package io.datarouter.auth.service;

import io.datarouter.auth.cache.DatarouterAccountPermissionKeysByPrefixCache;
import io.datarouter.auth.storage.account.BaseDatarouterAccountCredentialDao;
import io.datarouter.auth.storage.account.BaseDatarouterAccountDao;
import io.datarouter.auth.storage.account.DatarouterAccount;
import io.datarouter.auth.storage.account.DatarouterAccountCredential;
import io.datarouter.auth.storage.account.DatarouterAccountKey;
import io.datarouter.auth.storage.accountpermission.DatarouterAccountPermissionKey;
import io.datarouter.auth.storage.useraccountmap.BaseDatarouterUserAccountMapDao;
import io.datarouter.auth.storage.useraccountmap.DatarouterUserAccountMapKey;
import io.datarouter.scanner.Scanner;
import io.datarouter.web.user.session.service.Session;
import io.datarouter.web.user.session.service.SessionBasedUser;
import io.datarouter.web.util.http.RequestTool;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;

@Singleton
/* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountService.class */
public class DatarouterAccountService {
    private final BaseDatarouterAccountDao datarouterAccountDao;
    private final BaseDatarouterAccountCredentialDao datarouterAccountCredentialDao;
    private final BaseDatarouterUserAccountMapDao datarouterUserAccountMapDao;
    private final DatarouterAccountPermissionKeysByPrefixCache datarouterAccountPermissionKeysByPrefixCache;
    private final DatarouterAccountLastUsedDateService datarouterAccountLastUsedDateService;

    @Inject
    public DatarouterAccountService(BaseDatarouterAccountDao baseDatarouterAccountDao, BaseDatarouterAccountCredentialDao baseDatarouterAccountCredentialDao, BaseDatarouterUserAccountMapDao baseDatarouterUserAccountMapDao, DatarouterAccountPermissionKeysByPrefixCache datarouterAccountPermissionKeysByPrefixCache, DatarouterAccountLastUsedDateService datarouterAccountLastUsedDateService) {
        this.datarouterAccountDao = baseDatarouterAccountDao;
        this.datarouterAccountCredentialDao = baseDatarouterAccountCredentialDao;
        this.datarouterUserAccountMapDao = baseDatarouterUserAccountMapDao;
        this.datarouterAccountPermissionKeysByPrefixCache = datarouterAccountPermissionKeysByPrefixCache;
        this.datarouterAccountLastUsedDateService = datarouterAccountLastUsedDateService;
    }

    public List<String> getAllAccountNamesWithUserMappingsEnabled() {
        return this.datarouterAccountDao.scan().include((v0) -> {
            return v0.getEnableUserMappings();
        }).map((v0) -> {
            return v0.getKey();
        }).map((v0) -> {
            return v0.getAccountName();
        }).list();
    }

    public Scanner<DatarouterAccountPermissionKey> scanPermissionsForApiKeyAuth(String str) {
        Optional map = findAccountCredentialForApiKeyAuth(str).map((v0) -> {
            return v0.getAccountName();
        }).map(DatarouterAccountPermissionKey::new);
        DatarouterAccountPermissionKeysByPrefixCache datarouterAccountPermissionKeysByPrefixCache = this.datarouterAccountPermissionKeysByPrefixCache;
        datarouterAccountPermissionKeysByPrefixCache.getClass();
        return (Scanner) map.map(datarouterAccountPermissionKeysByPrefixCache::get).map((v0) -> {
            return Scanner.of(v0);
        }).orElseGet(Scanner::empty);
    }

    public Optional<DatarouterAccountCredential> findAccountCredentialForApiKeyAuth(String str) {
        Optional<DatarouterAccountCredential> fromAccountCredentialByApiKeyCache = this.datarouterAccountCredentialDao.getFromAccountCredentialByApiKeyCache(str);
        DatarouterAccountLastUsedDateService datarouterAccountLastUsedDateService = this.datarouterAccountLastUsedDateService;
        datarouterAccountLastUsedDateService.getClass();
        fromAccountCredentialByApiKeyCache.ifPresent(datarouterAccountLastUsedDateService::updateLastUsedDate);
        return fromAccountCredentialByApiKeyCache;
    }

