daaki-imap 0.2.0

An IMAP4rev1/IMAP4rev2 async client library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354

//! Single wire-reader primitive (RFC 3501 §2.2.2).
//!
//! Private to `crate::connection`. `WireReader::new` and the internal
//! fields are unreachable outside this module. The ONLY construction
//! site outside this file is `ImapConnection::new_wire_reader`, which
//! itself is only called by the connection constructor and the stream
//! upgrade handler.

use bytes::BytesMut;
use tracing::{trace, warn};

use crate::codec::decode::parse_response_utf8;
use crate::error::Error;
use crate::types::Response;

use super::ImapStream;

/// Low-level wire reader that owns an IMAP stream and a parse buffer.
///
/// All wire reads flow through this type. The buffer and stream are
/// private — no external code can pull bytes or reset state. The only
/// way to "reset" the reader is to consume it via [`into_stream`](Self::into_stream)
/// and construct a fresh reader on the (possibly upgraded) stream.
pub(crate) struct WireReader {
    stream: ImapStream,
    buf: BytesMut,
}

impl WireReader {
    /// Create a new reader over the given stream with an 8 KiB initial
    /// parse buffer (RFC 3501 §2.2.2 — responses are line-oriented, so
    /// 8 KiB covers the vast majority of single-response reads without
    /// reallocation).
    pub(super) fn new(stream: ImapStream) -> Self {
        Self {
            stream,
            buf: BytesMut::with_capacity(8 * 1024),
        }
    }

    /// Read and parse a single IMAP response from the wire.
    ///
    /// Mirrors the existing `helpers::read_parsed_response` behavior:
    /// accumulate bytes into the internal buffer, run the nom parser,
    /// and return the first complete response.
    ///
    /// * On parse error → `Err(Error::Parse)`
    /// * On I/O error → `Err(Error::Io)`
    /// * On EOF (zero-byte read) → `Err(Error::Closed)`
    ///
    /// `utf8_mode` should be `true` when `UTF8=ACCEPT` (RFC 6855
    /// Section 3) has been enabled or `IMAP4rev2` is active (RFC 9051
    /// Section 7).
    pub(crate) async fn read_one(&mut self, utf8_mode: bool) -> Result<Response, Error> {
        loop {
            // Try to parse a complete response from the buffer.
            if let Some(resp) = self.try_parse_response_inner(utf8_mode)? {
                return Ok(resp);
            }
            // Need more data from the wire.
            let n = self.stream.read_buf(&mut self.buf).await?;
            if n == 0 {
                return Err(Error::Closed);
            }
        }
    }

    /// Read and parse a server greeting from the wire (RFC 3501 §7.1).
    ///
    /// Like [`read_one`](Self::read_one), but uses the greeting parser
    /// instead of the general response parser. The greeting is the very
    /// first message from the server — `* OK`, `* PREAUTH`, or `* BYE`.
    pub(crate) async fn read_greeting(&mut self) -> Result<Response, Error> {
        loop {
            if let Some(resp) = self.try_parse_greeting_inner()? {
                return Ok(resp);
            }
            let n = self.stream.read_buf(&mut self.buf).await?;
            if n == 0 {
                return Err(Error::Closed);
            }
        }
    }

    /// Write raw bytes to the wire. Used by command encoders.
    /// Does not read. Does not parse. Does not mutate buf.
    pub(crate) async fn write_all(&mut self, bytes: &[u8]) -> Result<(), Error> {
        self.stream.write_all(bytes).await?;
        self.stream.flush().await?;
        Ok(())
    }

    /// Whether the internal parse buffer is empty.
    pub(crate) fn buffer_is_empty(&self) -> bool {
        self.buf.is_empty()
    }

    /// Set TCP keepalive on the underlying socket (RFC 1122 Section 4.2.3.6).
    ///
    /// Delegates to [`ImapStream::set_keepalive`]. Safe to call at any time —
    /// does not touch the read buffer or affect wire protocol state.
    pub(in crate::connection) fn set_keepalive(
        &self,
        ka: &super::TcpKeepalive,
    ) -> Result<(), Error> {
        self.stream.set_keepalive(ka)
    }

    /// Consume the reader and return the owned stream.
    ///
    /// Used by stream upgrades (STARTTLS, COMPRESS): drop this reader
    /// (and its buffer), transform the stream, and construct a fresh
    /// reader on the new stream. This enforces I10 — buffer bytes
    /// cannot straddle a stream upgrade.
    pub(super) fn into_stream(self) -> ImapStream {
        self.stream
    }

    /// Take all remaining bytes from the internal parse buffer.
    ///
    /// Used by COMPRESS (RFC 4978 §3): after the tagged OK, any bytes
    /// already buffered are compressed data that must be preserved in
    /// the new `CompressedStream`'s raw read buffer.
    pub(super) fn take_buffer(&mut self) -> bytes::BytesMut {
        self.buf.split_off(0)
    }

