synapse_rpc/

http_client.rs

//! HTTP RPC client for calling gateway over HTTP
//!
//! This client allows services to make RPC calls to the gateway
//! using HTTP as the transport. Supports both plain HTTP (dev) and mTLS (production).

use crate::{
    ContentType,
    codec::{decode_message, encode_message},
    message::create_rpc_request,
};
use anyhow::{Context, Result};
use bytes::Bytes;
use synapse_primitives::Uuid;
use synapse_proto::{RpcRequest, RpcResponse, SynapseMessage, synapse_message};

/// HTTP RPC client
///
/// Makes RPC calls to the gateway over HTTP POST requests.
/// Supports both plain HTTP (dev mode) and mTLS (production).
pub struct HttpRpcClient {
    gateway_url: String,
    content_type: ContentType,
    client: reqwest::Client,
    timeout: std::time::Duration,
}

impl HttpRpcClient {
    /// Default request timeout (30 seconds)
    const DEFAULT_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(30);

    /// Create a new HTTP RPC client (plain HTTP, no TLS)
    pub fn new(gateway_url: impl Into<String>, content_type: ContentType) -> Self {
        Self {
            gateway_url: gateway_url.into(),
            content_type,
            client: reqwest::Client::new(),
            timeout: Self::DEFAULT_TIMEOUT,
        }
    }

    /// Set the request timeout
    pub fn with_timeout(mut self, timeout: std::time::Duration) -> Self {
        self.timeout = timeout;
        self
    }

    /// Create a new HTTP RPC client with mTLS
    pub fn with_mtls(
        gateway_url: impl Into<String>,
        content_type: ContentType,
        cert_path: impl AsRef<std::path::Path>,
        key_path: impl AsRef<std::path::Path>,
        ca_cert_path: impl AsRef<std::path::Path>,
    ) -> Result<Self> {
        use std::io::BufReader;

        tracing::info!(
            "Creating mTLS client: cert={}, key={}, ca={}",
            cert_path.as_ref().display(),
            key_path.as_ref().display(),
            ca_cert_path.as_ref().display()
        );

        // Load client certificate chain
        let cert_file =
            std::fs::File::open(cert_path.as_ref()).context("Failed to open client certificate")?;
        let mut cert_reader = BufReader::new(cert_file);
        let certs: Vec<_> = rustls_pemfile::certs(&mut cert_reader)
            .collect::<std::result::Result<Vec<_>, _>>()
            .context("Failed to parse client certificates")?;
        tracing::info!("Loaded {} client certificate(s)", certs.len());

        // Load client private key
        let key_file =
            std::fs::File::open(key_path.as_ref()).context("Failed to open client key")?;
        let mut key_reader = BufReader::new(key_file);
        let key = rustls_pemfile::private_key(&mut key_reader)
            .context("Failed to read private key")?
            .context("No private key found")?;
        tracing::info!("Client private key loaded");

        // Load CA certificate for server verification
        let ca_file =
            std::fs::File::open(ca_cert_path.as_ref()).context("Failed to open CA certificate")?;
        let mut ca_reader = BufReader::new(ca_file);
        let ca_certs: Vec<_> = rustls_pemfile::certs(&mut ca_reader)
            .collect::<std::result::Result<Vec<_>, _>>()
            .context("Failed to parse CA certificates")?;
        tracing::info!("Loaded {} CA certificate(s)", ca_certs.len());

        // Build root cert store for verifying the server's certificate
        let mut root_store = rustls::RootCertStore::empty();
        for cert in ca_certs {
            root_store.add(cert).context("Failed to add CA cert")?;
        }
        tracing::info!("Root store has {} certificates", root_store.len());

        // Build TLS config with client auth
        let tls_config = rustls::ClientConfig::builder()
            .with_root_certificates(root_store)
            .with_client_auth_cert(certs, key)
            .context("Failed to build TLS config")?;
        tracing::info!("TLS client config built successfully");

        // Build reqwest client with custom TLS
        let client = reqwest::Client::builder()
            .use_preconfigured_tls(tls_config)
            .build()
            .context("Failed to build HTTP client")?;

        Ok(Self {
            gateway_url: gateway_url.into(),
            content_type,
            client,
            timeout: Self::DEFAULT_TIMEOUT,
        })
    }

    /// Create a JSON client (human-readable, debugging)
    pub fn json(gateway_url: impl Into<String>) -> Self {
        Self::new(gateway_url, ContentType::Json)
    }

