//!

//! # Overview

//!

//! Tor makes its directory requests as HTTP/1.0 requests tunneled over

//! Tor circuits.  For most objects, Tor uses a one-hop tunnel.  Tor

//! also uses a few strange and ad-hoc HTTP headers to select

//! particular functionality, such as asking for diffs, compression,

//! or multiple documents.

//!

//! This crate provides an API for downloading Tor directory resources

//! over a Tor circuit.

//!

//! This crate is part of

//! [Arti](https://gitlab.torproject.org/tpo/core/arti/), a project to

//! implement [Tor](https://www.torproject.org/) in Rust.

//!

//! # Features

//!

//! `xz` -- enable XZ compression.  This can be expensive in RAM and CPU,

//! but it saves a lot of bandwidth.  (On by default.)

//!

//! `zstd` -- enable ZSTD compression.  (On by default.)

//!

//! `routerdesc` -- Add support for downloading router descriptors.

#![deny(missing_docs)]

#![warn(noop_method_call)]

#![deny(unreachable_pub)]

#![warn(clippy::all)]

#![deny(clippy::await_holding_lock)]

#![deny(clippy::cargo_common_metadata)]

#![deny(clippy::cast_lossless)]

#![deny(clippy::checked_conversions)]

#![warn(clippy::cognitive_complexity)]

#![deny(clippy::debug_assert_with_mut_call)]

#![deny(clippy::exhaustive_enums)]

#![deny(clippy::exhaustive_structs)]

#![deny(clippy::expl_impl_clone_on_copy)]

#![deny(clippy::fallible_impl_from)]

#![deny(clippy::implicit_clone)]

#![deny(clippy::large_stack_arrays)]

#![warn(clippy::manual_ok_or)]

#![deny(clippy::missing_docs_in_private_items)]

#![deny(clippy::missing_panics_doc)]

#![warn(clippy::needless_borrow)]

#![warn(clippy::needless_pass_by_value)]

#![warn(clippy::option_option)]

#![warn(clippy::rc_buffer)]

#![deny(clippy::ref_option_ref)]

#![warn(clippy::semicolon_if_nothing_returned)]

#![warn(clippy::trait_duplication_in_bounds)]

#![deny(clippy::unnecessary_wraps)]

#![warn(clippy::unseparated_literal_suffix)]

#![deny(clippy::unwrap_used)]

mod err;

pub mod request;

mod response;

mod util;

use tor_circmgr::{CircMgr, DirInfo};

use tor_rtcompat::{Runtime, SleepProvider, SleepProviderExt};

// Zlib is required; the others are optional.

#[cfg(feature = "xz")]

use async_compression::futures::bufread::XzDecoder;

use async_compression::futures::bufread::ZlibDecoder;

#[cfg(feature = "zstd")]

use async_compression::futures::bufread::ZstdDecoder;

use futures::io::{

    AsyncBufRead, AsyncBufReadExt, AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt, BufReader,

};

use futures::FutureExt;

use memchr::memchr;

use std::sync::Arc;

use std::time::Duration;

use tracing::info;

pub use err::Error;

pub use response::{DirResponse, SourceInfo};

/// Type for results returned in this crate.

pub type Result<T> = std::result::Result<T, Error>;

/// Fetch the resource described by `req` over the Tor network.

///

/// Circuits are built or found using `circ_mgr`, using paths

/// constructed using `dirinfo`.

///

/// For more fine-grained control over the circuit and stream used,

/// construct them yourself, and then call [`download`] instead.

///

/// # TODO

///

/// This is the only function in this crate that knows about CircMgr and

/// DirInfo.  Perhaps this function should move up a level into DirMgr?

    // TODO(nickm) This should be an option, and is too long.

    // Launch the stream.

    // TODO: Perhaps we want separate timeouts for each phase of this.

    // For now, we just use higher-level timeouts in `dirmgr`.

/// Return true if `result` holds an error indicating that we should retire the

/// circuit used for the corresponding request.

    }

/// Fetch a Tor directory object from a provided stream.

///

/// To do this, we send a simple HTTP/1.0 request for the described

/// object in `req` over `stream`, and then wait for a response.  In

/// log messages, we describe the origin of the data as coming from

/// `source`.

///

/// # Notes

///

/// It's kind of bogus to have a 'source' field here at all; we may

/// eventually want to remove it.

///

/// This function doesn't close the stream; you may want to do that

/// yourself.

    // Handle the response

    // TODO: should there be a separate timeout here?

        }

        }

    };

/// Read and parse HTTP/1 headers from `stream`.

    loop {

        // TODO: it's inefficient to do this a line at a time; it would

        // probably be better to read until the CRLF CRLF ending of the

        // response.  But this should be fast enough.