    public Optional<String> getCurrentDatarouterAccountName(HttpServletRequest httpServletRequest) {
        Optional ofNullable = Optional.ofNullable(RequestTool.getParameterOrHeader(httpServletRequest, "apiKey"));
        BaseDatarouterAccountCredentialDao baseDatarouterAccountCredentialDao = this.datarouterAccountCredentialDao;
        baseDatarouterAccountCredentialDao.getClass();
        return ofNullable.flatMap(baseDatarouterAccountCredentialDao::getFromAccountCredentialByApiKeyCache).map((v0) -> {
            return v0.getAccountName();
        });
    }

    public String getAccountNameForRequest(HttpServletRequest httpServletRequest) {
        return getCurrentDatarouterAccountName(httpServletRequest).orElseThrow();
    }

    public boolean userCanAccessAccount(Session session, String str) {
        if (userCanAccessAccount(session.getUserId(), str)) {
            return ((Boolean) this.datarouterAccountDao.find(new DatarouterAccountKey(str)).map((v0) -> {
                return v0.getEnableUserMappings();
            }).orElse(false)).booleanValue();
        }
        return false;
    }

    private boolean userCanAccessAccount(Long l, String str) {
        if (l == null) {
            return false;
        }
        return this.datarouterUserAccountMapDao.exists(new DatarouterUserAccountMapKey(l, str));
    }

    public Set<String> findAccountNamesForUser(SessionBasedUser sessionBasedUser) {
        return (Set) scanAccountNamesForUserIdWithUserMappingEnabled(sessionBasedUser.getId()).collect(HashSet::new);
    }

    public Set<String> findAccountNamesForUser(Session session) {
        return (Set) scanAccountNamesForUserIdWithUserMappingEnabled(session.getUserId()).collect(HashSet::new);
    }

    public Optional<DatarouterAccountCredential> findFirstAccountCredentialForUser(Session session) {
        if (session.getUserId() == null) {
            return Optional.empty();
        }
        Scanner<String> scanAccountNamesForUserIdWithUserMappingEnabled = scanAccountNamesForUserIdWithUserMappingEnabled(session.getUserId());
        BaseDatarouterAccountCredentialDao baseDatarouterAccountCredentialDao = this.datarouterAccountCredentialDao;
        baseDatarouterAccountCredentialDao.getClass();
        return scanAccountNamesForUserIdWithUserMappingEnabled.map(baseDatarouterAccountCredentialDao::getFromAccountCredentialByAccountNameCache).include((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findFirst();
    }

    public Scanner<DatarouterAccount> scanAccountsForUser(Session session) {
        return scanAccountsForUserIdWithUserMappingEnabled(session.getUserId());
    }

    private Scanner<String> scanAccountNamesForUserIdWithUserMappingEnabled(Long l) {
        return l == null ? Scanner.empty() : scanAccountsForUserIdWithUserMappingEnabled(l).map((v0) -> {
            return v0.getKey();
        }).map((v0) -> {
            return v0.getAccountName();
        });
    }

    private Scanner<DatarouterAccount> scanAccountsForUserIdWithUserMappingEnabled(Long l) {
        if (l == null) {
            return Scanner.empty();
        }
        Scanner map = this.datarouterUserAccountMapDao.scanKeysWithPrefix(new DatarouterUserAccountMapKey(l, null)).map((v0) -> {
            return v0.getDatarouterAccountKey();
        });
        BaseDatarouterAccountDao baseDatarouterAccountDao = this.datarouterAccountDao;
        baseDatarouterAccountDao.getClass();
        return ((Scanner) map.listTo((v1) -> {
            return r1.scanMulti(v1);
        })).include((v0) -> {
            return v0.getEnableUserMappings();
        });
    }
}
