#![cfg_attr(docsrs, feature(doc_cfg))]

#![doc = include_str!("../README.md")]

// @@ begin lint list maintained by maint/add_warning @@

#![allow(renamed_and_removed_lints)] // @@REMOVE_WHEN(ci_arti_stable)

#![allow(unknown_lints)] // @@REMOVE_WHEN(ci_arti_nightly)

#![warn(missing_docs)]

#![warn(noop_method_call)]

#![warn(unreachable_pub)]

#![warn(clippy::all)]

#![deny(clippy::await_holding_lock)]

#![deny(clippy::cargo_common_metadata)]

#![deny(clippy::cast_lossless)]

#![deny(clippy::checked_conversions)]

#![warn(clippy::cognitive_complexity)]

#![deny(clippy::debug_assert_with_mut_call)]

#![deny(clippy::exhaustive_enums)]

#![deny(clippy::exhaustive_structs)]

#![deny(clippy::expl_impl_clone_on_copy)]

#![deny(clippy::fallible_impl_from)]

#![deny(clippy::implicit_clone)]

#![deny(clippy::large_stack_arrays)]

#![warn(clippy::manual_ok_or)]

#![deny(clippy::missing_docs_in_private_items)]

#![warn(clippy::needless_borrow)]

#![warn(clippy::needless_pass_by_value)]

#![warn(clippy::option_option)]

#![deny(clippy::print_stderr)]

#![deny(clippy::print_stdout)]

#![warn(clippy::rc_buffer)]

#![deny(clippy::ref_option_ref)]

#![warn(clippy::semicolon_if_nothing_returned)]

#![warn(clippy::trait_duplication_in_bounds)]

#![deny(clippy::unchecked_time_subtraction)]

#![deny(clippy::unnecessary_wraps)]

#![warn(clippy::unseparated_literal_suffix)]

#![deny(clippy::unwrap_used)]

#![deny(clippy::mod_module_files)]

#![allow(clippy::let_unit_value)] // This can reasonably be done for explicitness

#![allow(clippy::uninlined_format_args)]

#![allow(clippy::significant_drop_in_scrutinee)] // arti/-/merge_requests/588/#note_2812945

#![allow(clippy::result_large_err)] // temporary workaround for arti#587

#![allow(clippy::needless_raw_string_hashes)] // complained-about code is fine, often best

#![allow(clippy::needless_lifetimes)] // See arti#1765

#![allow(mismatched_lifetime_syntaxes)] // temporary workaround for arti#2060

#![allow(clippy::collapsible_if)] // See arti#2342

#![deny(clippy::unused_async)]

//! <!-- @@ end lint list maintained by maint/add_warning @@ -->

// TODO #1645 (either remove this, or decide to have it everywhere)

#![cfg_attr(not(all(feature = "full", feature = "experimental")), allow(unused))]

// Overrides specific to this crate:

#![allow(clippy::print_stderr)]

#![allow(clippy::print_stdout)]

mod subcommands;

/// Helper:

/// Declare a series of modules as public if experimental_api is set,

/// and as non-public otherwise.

//

// TODO: We'd like to use visibility::make(pub) here, but it doesn't

// work on modules.

macro_rules! semipublic_mod {

    {

        $(

            $( #[$meta:meta] )*

            $dflt_vis:vis mod $name:ident ;

        )*

    }  => {

        $(

            cfg_if::cfg_if! {

                if #[cfg(feature="experimental-api")] {

                   $( #[$meta])*

                   pub mod $name;

                } else {

                   $( #[$meta])*

                   $dflt_vis mod $name;

                }

            }

         )*

    }

}

/// Helper:

/// Import a set of items as public if experimental_api is set,

/// and as non-public otherwise.

macro_rules! semipublic_use {

    {

        $dflt_vis:vis use $($tok:tt)+

    } => {

        cfg_if::cfg_if! {

            if #[cfg(feature="experimental-api")] {

                pub use $($tok)+

            } else {

                $dflt_vis use $($tok)+

            }

        }

    }

}

semipublic_mod! {

    mod cfg;

