v3.0 API update and migrate to typed HttpClient

Author: JamieMagee

Directory.Build.targets

@@ -2,7 +2,7 @@
 
   <Target Name="Versioning" BeforeTargets="MinVer">
     <PropertyGroup Label="Build">
-      <MinVerDefaultPreReleasePhase>preview</MinVerDefaultPreReleasePhase>
+      <MinVerDefaultPreReleaseIdentifiers>preview.0</MinVerDefaultPreReleaseIdentifiers>
       <MinVerTagPrefix>v</MinVerTagPrefix>
       <MinVerVerbosity>normal</MinVerVerbosity>
     </PropertyGroup>

README.md

@@ -9,27 +9,72 @@ An unofficial .NET API client for the [MSRC CVRF API][1]
 
 ## Usage
 
-1. `dotnet add package JamieMagee.MicrosoftSecurityUpdates.Client`
-2. Create an instance of `MicrosoftSecurityUpdatesClient`:
+There are two main ways to use this client:
+
+- Dependency Injection
+- Manual Instantiation
+
+### Dependency Injection
+
+To use the client with dependency injection, register it in your `IServiceCollection`:
 
 ```csharp
-using var client = new MicrosoftSecurityUpdatesClient();
+using JamieMagee.MicrosoftSecurityUpdates.Client;
+
+// In Program.cs
+builder.Services.AddMicrosoftSecurityUpdatesClient();
+
+// Or with custom HttpClient configuration
+builder.Services.AddMicrosoftSecurityUpdatesClient(httpClient =>
+{
+    // Add custom headers, configure policies, etc.
+    httpClient.Timeout = TimeSpan.FromSeconds(30);
+});
 ```
 
-3. Use the client to get information about security updates:
+Then inject `IMicrosoftSecurityUpdatesClient` into your services:
 
 ```csharp
-// Get all updates
+public class SecurityService
+{
+    private readonly IMicrosoftSecurityUpdatesClient _client;
+
+    public SecurityService(IMicrosoftSecurityUpdatesClient client)
+    {
+        _client = client;
+    }
+
+    public async Task<IEnumerable<Update>> GetLatestUpdatesAsync()
+    {
+        return await _client.GetUpdatesAsync();
+    }
+
+    public async Task<CvrfDocument> GetSecurityBulletinAsync(string id)
+    {
+        return await _client.GetCvrfByIdAsync(id);
+    }
+}
+```
+
+### Manual Instantiation
+
+You can also create instances manually:
+
+```csharp
+// Using default HttpClient
+using var client = new MicrosoftSecurityUpdatesClient();
+
+// Using your own HttpClient (for advanced scenarios)
+using var httpClient = new HttpClient();
+httpClient.Timeout = TimeSpan.FromSeconds(30);
+var client = new MicrosoftSecurityUpdatesClient(httpClient);
+
+// Get updates
 var updates = await client.GetUpdatesAsync();
-// Get all updates by year or month
-var updates2022 = await client.GetUpdatesAsync("2022");
-var updates2022Dec = await client.GetUpdatesAsync("2022-Dec");
-// Get CVRF by month
-var cvrf2022Dec = await client.GetCvrfByIdAsync("2022-Dec");
 ```
 
 ## License
 
 All packages in this repository are licensed under [the MIT license](https://opensource.org/licenses/MIT).
 
-[1]: https://api.msrc.microsoft.com/cvrf/v2.0/swagger/index
+[1]: https://msrc.microsoft.com/update-guide

src/JamieMagee.MicrosoftSecurityUpdates.Client/IMicrosoftSecurityUpdatesClient.cs

@@ -2,9 +2,9 @@ namespace JamieMagee.MicrosoftSecurityUpdates.Client;
 
 public interface IMicrosoftSecurityUpdatesClient
 {
-    Task<CvrfDocument> GetCvrfByIdAsync(string id, CancellationToken cancellationToken = default);
+    public Task<CvrfDocument> GetCvrfByIdAsync(string id, CancellationToken cancellationToken = default);
 
