package io.datarouter.auth.web;

import io.datarouter.auth.config.DatarouterAuthFiles;
import io.datarouter.auth.config.DatarouterAuthPaths;
import io.datarouter.auth.service.DatarouterAccountAvailableEndpointsProvider;
import io.datarouter.auth.service.DatarouterAccountCredentialService;
import io.datarouter.auth.service.DefaultDatarouterAccountAvailableEndpointsProvider;
import io.datarouter.auth.storage.account.BaseDatarouterAccountDao;
import io.datarouter.auth.storage.account.DatarouterAccount;
import io.datarouter.auth.storage.account.DatarouterAccountCredential;
import io.datarouter.auth.storage.account.DatarouterAccountKey;
import io.datarouter.auth.storage.accountpermission.BaseDatarouterAccountPermissionDao;
import io.datarouter.auth.storage.accountpermission.DatarouterAccountPermission;
import io.datarouter.auth.storage.accountpermission.DatarouterAccountPermissionKey;
import io.datarouter.instrumentation.changelog.ChangelogRecorder;
import io.datarouter.instrumentation.metric.MetricLinkBuilder;
import io.datarouter.scanner.Scanner;
import io.datarouter.secretweb.service.WebSecretOpReason;
import io.datarouter.storage.config.DatarouterProperties;
import io.datarouter.storage.servertype.ServerType;
import io.datarouter.util.Require;
import io.datarouter.util.string.StringTool;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.mav.Mav;
import io.datarouter.web.handler.types.RequestBody;
import io.datarouter.web.html.react.bootstrap4.Bootstrap4ReactPageFactory;
import io.datarouter.web.requirejs.DatarouterWebRequireJs;
import io.datarouter.web.user.session.CurrentUserSessionInfoService;
import io.datarouter.web.user.session.service.Session;
import java.time.ZoneId;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/auth/web/DatarouterAccountManagerHandler.class */
public class DatarouterAccountManagerHandler extends BaseHandler {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterAccountManagerHandler.class);
    private final BaseDatarouterAccountDao datarouterAccountDao;
    private final BaseDatarouterAccountPermissionDao datarouterAccountPermissionDao;
    private final DatarouterAccountCredentialService acccountCredentialService;
    private final DatarouterProperties datarouterProperties;
    private final DatarouterAuthFiles files;
    private final DatarouterAccountAvailableEndpointsProvider datarouterAccountAvailableEndpointsProvider;
    private final Bootstrap4ReactPageFactory reactPageFactory;
    private final ChangelogRecorder changelogRecorder;
    private final MetricLinkBuilder metricLinkBuilder;
    private final CurrentUserSessionInfoService currentSessionInfoService;
    private final String path;

    /* loaded from: input_file:io/datarouter/auth/web/DatarouterAccountManagerHandler$AccountCredentialDto.class */
    public static class AccountCredentialDto {
        public final String apiKey;
        public final String secretKey;
        public final String accountName;
        public final String created;
        public final String creatorUsername;
        public final String lastUsed;
        public final Boolean active;

        public AccountCredentialDto(DatarouterAccountCredential datarouterAccountCredential, ZoneId zoneId) {
            this.apiKey = datarouterAccountCredential.getKey().getApiKey();
            this.secretKey = datarouterAccountCredential.getSecretKey();
            this.accountName = datarouterAccountCredential.getAccountName();
            this.created = datarouterAccountCredential.getCreatedDate(zoneId);
            this.creatorUsername = datarouterAccountCredential.getCreatorUsername();
            this.lastUsed = datarouterAccountCredential.getLastUsedDate(zoneId);
            this.active = datarouterAccountCredential.getActive();
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/DatarouterAccountManagerHandler$AccountDto.class */
    public static class AccountDto {
        public final String accountName;
        public final String created;
        public final String creator;
        public final String lastUsed;
        public final Boolean enableUserMappings;

        public AccountDto(DatarouterAccount datarouterAccount, ZoneId zoneId) {
            this.accountName = datarouterAccount.getKey().getAccountName();
            this.created = datarouterAccount.getCreatedDate(zoneId);
            this.creator = datarouterAccount.getCreator();
            this.lastUsed = datarouterAccount.getLastUsedDate(zoneId);
            this.enableUserMappings = Boolean.valueOf(datarouterAccount.getEnableUserMappings());
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/DatarouterAccountManagerHandler$AvailableRouteSet.class */
    public static class AvailableRouteSet {
        public final String name;
        public final String className;
        public final List<String> rules;

