//! Configure tracing subscribers for Arti

use anyhow::{Context, Result, anyhow};

use derive_deftly::Deftly;

use fs_mistrust::Mistrust;

use serde::{Deserialize, Serialize};

use std::io::IsTerminal as _;

use std::path::Path;

use std::str::FromStr;

use std::time::Duration;

use tor_basic_utils::PathExt as _;

use tor_config::ConfigBuildError;

use tor_config::derive::prelude::*;

use tor_config_path::{CfgPath, CfgPathResolver};

use tor_error::warn_report;

use tracing::{Subscriber, error};

use tracing_appender::non_blocking::WorkerGuard;

use tracing_subscriber::layer::SubscriberExt;

use tracing_subscriber::prelude::*;

use tracing_subscriber::{Layer, filter::Targets, fmt, registry};

mod fields;

#[cfg(feature = "opentelemetry")]

mod otlp_file_exporter;

mod time;

/// Structure to hold our logging configuration options

#[derive(Debug, Clone, Deftly, Eq, PartialEq)]

#[derive_deftly(TorConfig)]

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

#[cfg_attr(feature = "experimental-api", deftly(tor_config(vis = "pub")))]

pub(crate) struct LoggingConfig {

    /// Filtering directives that determine tracing levels as described at

    /// <https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/targets/struct.Targets.html#impl-FromStr>

    ///

    /// You can override this setting with the -l, --log-level command line parameter.

    ///

    /// Example: "info,tor_proto::channel=trace"

    #[deftly(tor_config(default = "default_console_filter()"))]

    console: Option<String>,

    /// Filtering directives for the journald logger.

    ///

    /// Only takes effect if Arti is built with the `journald` filter.

    #[deftly(tor_config(

        build = r#"|this: &Self| tor_config::resolve_option(&this.journald, || None)"#

    ))]

    journald: Option<String>,

    /// Filtering directives for the syslog logger.

    ///

    /// Only takes effect if Arti is built with the `syslog` feature.

    #[deftly(tor_config(

        cfg = r#"all(feature = "syslog", unix)"#,

        cfg_desc = "with syslog support",

        default = r#"Some("".into())"#,

    ))]

    syslog: Option<String>,

    /// Configuration for logging spans with OpenTelemetry.

    #[deftly(tor_config(

        sub_builder,

        cfg = r#" feature = "opentelemetry" "#,

        cfg_desc = "with opentelemetry support"

    ))]

    opentelemetry: OpentelemetryConfig,

    /// Configuration for passing information to tokio-console.

    #[deftly(tor_config(

        sub_builder,

        cfg = r#" feature = "tokio-console" "#,

        cfg_desc = "with tokio-console support"

    ))]

    tokio_console: TokioConsoleConfig,

    /// Configuration for one or more logfiles.

    ///

    /// The default is not to log to any files.

    #[deftly(tor_config(list(element(build), listtype = "LogfileList"), default = "vec![]"))]

    files: Vec<LogfileConfig>,

    /// If set to true, we disable safe logging on _all logs_, and store

    /// potentially sensitive information at level `info` or higher.

    ///

    /// This can be useful for debugging, but it increases the value of your

    /// logs to an attacker.  Do not turn this on in production unless you have

    /// a good log rotation mechanism.

    //

    // TODO: Eventually we might want to make this more complex, and add a

    // per-log mechanism to turn off unsafe logging. Alternatively, we might do

    // that by extending the filter syntax implemented by `tracing` to have an

    // "unsafe" flag on particular lines.

    #[deftly(tor_config(default))]

    log_sensitive_information: bool,

    /// If set to true, promote Tor protocol-violation reports to warning level.

    #[deftly(tor_config(default))]

    protocol_warnings: bool,

    /// An approximate granularity with which log times should be displayed.

    ///

    /// This value controls every log time that arti outputs; it doesn't have any

    /// effect on times written by other logging programs like `journald`.

    ///

    /// We may round this value up for convenience: For example, if you say

    /// "2.5s", we may treat it as if you had said "3s."

    ///

    /// The default is "1s", or one second.

    #[deftly(tor_config(default = "std::time::Duration::new(1,0)"))]

    time_granularity: std::time::Duration,

}

/// Return a default tracing filter value for `logging.console`.

#[allow(clippy::unnecessary_wraps)]

/// Configuration information for an (optionally rotating) logfile.

#[derive(Debug, Deftly, Clone, Eq, PartialEq)]

#[derive_deftly(TorConfig)]

#[deftly(tor_config(no_default_trait))]

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

#[cfg_attr(feature = "experimental-api", deftly(tor_config(vis = "pub")))]

pub(crate) struct LogfileConfig {

    /// How often to rotate the file?

    #[deftly(tor_config(default))]

    rotate: LogRotation,

    /// Where to write the files?