        // TODO(nickm): Better maximum and/or let this expand.

            httparse::Status::Partial => {

                // We didn't get a whole response; we may need to try again.

                    // We hit an EOF; no more progress can be made.

            }

                {

                } else {

                };

                /*

                if let Some(clen) = response.headers.iter().find(|h| h.name == "Content-Length") {

                    let clen = std::str::from_utf8(clen.value)?;

                    length = Some(clen.parse()?);

                }

                 */

            }

        }

    }

/// Return value from read_headers

struct HeaderStatus {

    /// HTTP status code.

    status: Option<u16>,

    /// The Content-Encoding header, if any.

    encoding: Option<String>,

}

/// Helper: download directory information from `stream` and

/// decompress it into a result buffer.  Assumes that `buf` is empty.

///

/// If we get more than maxlen bytes after decompression, give an error.

///

/// Returns the status of our download attempt, stores any data that

/// we were able to download into `result`.  Existing contents of

/// `result` are overwritten.

            }

        };

            /*

            in case we read less than `buffer_window_size` in last `read`

            we need to shrink result because otherwise we'll return those

            un-read 0s

            */

    }

/// Retire a directory circuit because of an error we've encountered on it.

/// As AsyncBufReadExt::read_until, but stops after reading `max` bytes.

///

/// Note that this function might not actually read any byte of value

/// `byte`, since EOF might occur, or we might fill the buffer.

///

/// A return value of 0 indicates an end-of-file.

    loop {

            // End-of-file has been reached.

        };

    }

/// Helper: Return a boxed decoder object that wraps the stream  $s.

macro_rules! decoder {

    ($dec:ident, $s:expr) => {{

        let mut decoder = $dec::new($s);

        decoder.multiple_members(true);

        Ok(Box::new(decoder))

    }};

}

/// Wrap `stream` in an appropriate type to undo the content encoding

/// as described in `encoding`.

        #[cfg(feature = "xz")]

        #[cfg(feature = "zstd")]

    }

#[cfg(test)]

mod test {

    #![allow(clippy::unwrap_used)]

    use super::*;

    use tor_rtmock::{io::stream_pair, time::MockSleepProvider};

    use futures_await_test::async_test;

    #[async_test]

    async fn test_read_until_limited() -> Result<()> {

        let mut out = Vec::new();

        let bytes = b"This line eventually ends\nthen comes another\n";

        // Case 1: find a whole line.

        let mut s = &bytes[..];

        let res = read_until_limited(&mut s, b'\n', 100, &mut out).await;

        assert_eq!(res?, 26);

        assert_eq!(&out[..], b"This line eventually ends\n");

        // Case 2: reach the limit.

        let mut s = &bytes[..];

        out.clear();

        let res = read_until_limited(&mut s, b'\n', 10, &mut out).await;

        assert_eq!(res?, 10);

        assert_eq!(&out[..], b"This line ");

        // Case 3: reach EOF.

        let mut s = &bytes[..];

        out.clear();

        let res = read_until_limited(&mut s, b'Z', 100, &mut out).await;

        assert_eq!(res?, 45);

        assert_eq!(&out[..], &bytes[..]);

        Ok(())

    }

    // Basic decompression wrapper.

    async fn decomp_basic(

        encoding: Option<&str>,

        data: &[u8],

        maxlen: usize,

    ) -> (Result<()>, Vec<u8>) {

        // We don't need to do anything fancy here, since we aren't simulating

        // a timeout.

        let mock_time = MockSleepProvider::new(std::time::SystemTime::now());

        let mut output = Vec::new();

        let mut stream = match get_decoder(data, encoding) {

            Ok(s) => s,

            Err(e) => return (Err(e), output),

        };

        let r = read_and_decompress(&mock_time, &mut stream, maxlen, &mut output).await;

        (r, output)

    }

    #[async_test]

    async fn decompress_identity() -> Result<()> {

        let mut text = Vec::new();

        for _ in 0..1000 {

            text.extend(b"This is a string with a nontrivial length that we'll use to make sure that the loop is executed more than once.");

        }

        let limit = 10 << 20;

        let (s, r) = decomp_basic(None, &text[..], limit).await;

        s?;

        assert_eq!(r, text);

        let (s, r) = decomp_basic(Some("identity"), &text[..], limit).await;

        s?;

        assert_eq!(r, text);

        // Try truncated result

        let limit = 100;

        let (s, r) = decomp_basic(Some("identity"), &text[..], limit).await;

        assert!(s.is_err());

        assert_eq!(r, &text[..100]);