    #[cfg(feature = "dns-proxy")]

    mod dns;

    mod exit;

    mod logging;

    #[cfg(feature="onion-service-service")]

    mod onion_proxy;

    mod process;

    mod reload_cfg;

    mod proxy;

}

cfg_if::cfg_if! {

    if #[cfg(all(feature="experimental-api", feature="rpc"))] {

        pub mod rpc;

    } else if #[cfg(all(feature="experimental-api", not(feature="rpc")))] {

        #[path = "rpc_stub.rs"]

        pub mod rpc;

    } else if #[cfg(feature = "rpc")] {

        mod rpc;

    } else {

        #[path = "rpc_stub.rs"]

        mod rpc;

    }

}

use std::ffi::OsString;

use std::fmt::Write;

semipublic_use! {

    use cfg::{

        ARTI_EXAMPLE_CONFIG, ApplicationConfig, ApplicationConfigBuilder, ArtiCombinedConfig,

        ArtiConfig, ArtiConfigBuilder, ProxyConfig, ProxyConfigBuilder, SystemConfig,

        SystemConfigBuilder,

    };

}

semipublic_use! {

    use logging::{LoggingConfig, LoggingConfigBuilder};

}

use arti_client::TorClient;

use arti_client::config::default_config_files;

use safelog::with_safe_logging_suppressed;

use tor_config::ConfigurationSources;

use tor_config::mistrust::BuilderExt as _;

use tor_rtcompat::ToplevelRuntime;

use anyhow::{Context, Error, Result};

use clap::{Arg, ArgAction, Command, value_parser};

#[allow(unused_imports)]

use tracing::{error, info, instrument, warn};

#[cfg(any(

    feature = "hsc",

    feature = "onion-service-service",

    feature = "onion-service-cli-extra",

))]

use clap::Subcommand as _;

#[cfg(feature = "experimental-api")]

#[cfg_attr(docsrs, doc(cfg(feature = "experimental-api")))]

pub use subcommands::proxy::run_proxy;

/// Create a runtime for Arti to use.

    cfg_if::cfg_if! {

        if #[cfg(all(feature="tokio", feature="native-tls"))] {

            use tor_rtcompat::tokio::TokioNativeTlsRuntime as ChosenRuntime;

        } else if #[cfg(all(feature="tokio", feature="rustls"))] {

            use tor_rtcompat::tokio::TokioRustlsRuntime as ChosenRuntime;

            // Note: See comments in tor_rtcompate::impls::rustls::RustlsProvider

            // about choice of default crypto provider.

            let _idempotent_ignore = rustls_crate::crypto::CryptoProvider::install_default(

                rustls_crate::crypto::ring::default_provider(),

            );

        } else if #[cfg(all(feature="async-std", feature="native-tls"))] {

            use tor_rtcompat::async_std::AsyncStdNativeTlsRuntime as ChosenRuntime;

        } else if #[cfg(all(feature="async-std", feature="rustls"))] {

            use tor_rtcompat::async_std::AsyncStdRustlsRuntime as ChosenRuntime;

            // Note: See comments in tor_rtcompate::impls::rustls::RustlsProvider

            // about choice of default crypto provider.

            let _idempotent_ignore = rustls_crate::crypto::CryptoProvider::install_default(

                rustls_crate::crypto::ring::default_provider(),

            );

        } else {

            compile_error!("You must configure both an async runtime and a TLS stack. See doc/TROUBLESHOOTING.md for more.");

        }

    }

/// Return a (non-exhaustive) array of enabled Cargo features, for version printing purposes.

    // HACK(eta): We can't get this directly, so we just do this awful hack instead.

    // Note that we only list features that aren't about the runtime used, since that already

    // gets printed separately.

/// Inner function, to handle a set of CLI arguments and return a single

/// `Result<()>` for convenient handling.

///

/// # ⚠️ Warning! ⚠️

///

/// If your program needs to call this function, you are setting yourself up for

/// some serious maintenance headaches.  See discussion on [`main`] and please

/// reach out to help us build you a better API.