        public AvailableRouteSet(String str, String str2, List<String> list) {
            this.name = str;
            this.className = str2;
            this.rules = list;
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/DatarouterAccountManagerHandler$DatarouterAccountDetails.class */
    public static class DatarouterAccountDetails {
        public final AccountDto account;
        public final List<AccountCredentialDto> credentials;
        public final List<DatarouterAccountCredentialService.SecretCredentialDto> secretCredentials;
        public final List<TextPermission> permissions;
        public final String metricLink;
        public final String error;

        public DatarouterAccountDetails(AccountDto accountDto, List<AccountCredentialDto> list, List<DatarouterAccountCredentialService.SecretCredentialDto> list2, List<TextPermission> list3, String str) {
            this.account = accountDto;
            this.credentials = list == null ? List.of() : list;
            this.secretCredentials = list2 == null ? List.of() : list2;
            this.permissions = list3 == null ? List.of() : list3;
            this.metricLink = str;
            this.error = null;
        }

        public DatarouterAccountDetails(String str) {
            this.account = null;
            this.credentials = null;
            this.secretCredentials = null;
            this.permissions = null;
            this.metricLink = null;
            this.error = str;
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/DatarouterAccountManagerHandler$DatarouterAccountDetailsAndKeypair.class */
    public static class DatarouterAccountDetailsAndKeypair {
        public final DatarouterAccountDetails details;
        public final DatarouterAccountCredentialService.DatarouterAccountSecretCredentialKeypairDto keypair;

        public DatarouterAccountDetailsAndKeypair(DatarouterAccountDetails datarouterAccountDetails, DatarouterAccountCredentialService.DatarouterAccountSecretCredentialKeypairDto datarouterAccountSecretCredentialKeypairDto) {
            this.details = datarouterAccountDetails;
            this.keypair = datarouterAccountSecretCredentialKeypairDto;
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/DatarouterAccountManagerHandler$SetCredentialActivationDto.class */
    public static class SetCredentialActivationDto {
        public final String apiKey;
        public final String secretName;
        public final Boolean active;
        public final String accountName;

        public SetCredentialActivationDto(String str, String str2, Boolean bool, String str3) {
            this.apiKey = str;
            this.secretName = str2;
            this.active = bool;
            this.accountName = str3;
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/DatarouterAccountManagerHandler$TextPermission.class */
    public static class TextPermission {
        public final String accountName;
        public final String endpoint;

        public TextPermission(String str, String str2) {
            this.accountName = str;
            this.endpoint = str2;
        }

        public static TextPermission create(DatarouterAccountPermissionKey datarouterAccountPermissionKey) {
            return new TextPermission(datarouterAccountPermissionKey.getAccountName(), datarouterAccountPermissionKey.getEndpoint());
        }
    }

    @Inject
    public DatarouterAccountManagerHandler(BaseDatarouterAccountDao baseDatarouterAccountDao, BaseDatarouterAccountPermissionDao baseDatarouterAccountPermissionDao, DatarouterAccountCredentialService datarouterAccountCredentialService, DatarouterProperties datarouterProperties, DatarouterAuthFiles datarouterAuthFiles, DatarouterAuthPaths datarouterAuthPaths, DefaultDatarouterAccountAvailableEndpointsProvider defaultDatarouterAccountAvailableEndpointsProvider, Bootstrap4ReactPageFactory bootstrap4ReactPageFactory, ChangelogRecorder changelogRecorder, MetricLinkBuilder metricLinkBuilder, CurrentUserSessionInfoService currentUserSessionInfoService) {
        this(baseDatarouterAccountDao, baseDatarouterAccountPermissionDao, datarouterAccountCredentialService, datarouterProperties, datarouterAuthFiles, defaultDatarouterAccountAvailableEndpointsProvider, bootstrap4ReactPageFactory, changelogRecorder, metricLinkBuilder, currentUserSessionInfoService, datarouterAuthPaths.admin.accounts.toSlashedString());
    }

    protected DatarouterAccountManagerHandler(BaseDatarouterAccountDao baseDatarouterAccountDao, BaseDatarouterAccountPermissionDao baseDatarouterAccountPermissionDao, DatarouterAccountCredentialService datarouterAccountCredentialService, DatarouterProperties datarouterProperties, DatarouterAuthFiles datarouterAuthFiles, DatarouterAccountAvailableEndpointsProvider datarouterAccountAvailableEndpointsProvider, Bootstrap4ReactPageFactory bootstrap4ReactPageFactory, ChangelogRecorder changelogRecorder, MetricLinkBuilder metricLinkBuilder, CurrentUserSessionInfoService currentUserSessionInfoService, String str) {
        this.datarouterAccountDao = baseDatarouterAccountDao;
        this.datarouterAccountPermissionDao = baseDatarouterAccountPermissionDao;
        this.acccountCredentialService = datarouterAccountCredentialService;
        this.datarouterProperties = datarouterProperties;
        this.files = datarouterAuthFiles;
        this.datarouterAccountAvailableEndpointsProvider = datarouterAccountAvailableEndpointsProvider;
        this.reactPageFactory = bootstrap4ReactPageFactory;
        this.changelogRecorder = changelogRecorder;
        this.metricLinkBuilder = metricLinkBuilder;
        this.currentSessionInfoService = currentUserSessionInfoService;
        this.path = str;
    }