    // -----------------------------------------------------------------------
    // Private helpers — ported from ImapConnection::try_parse_response,
    // buffer_may_contain_complete_response, and try_parse_literal_marker
    // in helpers.rs. The logic is identical; only field accesses changed
    // from `self.read_buf` to `self.buf`.
    // -----------------------------------------------------------------------

    /// Try to parse a greeting from the internal buffer (RFC 3501 §7.1).
    fn try_parse_greeting_inner(&mut self) -> Result<Option<Response>, Error> {
        use crate::codec::decode::parse_greeting;
        if self.buf.is_empty() {
            return Ok(Option::None);
        }
        if !buffer_may_contain_complete_response(&self.buf) {
            return Ok(Option::None);
        }
        match parse_greeting(&self.buf) {
            Ok((remaining, resp)) => {
                let consumed = self.buf.len() - remaining.len();
                let _ = self.buf.split_to(consumed);
                Ok(Some(resp))
            }
            Err(nom::Err::Incomplete(_)) => Ok(Option::None),
            Err(e) => {
                if !self.buf.ends_with(b"\r\n") {
                    trace!(
                        "greeting parse Error on buffer not ending with CRLF — \
                         treating as incomplete ({} bytes buffered)",
                        self.buf.len()
                    );
                    return Ok(Option::None);
                }
                warn!("greeting parse error: {e}");
                Err(Error::Parse(format!("greeting parse error: {e}")))
            }
        }
    }

    /// Try to parse a response from the internal buffer.
    ///
    /// Uses `parse_response_utf8` in UTF-8 mode when the caller indicates
    /// `UTF8=ACCEPT` (RFC 6855 Section 3) or `IMAP4rev2` is active
    /// (RFC 9051 Section 7: quoted-strings carry raw UTF-8).
    fn try_parse_response_inner(&mut self, utf8_mode: bool) -> Result<Option<Response>, Error> {
        if self.buf.is_empty() {
            return Ok(Option::None);
        }

        // The parser uses `nom::bytes::complete` mode, which returns `Error`
        // (not `Incomplete`) when input is truncated mid-response. We must
        // detect incomplete data ourselves to avoid treating partial TCP
        // reads as hard parse failures.
        //
        // Every IMAP response ends with \r\n. If the buffer doesn't contain
        // \r\n at all, the first response is definitely incomplete.
        if !buffer_may_contain_complete_response(&self.buf) {
            return Ok(Option::None);
        }

        match parse_response_utf8(&self.buf, utf8_mode) {
            Ok((remaining, resp)) => {
                let consumed = self.buf.len() - remaining.len();
                let _ = self.buf.split_to(consumed);
                Ok(Some(resp))
            }
            Err(nom::Err::Incomplete(_)) => Ok(Option::None),
            Err(e) => {
                // The parser failed even though we thought the data was
                // complete. If the buffer doesn't end with \r\n, it's
                // likely a partial read that our heuristic didn't catch
                // (e.g., literal data spanning TCP segments).
                if !self.buf.ends_with(b"\r\n") {
                    trace!(
                        "parse Error on buffer not ending with CRLF — treating as incomplete \
                         ({} bytes buffered)",
                        self.buf.len()
                    );
                    return Ok(Option::None);
                }
                warn!("response parse error: {e}");
                Err(Error::Parse(format!("response parse error: {e}")))
            }
        }
    }
}

// DELIBERATELY ABSENT — do NOT add:
// - fn reset_buffer(&mut self)
// - fn set_stream(&mut self, s: ImapStream)
// - fn buffer_mut(&mut self) -> &mut BytesMut
// - any Deref/DerefMut/AsMut impl that exposes buf or stream
// These absences are the enforcement of I10.

// ---------------------------------------------------------------------------
// Module-private standalone helpers — ported verbatim from
// ImapConnection::buffer_may_contain_complete_response and
// ImapConnection::try_parse_literal_marker in helpers.rs.
// ---------------------------------------------------------------------------

/// Check whether `buf` likely contains at least one complete IMAP response.
///
/// A complete response always ends with `\r\n`. If the buffer contains
/// literal markers `{N}\r\n`, we verify that N bytes of literal data
/// follow each one, iterating through all literals in the response
/// (e.g., multi-body FETCH responses).
pub(super) fn buffer_may_contain_complete_response(buf: &[u8]) -> bool {
    // Fast path: no \r\n means definitely incomplete.
    let Some(first_crlf) = buf.windows(2).position(|w| w == b"\r\n") else {
        return false;
    };

