fix: Switch to rustls-tls, add Android emulator support, expose set_tokens

[AnthonyRonning]

Changes

• Switch reqwest to rustls-tls: Drops native-tls/openssl-sys dependency, fixing Android cross-compilation (no more openssl-sys linking errors with cargo-ndk). Works on all platforms (macOS, iOS, Linux, Windows, Android).
• Add 10.0.2.2 to mock attestation whitelist: Android emulator uses this IP to reach the host machine's localhost.
• Expose set_tokens() on OpenSecretClient: Enables native platforms to restore persisted session tokens on cold launch without going through the full login flow.

---

Summary by CodeRabbit

• New Features

  • Added ability to update authentication tokens at runtime.

• Improvements

  • Recognizes an additional local/development network address as a mock environment.
  • Adjusted transport settings to use an alternative TLS implementation and enabled additional network capabilities (HTTP/2, charset handling, system proxy support).

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the reqwest dependency to disable default features and enable additional features (rustls-tls, http2, charset, system-proxy); extended mock-environment detection to include 10.0.2.2; added a public OpenSecretClient::set_tokens method that clears session state and delegates token updates to the session manager.

Changes

Cohort / File(s)	Summary
Dependency Configuration rust/Cargo.toml	reqwest dependency revised to version = "0.12", default-features = false, features set to ["json", "stream", "rustls-tls", "http2", "charset", "system-proxy"].
Client Enhancement rust/src/client.rs	Mock detection extended to treat 10.0.2.2 as a mock environment; added pub fn set_tokens(&self, access_token: String, refresh_token: Option<String>) -> Result<()> which clears the session and delegates token storage to the session manager.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nudged the Cargo locks and tuned the TLS,
Spotted 10.0.2.2 where test-bunnies rest.
I added a hook to set tokens with care,
Clearing the burrow, then storing them there.
Hop, code, compile — a rabbit's gentle flair.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title comprehensively covers all three main changes: switching to rustls-tls, adding Android emulator support via 10.0.2.2, and exposing the set_tokens method.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/rustls-android-session-restore

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying opensecret-sdk with    Cloudflare Pages

Latest commit:	783e611
Status:	✅  Deploy successful!
Preview URL:	https://2988fa4c.opensecret-sdk.pages.dev
Branch Preview URL:	https://fix-rustls-android-session-r.opensecret-sdk.pages.dev

View logs

[coderabbitai]

♻️ Duplicate comments (1)

rust/src/client.rs (1)

31-34: ⚠️ Potential issue | 🟠 Major

Use exact host matching before enabling mock attestation.

Line 31-Line 34 and Line 47-Line 50 still use substring checks; this can accidentally enable mock mode for non-local hosts. Parse URL and match host_str() exactly.

🔧 Suggested fix

 impl OpenSecretClient {
+    fn should_use_mock_attestation(base_url: &str) -> bool {
+        if let Ok(url) = reqwest::Url::parse(base_url) {
+            matches!(
+                url.host_str(),
+                Some("localhost" | "127.0.0.1" | "0.0.0.0" | "10.0.2.2")
+            )
+        } else {
+            false
+        }
+    }
+
     pub fn new(base_url: impl Into<String>) -> Result<Self> {
         let base_url = base_url.into();
-        let use_mock = base_url.contains("localhost")
-            || base_url.contains("127.0.0.1")
-            || base_url.contains("0.0.0.0")
-            || base_url.contains("10.0.2.2");
+        let use_mock = Self::should_use_mock_attestation(&base_url);
@@
     pub fn new_with_api_key(base_url: impl Into<String>, api_key: String) -> Result<Self> {
         let base_url = base_url.into();
-        let use_mock = base_url.contains("localhost")
-            || base_url.contains("127.0.0.1")
-            || base_url.contains("0.0.0.0")
-            || base_url.contains("10.0.2.2");
+        let use_mock = Self::should_use_mock_attestation(&base_url);

Also applies to: 47-50

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rust/src/client.rs` around lines 31 - 34, The substring checks enabling mock
attestation are too broad; update the logic that sets use_mock (and the similar
block at the other occurrence) to parse base_url as a URL (e.g., using
Url::parse) and call host_str() to compare the host exactly against "localhost",
"127.0.0.1", "0.0.0.0", and "10.0.2.2"; if URL parsing fails, fall back to
conservative behavior (do not enable mock) or handle the error explicitly.
Locate the code that sets use_mock and the duplicate block later and replace the
contains(...) checks with exact host_str() equality checks.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@rust/src/client.rs`:
- Around line 31-34: The substring checks enabling mock attestation are too
broad; update the logic that sets use_mock (and the similar block at the other
occurrence) to parse base_url as a URL (e.g., using Url::parse) and call
host_str() to compare the host exactly against "localhost", "127.0.0.1",
"0.0.0.0", and "10.0.2.2"; if URL parsing fails, fall back to conservative
behavior (do not enable mock) or handle the error explicitly. Locate the code
that sets use_mock and the duplicate block later and replace the contains(...)
checks with exact host_str() equality checks.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 88fb52b0-ef52-49e1-ad81-b3709ffc4952

📥 Commits

Reviewing files that changed from the base of the PR and between 0b984c6 and 783e611.

📒 Files selected for processing (2)

• rust/Cargo.toml
• rust/src/client.rs