Merge main into proxy foundation

crates/yaak-http/src/client.rs

@@ -1,11 +1,36 @@
 use crate::dns::LocalhostResolver;
 use crate::error::Result;
 use log::{debug, info, warn};
-use reqwest::{Client, Proxy, redirect};
+use reqwest::{Client, ClientBuilder, Proxy, redirect};
 use std::sync::Arc;
 use yaak_models::models::DnsOverride;
 use yaak_tls::{ClientCertificateConfig, get_tls_config};
 
+pub const HTTP2_MAX_RESPONSE_HEADER_LIST_SIZE: u32 = 1024 * 1024;
+
+fn client_builder() -> ClientBuilder {
+    Client::builder().http2_max_header_list_size(HTTP2_MAX_RESPONSE_HEADER_LIST_SIZE)
+}
+
+#[derive(Clone)]
+pub struct ConfiguredClient {
+    inner: Client,
+}
+
+impl ConfiguredClient {
+    pub(crate) fn build_default() -> Result<Self> {
+        Ok(Self { inner: client_builder().build()? })
+    }
+
+    pub(crate) fn from_inner(inner: Client) -> Self {
+        Self { inner }
+    }
+
+    pub(crate) fn inner(&self) -> &Client {
+        &self.inner
+    }
+}
+
 /// Build a native-tls connector for maximum compatibility when certificate
 /// validation is disabled. Unlike rustls, native-tls uses the OS TLS stack
 /// (Secure Transport on macOS, SChannel on Windows, OpenSSL on Linux) which
@@ -87,8 +112,8 @@ impl HttpConnectionOptions {
     /// Build a reqwest Client and return it along with the DNS resolver.
     /// The resolver is returned separately so it can be configured per-request
     /// to emit DNS timing events to the appropriate channel.
-    pub(crate) fn build_client(&self) -> Result<(Client, Arc<LocalhostResolver>)> {
-        let mut client = Client::builder()
+    pub(crate) fn build_client(&self) -> Result<(ConfiguredClient, Arc<LocalhostResolver>)> {
+        let mut client = client_builder()
             .connection_verbose(true)
             .redirect(redirect::Policy::none())
             // Decompression is handled by HttpTransaction, not reqwest
@@ -108,8 +133,7 @@ impl HttpConnectionOptions {
             client = client.use_preconfigured_tls(config);
         } else {
             // Use native TLS for maximum compatibility (supports TLS 1.0+)
-            let connector =
-                build_native_tls_connector(self.client_certificate.clone())?;
+            let connector = build_native_tls_connector(self.client_certificate.clone())?;
             client = client.use_preconfigured_tls(connector);
         }
 
@@ -136,7 +160,7 @@ impl HttpConnectionOptions {
             self.client_certificate.is_some()
         );
 
-        Ok((client.build()?, resolver))
+        Ok((ConfiguredClient::from_inner(client.build()?), resolver))
     }
 }
 

crates/yaak-http/src/cookies.rs

@@ -124,6 +124,30 @@ impl CookieStore {
     }
 }
 
+/// Get a stored cookie value by name, optionally scoped to an exact stored domain.
+pub fn get_cookie_value_from_jar(
+    cookies: impl IntoIterator<Item = Cookie>,
+    name: &str,
+    domain: Option<&str>,
+) -> Option<String> {
+    let domain = domain.and_then(normalize_cookie_domain_filter);
+
+    cookies.into_iter().find_map(|cookie| {
+        let (cookie_name, value) = parse_cookie_name_value(&cookie.raw_cookie)?;
+        if cookie_name != name {
+            return None;
+        }
+
+        if let Some(domain) = domain.as_deref() {
+            if !cookie_domain_matches_filter(&cookie.domain, domain) {
+                return None;
+            }
+        }
+
+        Some(value)
+    })
+}
+
 /// Parse name=value from a cookie string (raw_cookie format)
 fn parse_cookie_name_value(raw_cookie: &str) -> Option<(String, String)> {
     // The raw_cookie typically looks like "name=value" or "name=value; attr1; attr2=..."
@@ -135,6 +159,20 @@ fn parse_cookie_name_value(raw_cookie: &str) -> Option<(String, String)> {
     if name.is_empty() { None } else { Some((name, value)) }
 }
 
+fn normalize_cookie_domain_filter(domain: &str) -> Option<String> {
+    let domain = domain.trim().trim_start_matches('.').to_lowercase();
+    if domain.is_empty() { None } else { Some(domain) }
+}
+
+fn cookie_domain_matches_filter(cookie_domain: &CookieDomain, domain: &str) -> bool {
+    match cookie_domain {
+        CookieDomain::HostOnly(cookie_domain) | CookieDomain::Suffix(cookie_domain) => {
+            normalize_cookie_domain_filter(cookie_domain).is_some_and(|d| d == domain)
+        }
+        CookieDomain::NotPresent | CookieDomain::Empty => false,
+    }
+}
+
 /// Parse a Set-Cookie header into a Cookie
 fn parse_set_cookie(header_value: &str, request_url: &Url) -> Option<Cookie> {
     let parsed = cookie::Cookie::parse(header_value).ok()?;
@@ -278,6 +316,15 @@ fn is_localhost(domain: &str) -> bool {
 mod tests {
     use super::*;
 
+    fn cookie(raw_cookie: &str, domain: CookieDomain) -> Cookie {
+        Cookie {
+            raw_cookie: raw_cookie.to_string(),
+            domain,
+            expires: CookieExpires::SessionEnd,
+            path: ("/".to_string(), false),
+        }
+    }
+
     #[test]
     fn test_parse_cookie_name_value() {
         assert_eq!(
@@ -387,6 +434,52 @@ mod tests {
         assert_eq!(store.get_all_cookies().len(), 1);
     }
 
