Skip to main content

bitwarden_api_base/
client.rs

1//! HTTP client construction shared by all API crates.
2//!
3//! Centralizing this here ensures the SDK's TLS stack (rustls + platform verifier)
4//! is configured identically everywhere a `reqwest::Client` is created. On WASM the
5//! browser/Node fetch backend is used and no TLS configuration is applied.
6
7/// Returns a [`reqwest::ClientBuilder`] preconfigured with the SDK's TLS settings.
8///
9/// On non-WASM targets the builder is wired up with rustls and the platform
10/// certificate verifier. On WASM the builder is returned unmodified.
11pub fn new_http_client_builder() -> reqwest::ClientBuilder {
12    #[allow(unused_mut)]
13    let mut client_builder = reqwest::Client::builder();
14
15    #[cfg(not(target_arch = "wasm32"))]
16    {
17        let _ = rustls::crypto::ring::default_provider().install_default();
18
19        use rustls::ClientConfig;
20        use rustls_platform_verifier::ConfigVerifierExt;
21        client_builder = client_builder.tls_backend_preconfigured(
22            ClientConfig::with_platform_verifier().expect("Failed to create platform verifier"),
23        );
24
25        // Enforce HTTPS for all requests in non-debug builds
26        #[cfg(not(debug_assertions))]
27        {
28            client_builder = client_builder.https_only(true);
29        }
30    }
31
32    client_builder
33}
34
35/// Returns a [`reqwest::Client`] built from [`new_http_client_builder`].
36pub fn new_http_client() -> reqwest::Client {
37    new_http_client_builder()
38        .build()
39        .expect("HTTP client build should not fail")
40}