Code deduplication + IPv6 HTTP client fix

[denizzzka]

• Removes multiple copy-and-pasted lines from HTTP client module.

• Fixes ommited support of IPv6 addresses in two of four requestHTTP fuctions

• Adds module vibe.http.auth.basic_auth_client to avoid cyclic dependency of ctors/dtors between HTTP client and server code.

• @safe coverage slightly increased

[Geod24]

Made a few comments.

[Geod24]

Instead of creating a variable, you can just return when it is set, because the variable is only ever assigned to once

[denizzzka]

I want to avoid changes as much as possible so as not to add any error here. It's okay if such a variable stays here for a while. And personally I do not like many exit points.

[Geod24]

If the delegate aren't @safe, this can't be marked @trusted, ever

[denizzzka]

This is already tagged as "Outdated".

I used @trusted here temporary to not to make a mistake by making a big change right away

[s-ludwig]

In that case you could add @system to httpRequesterDg instead. @trusted is bad, because it communicates that the contained code has been manually verified to be safe, which is of course not the case with a user supplied callback.

Of course the next step at some point will be to templatize the callback parameter and let the compiler infer the safety of the function (which currently requires putting it in a different scope or replacing the @safe: at the beginning of the file).

EDIT: I just saw what you mean with the wohle block being trusted before, so I'm fine with the current intermediate step!

[Geod24]

Why the new module ? If it's only for one function I am not sure it's worth it.

[denizzzka]

It is need to avoid cyclic dependency of ctors/dtors between HTTP client and server modules what both use basic_auth module otherwise

[Geod24]

There's no point in using @safe if we trust a random external delegate.

[denizzzka]

In fact, if look carefully, initially all of this code block was unsafe - otherwise, how would such call marked here by red color work at all? Now only one line of it marked as trusted.

[denizzzka]

In other words, we previously trusted to it too and nothing changed.

[denizzzka]

One test failed on CI side again

[s-ludwig]

Naming: isTLSNeeded or isTLSRequired

[s-ludwig]

In that case you could add @system to httpRequesterDg instead. @trusted is bad, because it communicates that the contained code has been manually verified to be safe, which is of course not the case with a user supplied callback.

Of course the next step at some point will be to templatize the callback parameter and let the compiler infer the safety of the function (which currently requires putting it in a different scope or replacing the @safe: at the beginning of the file).

EDIT: I just saw what you mean with the wohle block being trusted before, so I'm fine with the current intermediate step!

[s-ludwig]

About the auth_basic changes, the fact that it creates a new public mini-module is really unfortunate. A more suitable solution may be to create a new vibe.http.internal.* module that contains the implementation, which is in turn used by vibe.http.client and exposed though vibe.http.auth.auth_basic. That just also requires taking care of the ddox-filter arguments in the main dub.sdl file.

I'm not sure about the name of that internal module, since it will only contain one almost trivial function, but since it's internal, it doesn't really matter that much and auth_basic is just fine for now. The function itself could even be marked as package(vibe.http) in addition to not being documented.

[denizzzka]

I'm not sure about the name of that internal module, since it will only contain one almost trivial function

Maybe some another functions will be moved to it too? I just moved this one because compilation issue. (But this change can be left for the future.)

[s-ludwig]

Maybe some another functions will be moved to it too? I just moved one because compilation issue.
(But this change can be left for the future.)

Agreed, but we can freely change the module name later as required, so it really just shouldn't become a reason to worry about now.

[denizzzka]

A more suitable solution may be to create a new vibe.http.internal.*

This solution may lead to same cyclic dependency in the future when some another functions will be moved to it. (Because internal.* sounds like that it should contain both client and server code)

(I did not notice the asterisk.)

It turns out to not very look good (as for me) with the same result:vibe.http.internal.basic_auth_client. Moreover, in fact, addBasicAuth aren't internal function - this is a function that is designed to call by users.

I think it's better to leave it as it is now.

[s-ludwig]

I'm mostly concerned with the public API. The internal module is a little silly for the amount of code it contains, but that's fine if the alternative is to have a public module with the same issue, plus making a pointless breaking change.

[denizzzka]

What if I am just remove deprecated from alias addBasicAuth = vibe.http.auth.basic_auth_client.addBasicAuth;? Will documentation also be rendered for vibe.http.auth.basic_auth module? In this case no one will notice anything and nothing will need to be changed in the user code.

[s-ludwig]

Yes, it's still a normal public module in that case. The convention is that any *.internal.* modules will be hidden from the documentation.