+    #[test]
+    fn test_get_cookie_value_preserves_name_only_first_match() {
+        let cookies = vec![
+            cookie("co-auth=", CookieDomain::HostOnly("foo.example.com".to_string())),
+            cookie("co-auth=token", CookieDomain::Suffix("example.com".to_string())),
+        ];
+
+        assert_eq!(get_cookie_value_from_jar(cookies, "co-auth", None), Some("".to_string()));
+    }
+
+    #[test]
+    fn test_get_cookie_value_matches_domain() {
+        let cookies = vec![
+            cookie("co-auth=", CookieDomain::HostOnly("foo.example.com".to_string())),
+            cookie("co-auth=token", CookieDomain::Suffix("example.com".to_string())),
+        ];
+
+        assert_eq!(
+            get_cookie_value_from_jar(cookies, "co-auth", Some("example.com")),
+            Some("token".to_string())
+        );
+    }
+
+    #[test]
+    fn test_get_cookie_value_normalizes_domain_filter() {
+        let cookies = vec![cookie(
+            "co-auth=token",
+            CookieDomain::Suffix("Example.COM".to_string()),
+        )];
+
+        assert_eq!(
+            get_cookie_value_from_jar(cookies, "co-auth", Some(" .example.com ")),
+            Some("token".to_string())
+        );
+    }
+
+    #[test]
+    fn test_get_cookie_value_requires_exact_stored_domain_match() {
+        let cookies = vec![cookie(
+            "co-auth=token",
+            CookieDomain::HostOnly("foo.example.com".to_string()),
+        )];
+
+        assert_eq!(get_cookie_value_from_jar(cookies, "co-auth", Some("example.com")), None);
+    }
+
     #[test]
     fn test_is_single_component_domain() {
         // Single-component domains (TLDs)

crates/yaak-http/src/manager.rs

@@ -1,7 +1,6 @@
-use crate::client::HttpConnectionOptions;
+use crate::client::{ConfiguredClient, HttpConnectionOptions};
 use crate::dns::LocalhostResolver;
 use crate::error::Result;
-use reqwest::Client;
 use std::collections::BTreeMap;
 use std::sync::Arc;
 use std::time::{Duration, Instant};
@@ -10,7 +9,7 @@ use tokio::sync::RwLock;
 /// A cached HTTP client along with its DNS resolver.
 /// The resolver is needed to set the event sender per-request.
 pub struct CachedClient {
-    pub client: Client,
+    pub client: ConfiguredClient,
     pub resolver: Arc<LocalhostResolver>,
 }
 

crates/yaak-http/src/sender.rs

@@ -5,7 +5,7 @@ use async_trait::async_trait;
 use bytes::Bytes;
 use futures_util::StreamExt;
 use http_body::{Body as HttpBody, Frame, SizeHint};
-use reqwest::{Client, Method, Version};
+use reqwest::{Method, Version};
 use std::fmt::Display;
 use std::pin::Pin;
 use std::task::{Context, Poll};
@@ -411,18 +411,18 @@ pub trait HttpSender: Send + Sync {
 
 /// Reqwest-based implementation of HttpSender
 pub struct ReqwestSender {
-    client: Client,
+    client: crate::client::ConfiguredClient,
 }
 
 impl ReqwestSender {
     /// Create a new ReqwestSender with a default client
     pub fn new() -> Result<Self> {
-        let client = Client::builder().build().map_err(Error::Client)?;
+        let client = crate::client::ConfiguredClient::build_default()?;
         Ok(Self { client })
     }
 
-    /// Create a new ReqwestSender with a custom client
-    pub fn with_client(client: Client) -> Self {
+    /// Create a new ReqwestSender with a configured client
+    pub fn with_client(client: crate::client::ConfiguredClient) -> Self {
         Self { client }
     }
 }
@@ -444,7 +444,7 @@ impl HttpSender for ReqwestSender {
             .map_err(|e| Error::RequestError(format!("Invalid HTTP method: {}", e)))?;
 
         // Build the request
-        let mut req_builder = self.client.request(method, &request.url);
+        let mut req_builder = self.client.inner().request(method, &request.url);
 
         // Add headers
         for header in request.headers {
@@ -513,7 +513,7 @@ impl HttpSender for ReqwestSender {
         send_event(HttpResponseEvent::Info("Sending request to server".to_string()));
 
         // Map some errors to our own, so they look nicer
-        let response = self.client.execute(sendable_req).await.map_err(|e| {
+        let response = self.client.inner().execute(sendable_req).await.map_err(|e| {
             if reqwest::Error::is_timeout(&e) {
                 Error::RequestTimeout(
                     request.options.timeout.unwrap_or(Duration::from_secs(0)).clone(),

crates/yaak-http/src/types.rs

@@ -226,10 +226,8 @@ async fn build_body(
 
     let (body, content_type) = match body_type.as_str() {
         "binary" => (build_binary_body(&body).await?, None),
-        "graphql" => (build_graphql_body(&method, &body), Some("application/json".to_string())),
-        "application/x-www-form-urlencoded" => {
-            (build_form_body(&body), Some("application/x-www-form-urlencoded".to_string()))
-        }
+        "graphql" => (build_graphql_body(&method, &body), None),
+        "application/x-www-form-urlencoded" => (build_form_body(&body), None),
         "multipart/form-data" => build_multipart_body(&body, &headers).await?,
         _ if body.contains_key("text") => (build_text_body(&body, body_type), None),
         t => {