module Network.HTTP.Client.CreateManager
  ( mkHttpManager,
  )
where

import Hasura.Prelude
import Hasura.RQL.Types.Network (TlsAllow)
import Network.HTTP.Client qualified as HTTP
import Network.HTTP.Client.Blocklisting (Blocklist, block)
import Network.HTTP.Client.DynamicTlsPermissions qualified as HTTP
import Network.HTTP.Client.Restricted qualified as Restricted

-- | This mkHttpManager function takes a mechanism for finding the current allowlist,
-- | Thus allowing it to be coupled from any ref type such as SchemaCacheRef.
-- | A mechanism to block IPs (both IPv4 and IPv6) has also been added to it.
mkHttpManager :: IO [TlsAllow] -> Blocklist -> IO HTTP.Manager
mkHttpManager :: IO [TlsAllow] -> Blocklist -> IO Manager
mkHttpManager IO [TlsAllow]
currentAllow Blocklist
blocklist = do
  TLSSettings
tlsSettings <- IO [TlsAllow] -> IO TLSSettings
HTTP.dynamicTlsSettings IO [TlsAllow]
currentAllow
  ManagerSettings -> IO Manager
HTTP.newManager (ManagerSettings -> IO Manager) -> ManagerSettings -> IO Manager
forall a b. (a -> b) -> a -> b
$
    Restriction
-> Maybe ConnectionContext -> Maybe TLSSettings -> ManagerSettings
Restricted.mkRestrictedManagerSettings (Blocklist -> Restriction
block Blocklist
blocklist) Maybe ConnectionContext
forall a. Maybe a
Nothing (TLSSettings -> Maybe TLSSettings
forall a. a -> Maybe a
Just TLSSettings
tlsSettings)