///

/// # Panics

///

/// Currently, might panic if wrong arguments are specified.

{

    // We describe a default here, rather than using `default()`, because the

    // correct behavior is different depending on whether the filename is given

    // explicitly or not.

    // Configure tor-log-ratelim early before we begin logging.

    // Use the runtime's `Debug` impl to describe it for the version string.

        env!("CARGO_PKG_VERSION"),

        runtime,

        } else {

        }

    );

            // HACK(eta): clap generates "arti [OPTIONS] <SUBCOMMAND>" for this usage string by

            //            default, but then fails to parse options properly if you do put them

            //            before the subcommand.

            //            We just declare all options as `global` and then require them to be

            //            put after the subcommand, hence this new usage string.

                    // NOTE: don't forget the `global` flag on all arguments declared at this level!

            )

            )

            )

            )

                        "Run Arti in proxy mode, proxying connections through the Tor network.",

                    )

                        // TODO: Allow a proxy-port alias for this too, once http-connect is stable.

                    )

                    )

            )

    // When adding a subcommand, it may be necessary to add an entry in

    // `maint/check-cli-help`, to the function `help_arg`.

    cfg_if::cfg_if! {

        if #[cfg(feature = "onion-service-service")] {

        }

    }

    cfg_if::cfg_if! {

        if #[cfg(feature = "hsc")] {

        }

    }

    cfg_if::cfg_if! {

        if #[cfg(feature = "onion-service-cli-extra")] {

        }

    }

    // Tracing doesn't log anything when there is no subscriber set.  But we want to see

    // logging messages from config parsing etc.  We can't set the global default subscriber

    // because we can only set it once.  The other ways involve a closure.  So we have a

    // closure for all the startup code which runs *before* we set the logging properly.

    //

    // There is no cooked way to print our program name, so we do it like this.  This

    // closure is called to "make" a "Writer" for each message, so it runs at the right time:

    // before each message.

        // Weirdly, with .without_time(), tracing produces messages with a leading space.

        // A Mistrust object to use for loading our configuration.  Elsewhere, we

        // use the value _from_ the configuration.

        } else {

        };

        };

    // Sadly I don't seem to be able to persuade rustfmt to format the two lists of

    // variable names identically.

    #[cfg(feature = "harden")]

            );

    // Check for the "proxy" subcommand.

    // Check for the optional "keys" and "keys-raw" subcommand.

    cfg_if::cfg_if! {

        if #[cfg(feature = "onion-service-cli-extra")] {

        }

    }

    // Check for the optional "hss" subcommand.

    cfg_if::cfg_if! {

        if #[cfg(feature = "onion-service-service")] {

        }

    }

    // Check for the optional "hsc" subcommand.

    cfg_if::cfg_if! {

        if #[cfg(feature = "hsc")] {

        }

    }

/// Main program, callable directly from a binary crate's `main`

///

/// This function behaves the same as `main_main()`, except:

///   * It takes command-line arguments from `std::env::args_os` rather than

///     from an argument.

///   * It exits the process with an appropriate error code on error.

///

/// # ⚠️ Warning ⚠️

///

/// Calling this function, or the related experimental function `main_main`, is

/// probably a bad idea for your code.  It means that you are invoking Arti as

/// if from the command line, but keeping it embedded inside your process. Doing

/// this will block your process take over handling for several signal types,

/// possibly disable debugger attachment, and a lot more junk that a library

/// really has no business doing for you.  It is not designed to run in this

/// way, and may give you strange results.

///

/// If the functionality you want is available in [`arti_client`] crate, or from

/// a *non*-experimental API in this crate, it would be better for you to use

/// that API instead.

///

/// Alternatively, if you _do_ need some underlying function from the `arti`

/// crate, it would be better for all of us if you had a stable interface to that

/// function. Please reach out to the Arti developers, so we can work together

/// to get you the stable API you need.

            use arti_client::HintableError;

            }

        }

    }