        Ok(())

    }

    #[async_test]

    async fn decomp_zlib() -> Result<()> {

        let compressed =

            hex::decode("789cf3cf4b5548cb2cce500829cf8730825253200ca79c52881c00e5970c88").unwrap();

        let limit = 10 << 20;

        let (s, r) = decomp_basic(Some("deflate"), &compressed, limit).await;

        s?;

        assert_eq!(r, b"One fish Two fish Red fish Blue fish");

        Ok(())

    }

    #[cfg(feature = "zstd")]

    #[async_test]

    async fn decomp_zstd() -> Result<()> {

        let compressed = hex::decode("28b52ffd24250d0100c84f6e6520666973682054776f526564426c756520666973680a0200600c0e2509478352cb").unwrap();

        let limit = 10 << 20;

        let (s, r) = decomp_basic(Some("x-zstd"), &compressed, limit).await;

        s?;

        assert_eq!(r, b"One fish Two fish Red fish Blue fish\n");

        Ok(())

    }

    #[cfg(feature = "xz")]

    #[async_test]

    async fn decomp_xz2() -> Result<()> {

        // Not so good at tiny files...

        let compressed = hex::decode("fd377a585a000004e6d6b446020021011c00000010cf58cce00024001d5d00279b88a202ca8612cfb3c19c87c34248a570451e4851d3323d34ab8000000000000901af64854c91f600013925d6ec06651fb6f37d010000000004595a").unwrap();

        let limit = 10 << 20;

        let (s, r) = decomp_basic(Some("x-tor-lzma"), &compressed, limit).await;

        s?;

        assert_eq!(r, b"One fish Two fish Red fish Blue fish\n");

        Ok(())

    }

    #[async_test]

    async fn decomp_unknown() {

        let compressed = hex::decode("28b52ffd24250d0100c84f6e6520666973682054776f526564426c756520666973680a0200600c0e2509478352cb").unwrap();

        let limit = 10 << 20;

        let (s, _r) = decomp_basic(Some("x-proprietary-rle"), &compressed, limit).await;

        assert!(matches!(s, Err(Error::ContentEncoding(_))));

    }

    #[async_test]

    async fn decomp_bad_data() {

        let compressed = b"This is not good zlib data";

        let limit = 10 << 20;

        let (s, _r) = decomp_basic(Some("deflate"), compressed, limit).await;

        // This should possibly be a different type in the future.

        assert!(matches!(s, Err(Error::IoError(_))));

    }

    #[async_test]

    async fn headers_ok() -> Result<()> {

        let text = b"HTTP/1.0 200 OK\r\nDate: ignored\r\nContent-Encoding: Waffles\r\n\r\n";

        let mut s = &text[..];

        let h = read_headers(&mut s).await?;

        assert_eq!(h.status, Some(200));

        assert_eq!(h.encoding.as_deref(), Some("Waffles"));

        // now try truncated

        let mut s = &text[..15];

        let h = read_headers(&mut s).await;

        assert!(matches!(h, Err(Error::TruncatedHeaders)));

        // now try with no encoding.

        let text = b"HTTP/1.0 404 Not found\r\n\r\n";

        let mut s = &text[..];

        let h = read_headers(&mut s).await?;

        assert_eq!(h.status, Some(404));

        assert!(h.encoding.is_none());

        Ok(())

    }

    #[async_test]

    async fn headers_bogus() -> Result<()> {

        let text = b"HTTP/999.0 WHAT EVEN\r\n\r\n";

        let mut s = &text[..];

        let h = read_headers(&mut s).await;

        assert!(h.is_err());

        assert!(matches!(h, Err(Error::HttparseError(_))));

        Ok(())

    }

    /// Run a trivial download example with a response provided as a binary

    /// string.

    ///

    /// Return the directory response (if any) and the request as encoded (if

    /// any.)

    fn run_download_test<Req: request::Requestable>(

        req: Req,

        response: &[u8],

    ) -> (Result<DirResponse>, Result<Vec<u8>>) {

        let (mut s1, s2) = stream_pair();

        let (mut s2_r, mut s2_w) = s2.split();

        tor_rtcompat::test_with_one_runtime!(|rt| async move {

            let rt2 = rt.clone();

            let (v1, v2, v3): (Result<DirResponse>, Result<Vec<u8>>, Result<()>) = futures::join!(

                async {

                    // Run the download function.

                    let r = download(&rt, &req, &mut s1, None).await;

                    s1.close().await?;

                    r

                },

                async {

                    // Take the request from the client, and return it in "v2"

                    let mut v = Vec::new();

                    s2_r.read_to_end(&mut v).await?;

                    Ok(v)

                },

                async {

                    // Send back a response.

                    s2_w.write_all(response).await?;

                    // We wait a moment to give the other side time to notice it

                    // has data.

