package io.continual.http.app.servers.endpoints;

import io.continual.builder.Builder;
import io.continual.http.app.servers.CorsOptionsRouter;
import io.continual.http.service.framework.context.CHttpRequestContext;
import io.continual.iam.IamService;
import io.continual.iam.access.AccessDb;
import io.continual.iam.access.Resource;
import io.continual.iam.exceptions.IamSvcException;
import io.continual.iam.identity.Identity;
import io.continual.iam.identity.UserContext;
import io.continual.services.ServiceContainer;
import io.continual.util.data.json.JsonVisitor;
import java.io.IOException;
import java.util.TreeSet;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/continual/http/app/servers/endpoints/TypicalRestApiEndpoint.class */
public class TypicalRestApiEndpoint<I extends Identity> extends JsonIoEndpoint {
    public static final String kSetting_ContinualProductTag = "apiKeyProductTag";
    public static final String kContinualProductTag = "continual";
    public static final String kContinualSystemsGroup = "continualSystems";
    public static final String kSetting_AuthLineHeader = "http.auth.header";
    public static final String kSetting_DateLineHeader = "http.date.header";
    public static final String kSetting_MagicLineHeader = "http.magic.header";
    public static final String kDefault_AuthLineHeader = "X-Continual-Auth";
    public static final String kDefault_DateLineHeader = "X-Continual-Date";
    public static final String kDefault_MagicLineHeader = "X-Continual-Magic";
    private final IamService<I, ?> fAccts;
    private final Authenticator<I> fAuthenticator;
    private final TreeSet<String> fAllowedOrigins;
    private static final Logger log = LoggerFactory.getLogger(TypicalRestApiEndpoint.class);
    private static String[] kAcctSvcKeys = {"accounts", "accountsService"};

    /* loaded from: input_file:io/continual/http/app/servers/endpoints/TypicalRestApiEndpoint$ApiHandler.class */
    public interface ApiHandler<I extends Identity> {
        void handle(CHttpRequestContext cHttpRequestContext, UserContext<I> userContext) throws IOException;
    }

    /* loaded from: input_file:io/continual/http/app/servers/endpoints/TypicalRestApiEndpoint$Authenticator.class */
    public interface Authenticator<I extends Identity> {
        I authenticate(IamService<I, ?> iamService, CHttpRequestContext cHttpRequestContext) throws IamSvcException;
    }

    /* loaded from: input_file:io/continual/http/app/servers/endpoints/TypicalRestApiEndpoint$ResourceAccess.class */
    public static class ResourceAccess {
        public final Resource fResource;
        public final String fOp;

        public ResourceAccess(String str, String str2) {
            this.fResource = Resource.fromName(str);
            this.fOp = str2;
        }
    }

    public static Resource makeResource(String str) {
        return Resource.fromName(str);
    }

    public TypicalRestApiEndpoint(ServiceContainer serviceContainer, JSONObject jSONObject) throws Builder.BuildFailure {
        this.fAccts = (IamService) serviceContainer.getReqd(getAcctsSvcName(jSONObject), IamService.class);
        this.fAuthenticator = new AuthList(jSONObject);
        JSONArray optJSONArray = jSONObject.optJSONArray("allowedOrigins");
        if (optJSONArray != null) {
            this.fAllowedOrigins = new TreeSet<>(JsonVisitor.arrayToList(serviceContainer.getExprEval().evaluateJsonArray(optJSONArray)));
        } else {
            this.fAllowedOrigins = null;
        }
    }

    public void handleWithApiAuth(CHttpRequestContext cHttpRequestContext, ApiHandler<I> apiHandler) {
        handleWithApiAuthAndAccess(cHttpRequestContext, apiHandler, new ResourceAccess[0]);
    }

    public void handleWithApiAuthAndAccess(CHttpRequestContext cHttpRequestContext, ApiHandler<I> apiHandler, ResourceAccess... resourceAccessArr) {
        try {
            try {
                writeCorsHeaders(cHttpRequestContext);
                UserContext<I> user = getUser(cHttpRequestContext);
                if (user == null) {
                    sendNotAuth(cHttpRequestContext);
                    return;
                }
                String effectiveUserId = user.getEffectiveUserId();
                AccessDb accessDb = this.fAccts.getAccessDb();
                for (ResourceAccess resourceAccess : resourceAccessArr) {
                    if (!accessDb.canUser(effectiveUserId, resourceAccess.fResource, resourceAccess.fOp)) {
                        senForbidden(cHttpRequestContext);
                        return;
                    }
                }
                apiHandler.handle(cHttpRequestContext, user);
            } catch (IOException e) {
                log.warn(e.getMessage());
                sendStatusCodeAndMessage(cHttpRequestContext, 500, "I/O problem writing the response, but... you got it???");
            }
        } catch (JSONException | IamSvcException e2) {
            log.warn(e2.getMessage(), e2);
            sendStatusCodeAndMessage(cHttpRequestContext, 500, "There was a problem handling your API request.");
        }
    }

    public boolean canUser(CHttpRequestContext cHttpRequestContext, UserContext<Identity> userContext, String str, String str2) throws IamSvcException {
        boolean canUser = this.fAccts.getAccessDb().canUser(userContext.getEffectiveUserId(), makeResource(str), str2);
        if (!canUser) {
            log.info(userContext.toString() + " cannot " + str2 + " object " + str);
        }
        return canUser;
    }

    public UserContext<I> getUser(CHttpRequestContext cHttpRequestContext) throws IamSvcException {
        IamService<I, ?> iamService = this.fAccts;
        UserContext<I> userContext = null;
        try {
            I authenticate = this.fAuthenticator.authenticate(iamService, cHttpRequestContext);
            if (authenticate != null) {
                String firstHeader = cHttpRequestContext.request().getFirstHeader("X-AuthFor");
                if (firstHeader == null || firstHeader.length() <= 0 || firstHeader.equals(authenticate.getId())) {
                    userContext = new UserContext.Builder().forUser(authenticate).build();
                } else {
                    Identity loadUser = iamService.getIdentityDb().loadUser(firstHeader);
                    if (loadUser != null && authenticate.getGroup(kContinualSystemsGroup) != null) {
                        userContext = new UserContext.Builder().forUser(loadUser).sponsoredByUser(authenticate).build();
                    }
                }
            }
            return userContext;
        } catch (IamSvcException e) {
            log.warn("Error processing authentication: " + e.getMessage());
            throw e;
        }
    }

    protected IamService<I, ?> getInternalAccts() {
        return this.fAccts;
    }

    protected void writeCorsHeaders(CHttpRequestContext cHttpRequestContext) {
        CorsOptionsRouter.setupCorsHeaders(cHttpRequestContext, this.fAllowedOrigins);
    }

    public static String getAcctsSvcName(JSONObject jSONObject) {
        for (String str : kAcctSvcKeys) {
            String optString = jSONObject.optString(str, null);
            if (optString != null) {
                return optString;
            }
        }
        return kAcctSvcKeys[0];
    }
}
