package io.datarouter.auth.web.service;

import io.datarouter.auth.storage.account.permission.DatarouterAccountPermissionKey;
import io.datarouter.auth.web.config.metrics.DatarouterAccountMetrics;
import io.datarouter.scanner.Scanner;
import io.datarouter.web.dispatcher.ApiKeyPredicate;
import io.datarouter.web.dispatcher.DispatchRule;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;

@Singleton
/* loaded from: input_file:io/datarouter/auth/web/service/DatarouterAccountApiKeyPredicate.class */
public class DatarouterAccountApiKeyPredicate extends ApiKeyPredicate {
    private final DatarouterAccountCredentialService datarouterAccountCredentialService;
    private final DatarouterAccountMetrics datarouterAccountMetrics;

    @Singleton
    /* loaded from: input_file:io/datarouter/auth/web/service/DatarouterAccountApiKeyPredicate$DatarouterAccountApiKeyPredicateFactory.class */
    public static class DatarouterAccountApiKeyPredicateFactory {

        @Inject
        private DatarouterAccountCredentialService datarouterAccountCredentialService;

        @Inject
        private DatarouterAccountMetrics datarouterAccountMetrics;

        public DatarouterAccountApiKeyPredicate create(String str) {
            return new DatarouterAccountApiKeyPredicate(str, this.datarouterAccountCredentialService, this.datarouterAccountMetrics);
        }
    }

    @Inject
    public DatarouterAccountApiKeyPredicate(DatarouterAccountCredentialService datarouterAccountCredentialService, DatarouterAccountMetrics datarouterAccountMetrics) {
        this("apiKey", datarouterAccountCredentialService, datarouterAccountMetrics);
    }

    private DatarouterAccountApiKeyPredicate(String str, DatarouterAccountCredentialService datarouterAccountCredentialService, DatarouterAccountMetrics datarouterAccountMetrics) {
        super(str);
        this.datarouterAccountCredentialService = datarouterAccountCredentialService;
        this.datarouterAccountMetrics = datarouterAccountMetrics;
    }

    public ApiKeyPredicate.ApiKeyPredicateCheck innerCheck(DispatchRule dispatchRule, HttpServletRequest httpServletRequest, String str) {
        Optional persistentString = dispatchRule.getPersistentString();
        List list = this.datarouterAccountCredentialService.scanPermissionsForApiKeyAuth(str).list();
        if (list.isEmpty()) {
            return (ApiKeyPredicate.ApiKeyPredicateCheck) this.datarouterAccountCredentialService.findAccountNameForApiKey(str).map(str2 -> {
                return new ApiKeyPredicate.ApiKeyPredicateCheck(false, (String) null, "no permissions found for account=" + str2);
            }).orElseGet(() -> {
                return new ApiKeyPredicate.ApiKeyPredicateCheck(false, (String) null, "no account found for apiKey=" + obfuscate(str));
            });
        }
        Optional findFirst = Scanner.of(list).include(datarouterAccountPermissionKey -> {
            return isValidEndpoint(datarouterAccountPermissionKey, persistentString);
        }).findFirst();
        if (findFirst.isEmpty()) {
            return new ApiKeyPredicate.ApiKeyPredicateCheck(false, (String) null, "matching account=" + ((DatarouterAccountPermissionKey) list.getFirst()).getAccountName() + " does not have access to " + ((String) dispatchRule.getPersistentString().orElse("this endpoint")));
        }
        this.datarouterAccountMetrics.incPermissionUsage((DatarouterAccountPermissionKey) findFirst.get());
        return new ApiKeyPredicate.ApiKeyPredicateCheck(true, ((DatarouterAccountPermissionKey) findFirst.get()).getAccountName(), (String) null);
    }

    private boolean isValidEndpoint(DatarouterAccountPermissionKey datarouterAccountPermissionKey, Optional<String> optional) {
        boolean equals = datarouterAccountPermissionKey.getEndpoint().equals("all");
        String endpoint = datarouterAccountPermissionKey.getEndpoint();
        endpoint.getClass();
        return equals || ((Boolean) optional.map((v1) -> {
            return r1.equals(v1);
        }).orElse(false)).booleanValue();
    }
}