    /// Create a Protobuf client (efficient, production)
    pub fn protobuf(gateway_url: impl Into<String>) -> Self {
        Self::new(gateway_url, ContentType::Protobuf)
    }

    /// Create a JSON client with mTLS
    pub fn json_mtls(
        gateway_url: impl Into<String>,
        cert_path: impl AsRef<std::path::Path>,
        key_path: impl AsRef<std::path::Path>,
        ca_cert_path: impl AsRef<std::path::Path>,
    ) -> Result<Self> {
        Self::with_mtls(
            gateway_url,
            ContentType::Json,
            cert_path,
            key_path,
            ca_cert_path,
        )
    }

    /// Create a Protobuf client with mTLS
    pub fn protobuf_mtls(
        gateway_url: impl Into<String>,
        cert_path: impl AsRef<std::path::Path>,
        key_path: impl AsRef<std::path::Path>,
        ca_cert_path: impl AsRef<std::path::Path>,
    ) -> Result<Self> {
        Self::with_mtls(
            gateway_url,
            ContentType::Protobuf,
            cert_path,
            key_path,
            ca_cert_path,
        )
    }

    /// Make an RPC call
    pub async fn call(&self, request: RpcRequest) -> Result<RpcResponse> {
        let request_id = Uuid::new_v4();

        // Encode the request into a SynapseMessage
        let request_body = create_rpc_request(request_id, request, self.content_type)?;

        // Make HTTP POST request
        let url = format!("{}/rpc", self.gateway_url);
        let http_response = self
            .client
            .post(&url)
            .header("Content-Type", self.content_type.mime_type())
            .timeout(self.timeout)
            .body(request_body.to_vec())
            .send()
            .await
            .context("HTTP request failed")?;

        // Check status
        if !http_response.status().is_success() {
            let status = http_response.status();
            let body = http_response.text().await.unwrap_or_default();
            anyhow::bail!("HTTP error {}: {}", status, body);
        }

        // Read response body
        let response_body = http_response
            .bytes()
            .await
            .context("Failed to read response body")?;

        // Decode response
        let synapse_msg = decode_message(&response_body, self.content_type)?;

        // Extract RpcResponse from SynapseMessage
        match synapse_msg.message {
            Some(synapse_message::Message::RpcResponse(resp)) => Ok(resp),
            _ => anyhow::bail!(
                "Expected RPC_RESPONSE message, got kind {:?}",
                synapse_msg.kind
            ),
        }
    }

    /// Get the gateway URL
    pub fn gateway_url(&self) -> &str {
        &self.gateway_url
    }

    /// Get the content type
    pub fn content_type(&self) -> ContentType {
        self.content_type
    }

    /// Send a raw SynapseMessage and receive a response
    pub async fn send(&self, message: &SynapseMessage) -> Result<SynapseMessage> {
        // Encode the message
        let request_body = encode_message(message, self.content_type)?;

        // Make HTTP POST request
        let url = format!("{}/rpc", self.gateway_url);
        tracing::debug!("Sending SynapseMessage to: {}", url);

        let http_response = self
            .client
            .post(&url)
            .header("Content-Type", self.content_type.mime_type())
            .timeout(self.timeout)
            .body(request_body.to_vec())
            .send()
            .await
            .context("HTTP request failed")?;

        // Check status
        if !http_response.status().is_success() {
            let status = http_response.status();
            let body = http_response.text().await.unwrap_or_default();
            anyhow::bail!("HTTP error {}: {}", status, body);
        }

        // Read response body
        let response_body = http_response
            .bytes()
            .await
            .context("Failed to read response body")?;

        // Decode response
        decode_message(&response_body, self.content_type)
    }

    /// Send raw bytes and receive raw bytes
    pub async fn send_raw(&self, body: Bytes) -> Result<Bytes> {
        // Make HTTP POST request
        let url = format!("{}/rpc", self.gateway_url);
        let http_response = self
            .client
            .post(&url)
            .header("Content-Type", self.content_type.mime_type())
            .timeout(self.timeout)
            .body(body.to_vec())
            .send()
            .await
            .context("HTTP request failed")?;

        // Check status
        if !http_response.status().is_success() {
            let status = http_response.status();
            let body = http_response.text().await.unwrap_or_default();
            anyhow::bail!("HTTP error {}: {}", status, body);
        }

        // Read response body
        let response_body = http_response
            .bytes()
            .await
            .context("Failed to read response body")?;

        Ok(Bytes::from(response_body.to_vec()))
    }
}