    // Check for a literal marker `{digits[+]}\r\n` ending at first_crlf.
    // If present, verify we have the literal body + more data after it.
    // Also handles `~{digits}\r\n` (literal8, RFC 3516).
    //
    // Status responses (OK/NO/BAD/BYE) and tagged responses never contain
    // literals — their text is `1*TEXT-CHAR` (RFC 3501 Section 9), not
    // `string`. Skip the literal check for these to avoid misclassifying
    // `{digits}` in status text (e.g. `* OK [ALERT] limit {42}\r\n`).
    let may_contain_literal = if buf.starts_with(b"* ") && buf.len() >= 5 {
        // Untagged status responses: `* OK ...`, `* NO ...`, `* BAD ...`, `* BYE ...`
        // These use `resp-text` which has no literal production.
        // RFC 3501 Section 9: all alphabetic characters are case-insensitive,
        // so compare case-insensitively to handle non-conformant servers.
        let after_star = &buf[2..];
        let is_status = after_star
            .get(..3)
            .is_some_and(|s| s.eq_ignore_ascii_case(b"OK ") || s.eq_ignore_ascii_case(b"NO "))
            || after_star.get(..4).is_some_and(|s| {
                s.eq_ignore_ascii_case(b"BAD ") || s.eq_ignore_ascii_case(b"BYE ")
            });
        !is_status
    } else if buf.starts_with(b"+") {
        // Continuation responses never contain literals.
        false
    } else {
        // Tagged responses (`TAG OK/NO/BAD ...`) use `resp-cond-state`
        // which also has no literal production (RFC 3501 Section 7.1).
        // Detect the tag boundary and check for a status keyword.
        //
        // RFC 3501 Section 9: `tag = 1*<any ASTRING-CHAR except "+">`.
        // A tagged response is `tag SP resp-cond-state CRLF` where
        // resp-cond-state = ("OK" / "NO" / "BAD") SP resp-text.
        // resp-text is `1*TEXT-CHAR` (no literal production), so
        // `{digits}` in the text is NOT a literal marker.
        if let Some(sp) = buf.iter().position(|&b| b == b' ') {
            let after_tag = &buf[sp + 1..];
            let is_tagged_status = after_tag
                .get(..3)
                .is_some_and(|s| s.eq_ignore_ascii_case(b"OK ") || s.eq_ignore_ascii_case(b"NO "))
                || after_tag
                    .get(..4)
                    .is_some_and(|s| s.eq_ignore_ascii_case(b"BAD "));
            // Also handle the edge case where the status keyword is
            // followed directly by CRLF (e.g., `TAG OK\r\n` with no
            // resp-text).
            let is_tagged_status = is_tagged_status
                || after_tag
                    .get(..4)
                    .is_some_and(|s| s.eq_ignore_ascii_case(b"OK\r\n"))
                || after_tag
                    .get(..4)
                    .is_some_and(|s| s.eq_ignore_ascii_case(b"NO\r\n"))
                || after_tag
                    .get(..5)
                    .is_some_and(|s| s.eq_ignore_ascii_case(b"BAD\r\n"));
            !is_tagged_status
        } else {
            // No space found — cannot be a valid tagged response.
            // Conservatively check for literals.
            true
        }
    };

    if first_crlf >= 2 && may_contain_literal {
        if let Some(literal_len) = try_parse_literal_marker(buf, first_crlf) {
            // Skip past the first literal body and iteratively check
            // for additional literals (e.g., multi-body FETCH).
            let mut pos = first_crlf + 2 + literal_len;
            loop {
                if pos > buf.len() {
                    return false;
                }
                // Find the next \r\n after the current literal body.
                let remaining = &buf[pos..];
                let Some(next_crlf) = remaining.windows(2).position(|w| w == b"\r\n") else {
                    return false;
                };
                // Check if there's another literal marker at this CRLF.
                if let Some(next_literal_len) = try_parse_literal_marker(remaining, next_crlf) {
                    // Another literal — skip past it and continue.
                    pos += next_crlf + 2 + next_literal_len;
                    continue;
                }
                // No more literals — this CRLF terminates the response.
                return true;
            }
        }
    }

    // No literal — the first \r\n likely terminates a complete response.
    true
}

/// Try to parse a literal marker `{digits[+]}` ending just before `crlf_pos`
/// in `buf`. Returns the literal byte count if a valid marker is found.
fn try_parse_literal_marker(buf: &[u8], crlf_pos: usize) -> Option<usize> {
    let before_crlf = &buf[..crlf_pos];
    let brace_pos = before_crlf.iter().rposition(|&b| b == b'{')?;
    let close_offset = buf[brace_pos + 1..crlf_pos]
        .iter()
        .position(|&b| b == b'}')?;
    let between = &buf[brace_pos + 1..brace_pos + 1 + close_offset];
    // Strip optional trailing '+' for LITERAL+ (RFC 7888) or
    // LITERAL- (RFC 7888 Section 5).
    let digits = if between.last() == Some(&b'+') {
        &between[..between.len() - 1]
    } else {
        between
    };
    if digits.is_empty() || !digits.iter().all(u8::is_ascii_digit) {
        return None;
    }
    std::str::from_utf8(digits)
        .ok()
        .and_then(|s| s.parse::<usize>().ok())
}