HTTPClient: added support for sending X-Nonce

[NachoSoto]

Fixes CSDK-631.

[tonidero]

It's looking good!

[codecov]

Codecov Report

Merging #2214 (bc52a3b) into main (cf3090a) will decrease coverage by 0.08%.
The diff coverage is 100.00%.

❗ Current head bc52a3b differs from pull request most recent head 5ab771e. Consider uploading reports for the commit 5ab771e to get more accurate results

@@            Coverage Diff             @@
##             main    #2214      +/-   ##
==========================================
- Coverage   85.96%   85.89%   -0.08%     
==========================================
  Files         184      183       -1     
  Lines       12121    12152      +31     
==========================================
+ Hits        10420    10438      +18     
- Misses       1701     1714      +13     

Impacted Files	Coverage Δ
Sources/Networking/HTTPClient/HTTPClient.swift	94.21% <100.00%> (-3.99%)	⬇️
Sources/Networking/HTTPClient/HTTPRequest.swift	100.00% <100.00%> (ø)
...s/Logging/Strings/ManageSubscriptionsStrings.swift	75.00% <0.00%> (-6.25%)	⬇️
Sources/Support/ManageSubscriptionsHelper.swift	68.04% <0.00%> (-2.07%)	⬇️
Sources/Logging/Strings/NetworkStrings.swift	98.36% <0.00%> (-1.64%)	⬇️
...ources/Purchasing/IntroEligibilityCalculator.swift	100.00% <0.00%> (ø)
...chasing/StoreKitAbstractions/SK2StoreProduct.swift	96.72% <0.00%> (ø)
Sources/Misc/Box.swift
...hasing/StoreKit2/StoreKit2StorefrontListener.swift	100.00% <0.00%> (+13.63%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[NachoSoto]

Okay finished this. The new implementation uses the term "nonce" everywhere, and I added a test that ensures that the format matches the python tests, using the same string used there.

[tonidero]

Interesting, I didn't know you could unpack a UUID like this. But it looks good 👍

[NachoSoto]

@tonidero I've updated this implementation with a proper nonce generation algorithm now that the backend will accept 12 bytes (see ecfa437b7f557a57fdf4377b3af27dbf124908cf)

[tonidero]

Love the name 🤣

[aboedo]

I want all features to be named like that

[NachoSoto]

@tonidero @aboedo thoughts on this? assert only compiles on DEBUG builds so it can help us catch issues in tests. Sending anything other than 12 bytes would fail so might as well catch it early.

[tonidero]

Hmm when we deploy the library, we deploy the release version I think right? so this shouldn't affect developers. Also, seems like we've already done that in a few places in the codebase, so I'm ok with it 👍

[NachoSoto]

The pre-built frameworks are release, yeah. But also for people integrating with CocoaPods / SPM, their production builds are release by default.

[tonidero]

Love the name 🤣

[tonidero]

Hmm when we deploy the library, we deploy the release version I think right? so this shouldn't affect developers. Also, seems like we've already done that in a few places in the codebase, so I'm ok with it 👍

[aboedo]

is there any situation where the nonce should be nil but the path.authenticated = true?
If not, we should try to consolidate the conditions and probably log if they're not simultaneously met

[NachoSoto]

The /health endpoint is one example.

[aboedo]

technically we're verifying integrity and authenticity and the same time, right? maybe we could have the name reflect that?
also, typo here: RequestRequest

[NachoSoto]

technically we're verifying integrity and authenticity and the same time, right? maybe we could have the name reflect that?

How about HTTPRequest.createWithResponseVerification?

also, typo here: RequestRequest
Thanks 🤦🏻 I noticed that in the next PR, I'll fix it.