Skip to main content

bitwarden_api_base/
client.rs

1//! HTTP client construction shared by all API crates.
2//!
3//! Centralizing this here ensures the SDK's TLS stack (rustls + platform verifier)
4//! is configured identically everywhere a `reqwest::Client` is created. On WASM the
5//! browser/Node fetch backend is used and no TLS configuration is applied.
6
7/// Returns a [`reqwest::ClientBuilder`] preconfigured with the SDK's TLS settings.
8///
9/// On non-WASM targets the builder is wired up with rustls and the platform
10/// certificate verifier. On WASM the builder is returned unmodified.
11pub fn new_http_client_builder() -> reqwest::ClientBuilder {
12    #[allow(unused_mut)]
13    let mut client_builder = reqwest::Client::builder();
14
15    #[cfg(not(target_arch = "wasm32"))]
16    {
17        use rustls::ClientConfig;
18        use rustls_platform_verifier::ConfigVerifierExt;
19        client_builder = client_builder.use_preconfigured_tls(
20            ClientConfig::with_platform_verifier().expect("Failed to create platform verifier"),
21        );
22
23        // Enforce HTTPS for all requests in non-debug builds
24        #[cfg(not(debug_assertions))]
25        {
26            client_builder = client_builder.https_only(true);
27        }
28    }
29
30    client_builder
31}
32
33/// Returns a [`reqwest::Client`] built from [`new_http_client_builder`].
34pub fn new_http_client() -> reqwest::Client {
35    new_http_client_builder()
36        .build()
37        .expect("HTTP client build should not fail")
38}