package io.datarouter.web.user.authenticate;

import io.datarouter.util.BooleanTool;
import io.datarouter.util.string.StringTool;
import io.datarouter.web.WebAppLifecycle;
import io.datarouter.web.WebAppLifecycleState;
import io.datarouter.web.exception.InvalidApiCallException;
import io.datarouter.web.exception.InvalidCredentialsException;
import io.datarouter.web.shutdown.ShutdownService;
import io.datarouter.web.user.BaseDatarouterSessionDao;
import io.datarouter.web.user.authenticate.authenticator.DatarouterAuthenticator;
import io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig;
import io.datarouter.web.user.session.DatarouterSession;
import io.datarouter.web.user.session.DatarouterSessionManager;
import io.datarouter.web.util.http.RequestTool;
import io.datarouter.web.util.http.ResponseTool;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.Objects;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/datarouter/web/user/authenticate/DatarouterAuthenticationFilter.class */
public class DatarouterAuthenticationFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterAuthenticationFilter.class);

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private BaseDatarouterSessionDao datarouterSessionDao;

    @Inject
    private DatarouterSessionManager sessionManager;

    @Inject
    private ShutdownService shutdownService;

    @Inject
    private WebAppLifecycle webAppLifeCycle;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        this.shutdownService.logIfLate(httpServletRequest);
        this.webAppLifeCycle.set(WebAppLifecycleState.HTTP_READY);
        String contextPath = httpServletRequest.getContextPath();
        String signinPath = this.authenticationConfig.getSigninPath();
        String signinSubmitPath = this.authenticationConfig.getSigninSubmitPath();
        String servletPath = httpServletRequest.getServletPath();
        URL validTargetUrl = getValidTargetUrl(httpServletRequest, signinPath);
        URL referrerUrl = getReferrerUrl(httpServletRequest);
        if (shouldBounceBack(httpServletRequest, servletPath, signinPath, referrerUrl, validTargetUrl)) {
            this.sessionManager.addTargetUrlCookie(httpServletResponse, referrerUrl.toExternalForm());
        }
        try {
            addSessionToRequest(httpServletRequest, httpServletResponse);
            if (Objects.equals(servletPath, signinSubmitPath)) {
                handleSuccessfulLogin(httpServletRequest, httpServletResponse, validTargetUrl);
            } else {
                filterChain.doFilter(servletRequest, servletResponse);
            }
        } catch (InvalidApiCallException e) {
            logger.warn(e.getMessage());
            handleBadApiCall(httpServletResponse, e.getMessage());
        } catch (InvalidCredentialsException e2) {
            logger.warn(e2.getMessage());
            handleBadCredentials(httpServletRequest, httpServletResponse, contextPath, signinPath);
        }
    }

    private static URL getReferrerUrl(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("referer");
        if (StringTool.isEmpty(header)) {
            return null;
        }
        try {
            return new URL(header);
        } catch (MalformedURLException e) {
            logger.warn("invalid referer: {}", header, e);
            return null;
        }
    }

    private URL getValidTargetUrl(HttpServletRequest httpServletRequest, String str) {
        URL targetUrlFromCookie = this.sessionManager.getTargetUrlFromCookie(httpServletRequest);
        if (targetUrlFromCookie == null) {
            return null;
        }
        if (!Objects.equals(str, targetUrlFromCookie.getPath())) {
            return targetUrlFromCookie;
        }
        logger.warn("ignoring targetUrl " + targetUrlFromCookie.getPath());
        return null;
    }

    private static boolean shouldBounceBack(HttpServletRequest httpServletRequest, String str, String str2, URL url, URL url2) {
        return (url != null && Objects.equals(url.getHost(), httpServletRequest.getServerName())) && (url2 == null) && Objects.equals(str2, str);
    }

    private void addSessionToRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Iterator<DatarouterAuthenticator> it = this.authenticationConfig.getAuthenticators(httpServletRequest).iterator();
        while (it.hasNext()) {
            DatarouterSession session = it.next().getSession(httpServletRequest, httpServletResponse);
            if (session != null) {
                DatarouterSessionManager.addToRequest(httpServletRequest, session);
                if (BooleanTool.isTrue(session.getPersistent())) {
                    this.sessionManager.addUserTokenCookie(httpServletResponse, session.getUserToken());
                    this.sessionManager.addSessionTokenCookie(httpServletResponse, session.getSessionToken());
                    this.datarouterSessionDao.put(session);
                    return;
                }
                return;
            }
        }
        throw new RuntimeException("no session returned.  make sure you have a catch-all authenticator");
    }

    private void handleBadCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        String usernameParam = this.authenticationConfig.getUsernameParam();
        String str3 = RequestTool.get(httpServletRequest, usernameParam, "");
        try {
            ResponseTool.sendRedirect(httpServletRequest, httpServletResponse, 303, String.valueOf(str) + str2 + ("?error=true" + (StringTool.isEmpty(str3) ? "" : "&" + usernameParam + "=" + URLEncoder.encode(str3, "UTF-8"))));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private void handleBadApiCall(HttpServletResponse httpServletResponse, String str) throws IOException {
        ResponseTool.sendJsonForMessage(httpServletResponse, 400, str);
    }

    private void handleSuccessfulLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, URL url) {
        String contextPath = httpServletRequest.getContextPath();
        if (url != null) {
            if (!url.getPath().equals(String.valueOf(httpServletRequest.getContextPath()) + this.authenticationConfig.getSigninPath())) {
                contextPath = url.toExternalForm();
            }
            this.sessionManager.clearTargetUrlCookie(httpServletResponse);
        }
        ResponseTool.sendRedirect(httpServletRequest, httpServletResponse, 303, contextPath);
    }
}