    #[deftly(tor_config(no_default))]

    path: CfgPath,

    /// Filter to apply before writing

    #[deftly(tor_config(no_default))]

    filter: String,

}

/// How often to rotate a log file

#[derive(Debug, Default, Clone, Serialize, Deserialize, Copy, Eq, PartialEq)]

#[non_exhaustive]

#[serde(rename_all = "lowercase")]

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

pub(crate) enum LogRotation {

    /// Rotate logs daily

    Daily,

    /// Rotate logs hourly

    Hourly,

    /// Never rotate the log

    #[default]

    Never,

}

/// Configuration for exporting spans with OpenTelemetry.

#[derive(Debug, Deftly, Clone, Eq, PartialEq, Serialize, Deserialize)]

#[derive_deftly(TorConfig)]

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

#[cfg_attr(feature = "experimental-api", deftly(tor_config(vis = "pub")))]

pub(crate) struct OpentelemetryConfig {

    /// Write spans to a file in OTLP JSON format.

    #[deftly(tor_config(default))]

    file: Option<OpentelemetryFileExporterConfig>,

    /// Export spans via HTTP.

    #[deftly(tor_config(default))]

    http: Option<OpentelemetryHttpExporterConfig>,

}

/// Configuration for the OpenTelemetry HTTP exporter.

#[derive(Debug, Deftly, Clone, Eq, PartialEq, Serialize, Deserialize)]

#[derive_deftly(TorConfig)]

#[deftly(tor_config(no_default_trait))]

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

#[cfg_attr(feature = "experimental-api", deftly(tor_config(vis = "pub")))]

pub(crate) struct OpentelemetryHttpExporterConfig {

    /// HTTP(S) endpoint to send spans to.

    ///

    /// For Jaeger, this should be something like: `http://localhost:4318/v1/traces`

    #[deftly(tor_config(no_default))]

    endpoint: String,

    /// Configuration for how to batch exports.

    #[deftly(tor_config(sub_builder))]

    batch: OpentelemetryBatchConfig,

    /// Timeout for sending data.

    ///

    /// If this is set to [`None`], it will be left at the OpenTelemetry default, which is

    /// currently 10 seconds unless overridden with a environment variable.

    //

    // NOTE: there is no way to actually override this with None, so we have to say

    // "no magic" to tell dd(TorConfig) not to worry about that.

    #[deftly(tor_config(no_magic, default))]

    timeout: Option<Duration>,

    // TODO: Once opentelemetry-otlp supports more than one protocol over HTTP, add a config option

    // to choose protocol here.

}

/// Configuration for the OpenTelemetry HTTP exporter.

#[derive(Debug, Deftly, Clone, Eq, PartialEq, Serialize, Deserialize)]

#[derive_deftly(TorConfig)]

#[deftly(tor_config(no_default_trait))]

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

#[cfg_attr(feature = "experimental-api", deftly(tor_config(vis = "pub")))]

pub(crate) struct OpentelemetryFileExporterConfig {

    /// The path to write the JSON file to.

    #[deftly(tor_config(no_default))]

    path: CfgPath,

    /// Configuration for how to batch writes.

    #[deftly(tor_config(sub_builder))]

    batch: OpentelemetryBatchConfig,

}

/// Configuration for the Opentelemetry batch exporting.

///

/// This is a copy of [`opentelemetry_sdk::trace::BatchConfig`].

#[derive(Debug, Deftly, Copy, Clone, Eq, PartialEq, Serialize, Deserialize)]

#[derive_deftly(TorConfig)]

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

#[cfg_attr(feature = "experimental-api", deftly(tor_config(vis = "pub")))]

pub(crate) struct OpentelemetryBatchConfig {

    /// Maximum queue size. See [`opentelemetry_sdk::trace::BatchConfig::max_queue_size`].

    #[deftly(tor_config(default))]

    max_queue_size: Option<usize>,

    /// Maximum export batch size. See [`opentelemetry_sdk::trace::BatchConfig::max_export_batch_size`].

    #[deftly(tor_config(default))]

    max_export_batch_size: Option<usize>,

    /// Scheduled delay. See [`opentelemetry_sdk::trace::BatchConfig::scheduled_delay`].

    #[deftly(tor_config(no_magic, default))]

    scheduled_delay: Option<Duration>,

}

#[cfg(feature = "opentelemetry")]

impl From<OpentelemetryBatchConfig> for opentelemetry_sdk::trace::BatchConfig {

        } else {

        };

        } else {

        };

        } else {

        };

}

/// Configuration for logging to the tokio console.

#[derive(Debug, Deftly, Copy, Clone, Eq, PartialEq, Serialize, Deserialize)]

#[derive_deftly(TorConfig)]

#[cfg(feature = "tokio-console")]

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

#[cfg_attr(feature = "experimental-api", deftly(tor_config(vis = "pub")))]

pub(crate) struct TokioConsoleConfig {

    /// If true, the tokio console subscriber should be enabled.

    ///

    /// This requires that tokio (and hence arti) is built with `--cfg tokio_unstable`

    /// in RUSTFLAGS.