                    //

                    // (Tentative diagnosis: The `async-compress` crate seems to

                    // be behave differently depending on whether the "close"

                    // comes right after the incomplete data or whether it comes

                    // after a delay.  If there's a delay, it notices the

                    // truncated data and tells us about it. But when there's

                    // _no_delay, it treats the data as an error and doesn't

                    // tell our code.)

                    // TODO: sleeping in tests is not great.

                    rt2.sleep(Duration::from_millis(50)).await;

                    s2_w.close().await?;

                    Ok(())

                }

            );

            assert!(v3.is_ok());

            (v1, v2)

        })

    }

    #[test]

    fn test_download() -> Result<()> {

        let req: request::MicrodescRequest = vec![[9; 32]].into_iter().collect();

        let (response, request) = run_download_test(

            req,

            b"HTTP/1.0 200 OK\r\n\r\nThis is where the descs would go.",

        );

        let request = request?;

        assert!(request[..].starts_with(

            b"GET /tor/micro/d/CQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQk.z HTTP/1.0\r\n"

        ));

        assert!(!should_retire_circ(&response));

        let response = response?;

        assert_eq!(response.status_code(), 200);

        assert!(!response.is_partial());

        assert!(response.error().is_none());

        assert!(response.source().is_none());

        let out_ref = response.output();

        assert_eq!(out_ref, b"This is where the descs would go.");

        let out = response.into_output();

        assert_eq!(&out, b"This is where the descs would go.");

        Ok(())

    }

    #[test]

    fn test_download_truncated() -> Result<()> {

        // Request only one md, so "partial ok" will not be set.

        let req: request::MicrodescRequest = vec![[9; 32]].into_iter().collect();

        let mut response_text: Vec<u8> =

            (*b"HTTP/1.0 200 OK\r\nContent-Encoding: deflate\r\n\r\n").into();

        // "One fish two fish" as above twice, but truncated the second time

        response_text.extend(

            hex::decode("789cf3cf4b5548cb2cce500829cf8730825253200ca79c52881c00e5970c88").unwrap(),

        );

        response_text.extend(

            hex::decode("789cf3cf4b5548cb2cce500829cf8730825253200ca79c52881c00e5").unwrap(),

        );

        let (response, request) = run_download_test(req, &response_text);

        assert!(request.is_ok());

        assert!(response.is_err()); // The whole download should fail, since partial_ok wasn't set.

        // request two microdescs, so "partial_ok" will be set.

        let req: request::MicrodescRequest = vec![[9; 32]; 2].into_iter().collect();

        let (response, request) = run_download_test(req, &response_text);

        assert!(request.is_ok());

        let response = response?;

        assert_eq!(response.status_code(), 200);

        assert!(response.error().is_some());

        assert!(response.is_partial());

        assert!(response.output().len() < 37 * 2);

        assert!(response.output().starts_with(b"One fish"));

        Ok(())

    }

    #[test]

    fn test_404() {

        let req: request::MicrodescRequest = vec![[9; 32]].into_iter().collect();

        let response_text = b"HTTP/1.0 418 I'm a teapot\r\n\r\n";

        let (response, _request) = run_download_test(req, response_text);

        assert_eq!(response.unwrap().status_code(), 418);

    }

    #[test]

    fn test_headers_truncated() {

        let req: request::MicrodescRequest = vec![[9; 32]].into_iter().collect();

        let response_text = b"HTTP/1.0 404 truncation happens here\r\n";

        let (response, _request) = run_download_test(req, response_text);

        assert!(matches!(response, Err(Error::TruncatedHeaders)));

        // Try a completely empty response.

        let req: request::MicrodescRequest = vec![[9; 32]].into_iter().collect();

        let response_text = b"";

        let (response, _request) = run_download_test(req, response_text);

        assert!(matches!(response, Err(Error::TruncatedHeaders)));

    }

    #[test]

    fn test_headers_too_long() {

        let req: request::MicrodescRequest = vec![[9; 32]].into_iter().collect();

        let mut response_text: Vec<u8> = (*b"HTTP/1.0 418 I'm a teapot\r\nX-Too-Many-As: ").into();

        response_text.resize(16384, b'A');

        let (response, _request) = run_download_test(req, &response_text);

        assert!(should_retire_circ(&response));

        assert!(matches!(response, Err(Error::HttparseError(_))));

    }

    // TODO: test with bad utf-8

}