package io.datarouter.auth.service;

import io.datarouter.auth.storage.accountpermission.DatarouterAccountPermissionKey;
import io.datarouter.util.tuple.Pair;
import io.datarouter.web.dispatcher.ApiKeyPredicate;
import io.datarouter.web.dispatcher.DispatchRule;
import io.datarouter.web.util.http.RequestTool;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;

@Singleton
/* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountApiKeyPredicate.class */
public class DatarouterAccountApiKeyPredicate implements ApiKeyPredicate {
    private final DatarouterAccountCredentialService datarouterAccountCredentialService;
    private final DatarouterAccountCounters datarouterAccountCounters;

    @Inject
    public DatarouterAccountApiKeyPredicate(DatarouterAccountCredentialService datarouterAccountCredentialService, DatarouterAccountCounters datarouterAccountCounters) {
        this.datarouterAccountCredentialService = datarouterAccountCredentialService;
        this.datarouterAccountCounters = datarouterAccountCounters;
    }

    public Pair<Boolean, String> check(DispatchRule dispatchRule, HttpServletRequest httpServletRequest) {
        String parameterOrHeader = RequestTool.getParameterOrHeader(httpServletRequest, "apiKey");
        return parameterOrHeader == null ? new Pair<>(false, "key not found") : (Pair) check(dispatchRule.getPersistentString(), parameterOrHeader).map(str -> {
            return new Pair(true, str);
        }).orElseGet(() -> {
            return new Pair(false, "no account for " + ApiKeyPredicate.obfuscate(parameterOrHeader));
        });
    }

    public Optional<String> check(Optional<String> optional, String str) {
        Optional findFirst = this.datarouterAccountCredentialService.scanPermissionsForApiKeyAuth(str).include(datarouterAccountPermissionKey -> {
            return isValidEndpoint(datarouterAccountPermissionKey, optional);
        }).findFirst();
        DatarouterAccountCounters datarouterAccountCounters = this.datarouterAccountCounters;
        datarouterAccountCounters.getClass();
        findFirst.ifPresent(datarouterAccountCounters::incPermissionUsage);
        return findFirst.map((v0) -> {
            return v0.getAccountName();
        });
    }

    private boolean isValidEndpoint(DatarouterAccountPermissionKey datarouterAccountPermissionKey, Optional<String> optional) {
        boolean equals = datarouterAccountPermissionKey.getEndpoint().equals(DatarouterAccountPermissionKey.ALL_ENDPOINTS);
        String endpoint = datarouterAccountPermissionKey.getEndpoint();
        endpoint.getClass();
        return equals || ((Boolean) optional.map((v1) -> {
            return r1.equals(v1);
        }).orElse(false)).booleanValue();
    }
}