    @BaseHandler.Handler(defaultHandler = true)
    public Mav index() {
        return this.reactPageFactory.startBuilder(this.request).withTitle("Datarouter Account Manager").withRequires(new String[]{DatarouterWebRequireJs.SORTTABLE}).withReactScript(this.files.js.accountManagerJsx).withJsStringConstant("REACT_BASE_PATH", String.valueOf(this.request.getContextPath()) + this.path + "/").buildMav();
    }

    @BaseHandler.Handler
    public List<DatarouterAccountDetails> list() {
        return getDetailsForAccounts(this.datarouterAccountDao.scan().list());
    }

    @BaseHandler.Handler
    public DatarouterAccountDetails getDetails(String str) {
        return getDetailsForAccountName(str);
    }

    @BaseHandler.Handler
    public DatarouterAccountDetails add(String str) {
        Require.isFalse(str.isEmpty());
        DatarouterAccount datarouterAccount = new DatarouterAccount(str, new Date(), getSessionInfo().getRequiredSession().getUsername());
        this.datarouterAccountDao.put(datarouterAccount);
        logAndRecordAction(str, "add");
        return getDetailsForAccounts(List.of(datarouterAccount)).get(0);
    }

    @BaseHandler.Handler
    public DatarouterAccountDetails toggleUserMappings(String str) {
        return updateAccount(str, (v0) -> {
            v0.toggleUserMappings();
        }, "toggleUserMappings");
    }

    @BaseHandler.Handler
    public void delete(String str) {
        this.datarouterAccountPermissionDao.deleteWithPrefix(new DatarouterAccountPermissionKey(str));
        this.acccountCredentialService.deleteAllCredentialsForAccount(str, getSessionInfo().getRequiredSession());
        this.datarouterAccountDao.delete(new DatarouterAccountKey(str));
        logAndRecordAction(str, "delete");
    }

    @BaseHandler.Handler
    public DatarouterAccountDetails addCredential(String str) {
        Require.isFalse(str.isEmpty());
        this.acccountCredentialService.createCredential(str, getSessionInfo().getRequiredSession().getUsername());
        logAndRecordAction(str, "add credential");
        return getDetailsForAccountName(str);
    }

    @BaseHandler.Handler
    public DatarouterAccountDetails deleteCredential(String str, String str2) {
        this.acccountCredentialService.deleteCredential(str);
        logAndRecordAction(str2, "delete credential");
        return getDetailsForAccountName(str2);
    }

    @BaseHandler.Handler
    public DatarouterAccountDetailsAndKeypair addSecretCredential(String str) {
        Require.isFalse(str.isEmpty());
        Session requiredSession = getSessionInfo().getRequiredSession();
        DatarouterAccountCredentialService.DatarouterAccountSecretCredentialKeypairDto createSecretCredential = this.acccountCredentialService.createSecretCredential(str, requiredSession.getUsername(), WebSecretOpReason.manualOp(requiredSession, getClass().getSimpleName()));
        logAndRecordAction(str, "add secret credential");
        return new DatarouterAccountDetailsAndKeypair(getDetailsForAccountName(str), createSecretCredential);
    }

    @BaseHandler.Handler
    public DatarouterAccountDetails deleteSecretCredential(String str, String str2) {
        this.acccountCredentialService.deleteSecretCredential(str, WebSecretOpReason.manualOp(getSessionInfo().getRequiredSession(), getClass().getSimpleName()));
        logAndRecordAction(str2, "delete secret credential");
        return getDetailsForAccountName(str2);
    }

    @BaseHandler.Handler
    public DatarouterAccountDetails setCredentialActivation(@RequestBody SetCredentialActivationDto setCredentialActivationDto) {
        Require.isFalse(setCredentialActivationDto.accountName.isEmpty());
        Require.notNull(setCredentialActivationDto.active);
        if (setCredentialActivationDto.secretName != null && StringTool.notEmptyNorWhitespace(setCredentialActivationDto.secretName)) {
            this.acccountCredentialService.setSecretCredentialActivation(setCredentialActivationDto.secretName, setCredentialActivationDto.active);
        } else {
            if (setCredentialActivationDto.apiKey == null || !StringTool.notEmptyNorWhitespace(setCredentialActivationDto.apiKey)) {
                throw new RuntimeException("apiKey or secretName is required");
            }
            this.acccountCredentialService.setCredentialActivation(setCredentialActivationDto.apiKey, setCredentialActivationDto.active);
        }
        return getDetails(setCredentialActivationDto.accountName);
    }