-    Task<IEnumerable<Update>> GetUpdatesAsync(CancellationToken cancellationToken = default);
+    public Task<IEnumerable<Update>> GetUpdatesAsync(CancellationToken cancellationToken = default);
 
-    Task<IEnumerable<Update>> GetUpdateByIdAsync(string id, CancellationToken cancellationToken = default);
+    public Task<IEnumerable<Update>> GetUpdateByIdAsync(string id, CancellationToken cancellationToken = default);
 }

src/JamieMagee.MicrosoftSecurityUpdates.Client/JamieMagee.MicrosoftSecurityUpdates.Client.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>
@@ -11,7 +11,8 @@
   </ItemGroup>
 
   <ItemGroup Label="Package References">
-    <PackageReference Include="Restsharp" Version="108.0.3" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.0" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="8.0.0" />
   </ItemGroup>
 
 </Project>

src/JamieMagee.MicrosoftSecurityUpdates.Client/MicrosoftSecurityUpdatesClient.cs

@@ -1,63 +1,97 @@
 namespace JamieMagee.MicrosoftSecurityUpdates.Client;
 
 using System.Reflection;
+using System.Text.Json;
 using JamieMagee.MicrosoftSecurityUpdates.Client.Models;
 
 public sealed class MicrosoftSecurityUpdatesClient : IMicrosoftSecurityUpdatesClient, IDisposable
 {
-    private readonly RestClient client;
+    private readonly HttpClient httpClient;
+    private readonly bool shouldDisposeHttpClient;
+    private readonly JsonSerializerOptions jsonSerializerOptions;
 
-    public MicrosoftSecurityUpdatesClient(string baseUri)
+    public MicrosoftSecurityUpdatesClient(HttpClient httpClient)
     {
-        var version = typeof(MicrosoftSecurityUpdatesClient).GetTypeInfo().Assembly.GetName().Version;
-
-        var clientOptions = new RestClientOptions(baseUri)
-        {
-            UserAgent = $"JamieMagee.MicrosoftSecurityUpdates.Client/{version}",
-        };
+        this.httpClient = httpClient ?? throw new ArgumentNullException(nameof(httpClient));
+        this.shouldDisposeHttpClient = false;
+        this.jsonSerializerOptions = CreateJsonSerializerOptions();
 
-        this.client = new RestClient(clientOptions)
-            .AddDefaultHeader("Accept", "application/json");
+        this.ConfigureHttpClient();
     }
 
-    public MicrosoftSecurityUpdatesClient()
-        : this("https://api.msrc.microsoft.com/cvrf/v2.0")
+    public MicrosoftSecurityUpdatesClient(string baseUri = "https://api.msrc.microsoft.com/cvrf/v3.0/")
     {
+        this.httpClient = new HttpClient();
+        this.shouldDisposeHttpClient = true;
+        this.jsonSerializerOptions = CreateJsonSerializerOptions();
+
+        this.httpClient.BaseAddress = new Uri(baseUri);
+        this.ConfigureHttpClient();
     }
 
-    public void Dispose() => this.client.Dispose();
+    public void Dispose()
+    {
+        if (this.shouldDisposeHttpClient)
+        {
+            this.httpClient.Dispose();
+        }
+    }
 
-    public Task<CvrfDocument> GetCvrfByIdAsync(string id, CancellationToken cancellationToken = default)
+    public async Task<CvrfDocument> GetCvrfByIdAsync(string id, CancellationToken cancellationToken = default)
     {
-        var request = new RestRequest($"cvrf/{id}");
-        return this.ExecuteAsync<CvrfDocument>(request, cancellationToken);
+        if (string.IsNullOrWhiteSpace(id))
+        {
+            throw new ArgumentException("ID cannot be null or whitespace.", nameof(id));
+        }
+
+        var response = await this.httpClient.GetAsync($"cvrf/{id}", cancellationToken).ConfigureAwait(false);
+        response.EnsureSuccessStatusCode();
+
+        var jsonContent = await response.Content.ReadAsStringAsync(cancellationToken).ConfigureAwait(false);
+        return JsonSerializer.Deserialize<CvrfDocument>(jsonContent, this.jsonSerializerOptions)
+            ?? throw new InvalidOperationException("Failed to deserialize response.");
     }
 
