<u8>, HttpError>(cur)
    })
    .await;

    match res {
        Ok(Ok(v)) => Ok(Bytes::from(v)),
        Ok(Err(e)) => Err(e),
        Err(e) => Err(HttpError::DecodeBody(format!("decoder task failed: {}", e))),
    }
}

fn decode_gzip_limited(input: &[u8], max_out: usize) -> Result<Vec<u8>, HttpError> {
    use flate2::read::GzDecoder;
    let mut dec = GzDecoder::new(input);
    read_to_end_limited(&mut dec, max_out)
}

fn decode_deflate_limited(input: &[u8], max_out: usize) -> Result<Vec<u8>, HttpError> {
    use flate2::read::{DeflateDecoder, ZlibDecoder};

    // "deflate" is usually zlib-wrapped, but sometimes raw DEFLATE is sent.
    let mut z = ZlibDecoder::new(input);
    match read_to_end_limited(&mut z, max_out) {
        Ok(v) => Ok(v),
        Err(_) => {
            let mut d = DeflateDecoder::new(input);
            read_to_end_limited(&mut d, max_out)
        }
    }
}

fn decode_brotli_limited(input: &[u8], max_out: usize) -> Result<Vec<u8>, HttpError> {
    use brotli::Decompressor;
    let mut dec = Decompressor::new(input, 4096);
    read_to_end_limited(&mut dec, max_out)
}

fn read_to_end_limited<R: std::io::Read>(r: &mut R, max_out: usize) -> Result<Vec<u8>, HttpError> {
    let mut out = Vec::new();
    let mut buf = [0u8; 8192];

    loop {
        let n = r
            .read(&mut buf)
            .map_err(|e| HttpError::DecodeBody(e.to_string()))?;
        if n == 0 {
            break;
        }
        if out.len().saturating_add(n) > max_out {
            return Err(HttpError::BodyTooLarge {
                limit_bytes: max_out,
            });
        }
        out.extend_from_slice(&buf[..n]);
    }

    Ok(out)
}

/// Build a rustls `ClientConfig` that uses the OS/platform certificate verifier.
///
/// This is what makes "missing intermediate" sites work without user-provided PEMs.
fn platform_tls_config() -> Result<rustls::ClientConfig, HttpError> {
    use rustls::crypto::CryptoProvider;
    use rustls_platform_verifier::BuilderVerifierExt;

    let provider: std::sync::Arc<CryptoProvider> = if let Some(p) = CryptoProvider::get_default() {
        p.clone()
    } else {
        let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
        CryptoProvider::get_default()
            .ok_or_else(|| {
                HttpError::Tls("CryptoProvider still None after install_default()".into())
            })?
            .clone()
    };

    let builder = rustls::ClientConfig::builder_with_provider(provider)
        .with_safe_default_protocol_versions()
        .map_err(|e| HttpError::Tls(format!("protocol versions init failed: {e:?}")))?;

    let cfg = builder
        .with_platform_verifier()
        .map_err(|e| HttpError::Tls(format!("with_platform_verifier failed: {e:?}")))?
        .with_no_client_auth();

    Ok(cfg)
}