    @BaseHandler.Handler
    public List<String> getAvailableEndpoints() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(DatarouterAccountPermissionKey.ALL_ENDPOINTS);
        arrayList.addAll(this.datarouterAccountAvailableEndpointsProvider.getAvailableEndpoints());
        return arrayList;
    }

    @BaseHandler.Handler
    public DatarouterAccountDetails addPermission(String str, String str2) {
        this.datarouterAccountPermissionDao.put(new DatarouterAccountPermission(str, str2));
        logAndRecordAction(str, "addPermission");
        return getDetails(str);
    }

    @BaseHandler.Handler
    public DatarouterAccountDetails deletePermission(String str, String str2) {
        this.datarouterAccountPermissionDao.delete(new DatarouterAccountPermissionKey(str, str2));
        logAndRecordAction(str, "deletePermission");
        return getDetails(str);
    }

    @BaseHandler.Handler
    public boolean isServerTypeDev() {
        return StringTool.equalsCaseInsensitive(this.datarouterProperties.getServerTypeString(), ServerType.DEV.getPersistentString());
    }

    private DatarouterAccountDetails updateAccount(String str, Consumer<DatarouterAccount> consumer, String str2) {
        DatarouterAccount datarouterAccount = this.datarouterAccountDao.get(new DatarouterAccountKey(str));
        consumer.accept(datarouterAccount);
        this.datarouterAccountDao.put(datarouterAccount);
        logAndRecordAction(str, str2);
        return getDetailsForAccountName(str);
    }

    private List<DatarouterAccountDetails> getDetailsForAccounts(List<DatarouterAccount> list) {
        ZoneId zoneId = this.currentSessionInfoService.getZoneId(this.request);
        Set<String> set = (Set) Scanner.of(list).map((v0) -> {
            return v0.getKey();
        }).map((v0) -> {
            return v0.getAccountName();
        }).collect(HashSet::new);
        Map<String, List<AccountCredentialDto>> credentialsByAccountName = this.acccountCredentialService.getCredentialsByAccountName(set, zoneId);
        Map<String, List<DatarouterAccountCredentialService.SecretCredentialDto>> secretCredentialsByAccountName = this.acccountCredentialService.getSecretCredentialsByAccountName(set, zoneId);
        Scanner map = Scanner.of(set).map(DatarouterAccountPermissionKey::new);
        BaseDatarouterAccountPermissionDao baseDatarouterAccountPermissionDao = this.datarouterAccountPermissionDao;
        baseDatarouterAccountPermissionDao.getClass();
        Map groupBy = ((Scanner) map.listTo((v1) -> {
            return r1.scanKeysWithPrefixes(v1);
        })).map(TextPermission::create).groupBy(textPermission -> {
            return textPermission.accountName;
        });
        return Scanner.of(list).map(datarouterAccount -> {
            return new AccountDto(datarouterAccount, zoneId);
        }).map(accountDto -> {
            return getDetailsForAccount(accountDto, (List) credentialsByAccountName.get(accountDto.accountName), (List) secretCredentialsByAccountName.get(accountDto.accountName), (List) groupBy.get(accountDto.accountName));
        }).list();
    }

    private DatarouterAccountDetails getDetailsForAccount(AccountDto accountDto, List<AccountCredentialDto> list, List<DatarouterAccountCredentialService.SecretCredentialDto> list2, List<TextPermission> list3) {
        return new DatarouterAccountDetails(accountDto, list, list2, list3, this.metricLinkBuilder.exactMetricLink("Datarouter account name " + accountDto.accountName));
    }

    public DatarouterAccountDetails getDetailsForAccountName(String str) {
        return getDetailsForAccounts(List.of(this.datarouterAccountDao.get(new DatarouterAccountKey(str)))).get(0);
    }

    private void logAndRecordAction(String str, String str2) {
        recordChangelog("DatarouterAccount", str, str2);
        logger.warn("account={} action={} by={}", new Object[]{str, str2, getCurrentUsername()});
    }

    private String getCurrentUsername() {
        return getSessionInfo().getNonEmptyUsernameOrElse("unknown");
    }

    private void recordChangelog(String str, String str2, String str3) {
        this.changelogRecorder.record(str, str2, str3, getCurrentUsername());
    }
}