     public async Task<IEnumerable<Update>> GetUpdatesAsync(CancellationToken cancellationToken = default)
     {
-        var request = new RestRequest("updates");
-        return (await this.ExecuteAsync<OdataWrapper<Update>>(request, cancellationToken)).Value;
+        var response = await this.httpClient.GetAsync("updates", cancellationToken).ConfigureAwait(false);
+        response.EnsureSuccessStatusCode();
+
+        var jsonContent = await response.Content.ReadAsStringAsync(cancellationToken).ConfigureAwait(false);
+        var wrapper = JsonSerializer.Deserialize<OdataWrapper<Update>>(jsonContent, this.jsonSerializerOptions)
+            ?? throw new InvalidOperationException("Failed to deserialize response.");
+
+        return wrapper.Value;
     }
 
     public async Task<IEnumerable<Update>> GetUpdateByIdAsync(string id, CancellationToken cancellationToken = default)
     {
-        var request = new RestRequest($"updates('{id}')");
-        return (await this.ExecuteAsync<OdataWrapper<Update>>(request, cancellationToken)).Value;
+        if (string.IsNullOrWhiteSpace(id))
+        {
+            throw new ArgumentException("ID cannot be null or whitespace.", nameof(id));
+        }
+
+        var response = await this.httpClient.GetAsync($"updates/{id}", cancellationToken).ConfigureAwait(false);
+        response.EnsureSuccessStatusCode();
+
+        var jsonContent = await response.Content.ReadAsStringAsync(cancellationToken).ConfigureAwait(false);
+        var wrapper = JsonSerializer.Deserialize<OdataWrapper<Update>>(jsonContent, this.jsonSerializerOptions)
+            ?? throw new InvalidOperationException("Failed to deserialize response.");
+
+        return wrapper.Value;
     }
 
-    private async Task<T> ExecuteAsync<T>(RestRequest request, CancellationToken cancellationToken = default)
-        where T : new()
+    private static JsonSerializerOptions CreateJsonSerializerOptions() => new()
     {
-        T data;
-
-        var response = await this.client.ExecuteAsync<T>(request, cancellationToken).ConfigureAwait(false);
-        if (!response.IsSuccessful)
-        {
-            throw new Exception(null);
-        }
+        PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
+        PropertyNameCaseInsensitive = true,
+    };
 
-        data = response.ThrowIfError().Data!;
+    private void ConfigureHttpClient()
+    {
+        var version = typeof(MicrosoftSecurityUpdatesClient).GetTypeInfo().Assembly.GetName().Version;
 
-        return data;
+        this.httpClient.DefaultRequestHeaders.Add("Accept", "application/json");
+        this.httpClient.DefaultRequestHeaders.Add("User-Agent", $"JamieMagee.MicrosoftSecurityUpdates.Client/{version}");
     }
 }

src/JamieMagee.MicrosoftSecurityUpdates.Client/Models/OdataWrapper.cs

@@ -1,6 +1,6 @@
 namespace JamieMagee.MicrosoftSecurityUpdates.Client.Models;
 
-internal record OdataWrapper<T>
+internal sealed record OdataWrapper<T>
     where T : class
 {
     [JsonPropertyName("@odata.context")]

src/JamieMagee.MicrosoftSecurityUpdates.Client/Properties/Usings.cs

@@ -1,3 +1,2 @@
 global using System.Text.Json.Serialization;
 global using JamieMagee.MicrosoftSecurityUpdates.Schema;
-global using RestSharp;