open Lwt.Syntax
open Lwt.Infix

exception ClosedStream

type features = {
    mechanisms : Sasl.auth_mechanism list;
    starttls : [`Required | `Optional | `None];
    unknown : Xml.element list;
  }

(** [parse_features el] is a [features] record with all the features of the
    [<stream:features>] stanza contained in [el]. *)
let parse_features (el : Xml.element) : features =
  let open Xml in
  let open Either in
  let parse_single_mechanism = function
    | Left {local_name = "mechanism"; children = [Right mechanism]; _} ->
       Sasl.parse_auth_mechanism mechanism
    | _ -> raise (InvalidStanza (element_to_string el))
  in
  let parse_feature (acc : features) (feature : Xml.element) : features =
    let parse_mechanisms ch = List.map parse_single_mechanism ch
    and parse_starttls = function
      | [Left {local_name="required"; _}] -> `Required
      | [] -> `Optional
      | _ -> raise (InvalidStanza (element_to_string el))
    in match feature.local_name with
       | "mechanisms" -> {acc with mechanisms=parse_mechanisms feature.children}
       | "starttls" ->  {acc with starttls=parse_starttls feature.children}
       | _ -> {acc with unknown = feature :: acc.unknown}
  in
  (* The XMPP spec mandates that sending a features element that contains only a
     <starttls/> means the STARTTLS negotiation is required. *)
  match el.children with
  | [Left {local_name="starttls";
           attributes=[];
           children=[];
           namespace; _}] when namespace = Xmlns.tls ->
     {mechanisms=[]; starttls=`Required; unknown=[]}
  | _ -> List.fold_left parse_feature
           {mechanisms=[]; starttls=`None; unknown=[]}
           (List.filter_map find_left el.children)

(** [negotiate domain portal auth] is a promise containing the features supported by the
    XMPP server [portal], after eventual STARTTLS negotiation and authentication using
    the auth config [auth].

    This function should be called every time a stream needs to be reopened and stream
    negotiation takes place.

    When the XMPP server advertises optional STARTTLS support, whether the connection
    will be upgraded to STARTTLS depends on [prefer_starttls].

    Basically, it conforms to
    {{: https://datatracker.ietf.org/doc/html/rfc6120#section-4.3 }}. *)
let negotiate
      ?(prefer_starttls = true)
      (domain : string)
      (portal : Portal.t)
      (auth : Sasl.auth_config) : features Lwt.t =
  (* Restart a stream: Send the usual business, ask for features. *)
  let start_stream () : features Lwt.t =
    let* _id = Portal.header domain portal
    in Wire.get portal.stream >|= parse_features
  in
  let starttls features =
    match features.starttls, prefer_starttls with
    | `Optional, false | `None, _ -> Lwt.return features
    | `Optional, true  | `Required, _->
       Starttls.upgrade portal >>= start_stream
  in
  let sasl_auth features =
    let* auth_result = Sasl.authenticate portal auth features.mechanisms in
    match auth_result with
    | Error (NotAuthorized, Some (_, text)) -> Lwt.fail_with ("Not authorized: " ^ text)
    | Error (MalformedRequest, Some (_, text)) -> Lwt.fail_with ("Malformed request: " ^ text)
    | Error _ -> Lwt.fail_with "Unknown error!"
    | Ok _ -> print_endline "Success!"; start_stream ()
  in start_stream () >>= starttls >>= sasl_auth

(** [initiate domain] initiates a stream with the XMPP server [domain].

    Once [None] is pushed into the stream, the receiving stream is drained and the
    socket is closed. *)
let initiate (domain : string) (auth : Sasl.auth_config) : (Portal.t * features) Lwt.t =
  let open Portal in
  let* p = connect domain
  in let+ features = negotiate domain p auth
     in (p, features)