    #[deftly(tor_config(default))]

    enabled: bool,

}

/// Placeholder for unused tokio console config.

#[cfg(not(feature = "tokio-console"))]

type TokioConsoleConfig = ();

/// As [`Targets::from_str`], but wrapped in an [`anyhow::Result`].

//

// (Note that we have to use `Targets`, not `EnvFilter`: see comment in

// `setup_logging()`.)

/// As filt_from_str_verbose, but treat an absent filter (or an empty string) as

/// None.

    })

/// Try to construct a tracing [`Layer`] for logging to stderr.

{

    // We used to suppress safe-logging on the console, but we removed that

    // feature: we cannot be certain that the console really is volatile. Even

    // if isatty() returns true on the console, we can't be sure that the

    // terminal isn't saving backlog to disk or something like that.

/// Try to construct a tracing [`Layer`] for logging to journald, if one is

/// configured.

#[cfg(feature = "journald")]

{

    } else {

        // Fortunately, Option<Layer> implements Layer, so we can just return None here.

    }

/// Try to construct a tracing [`Layer`] for logging to syslog, if one is

/// configured.

#[cfg(all(feature = "syslog", unix))]

{

    use syslog_tracing::{Facility, Options, Syslog};

            // Syslog doesn't support ANSI colors, and we usually want

            // the system log to handle the timestamping.

    } else {

    }

/// Try to construct a tracing [`Layer`] for exporting spans via OpenTelemetry.

///

/// This doesn't allow for filtering, since most of our spans are exported at the trace level

/// anyways, and filtering can easily be done when viewing the data.

#[cfg(feature = "opentelemetry")]

{

    use opentelemetry::trace::TracerProvider;

    use opentelemetry_otlp::WithExportConfig;

        {

        } else {

        };

    } else {

    };

/// Try to construct a non-blocking tracing [`Layer`] for writing data to an

/// optionally rotating logfile.

///

/// On success, return that layer, along with a WorkerGuard that needs to be

/// dropped when the program exits, to flush buffered messages.

{

    use tracing_appender::{

        non_blocking,

        rolling::{RollingFileAppender, Rotation},

    };

    };

        None => {

        }

    };

            "Unable to create parent directory for logfile \"{}\"",

        )

        // we apply custom field formatting so that error fields are listed last

/// Try to construct a tracing [`Layer`] for all of the configured logfiles.

///

/// On success, return that layer along with a list of [`WorkerGuard`]s that

/// need to be dropped when the program exits.

{

        // As above, we have Option<Layer> implements Layer, so we can return

        // None in this case.

    // We have to use a dyn pointer here so we can build up linked list of

    // arbitrary depth.

    }

/// Configure a panic handler to send everything to tracing, in addition to our

/// default panic behavior.

    // TODO library support: There's a library called `tracing-panic` that

    // provides a hook we could use instead, but that doesn't have backtrace

    // support.  We should consider using it if it gets backtrace support in the

    // future.  We should also keep an eye on `tracing` to see if it learns how

    // to do this for us.

        // Note that if we were ever to _not_ call this handler,

        // we would want to abort on nested panics and !can_unwind cases.

        // This statement is copied from stdlib.

            },

        };

        };

/// Opaque structure that gets dropped when the program is shutting down,

/// after logs are no longer needed.  The `Drop` impl flushes buffered messages.

#[cfg_attr(feature = "experimental-api", visibility::make(pub))]

pub(crate) struct LogGuards {

    /// The actual list of guards we're returning.

    #[allow(unused)]

    guards: Vec<WorkerGuard>,

    /// A safelog guard, for use if we have decided to disable safe logging.

    #[allow(unused)]

    safelog_guard: Option<safelog::Guard>,

}

/// Set up logging.

///

/// Note that the returned LogGuard must be dropped precisely when the program

/// quits; they're used to ensure that all the log messages are flushed.

    // Important: We have to make sure that the individual layers we add here

    // are not filters themselves.  That means, for example, that we can't add

    // an `EnvFilter` layer unless we want it to apply globally to _all_ layers.

    //

    // For a bit of discussion on the difference between per-layer filters and filters

    // that apply to the entire registry, see

    // https://docs.rs/tracing-subscriber/0.3.5/tracing_subscriber/layer/index.html#global-filtering

    #[cfg(feature = "journald")]

    #[cfg(all(feature = "syslog", unix))]

    #[cfg(feature = "opentelemetry")]

    #[cfg(feature = "tokio-console")]

        // Note 1: We can't enable console_subscriber unconditionally when the `tokio-console`

        // feature is enabled, since it panics unless tokio is built with  `--cfg tokio_unstable`,

        // but we want arti to work with --all-features without any special --cfg.

        //

        // Note 2: We have to use an `Option` here, since the type of the registry changes

        // with whatever you add to it.

        } else {

        };

    };

                // We don't need to propagate this error; it isn't the end of

                // the world if we were unable to disable safe logging.

            }

        }

    } else {

    };

    } else {

    };