package org.easypeelsecurity.springdog.manager.ratelimit;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.lang.reflect.Parameter;
import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Optional;
import java.util.logging.Logger;
import org.easypeelsecurity.springdog.domain.ratelimit.EndpointService;
import org.easypeelsecurity.springdog.domain.ratelimit.RuleCache;
import org.easypeelsecurity.springdog.manager.statistics.EndpointMetricCacheManager;
import org.easypeelsecurity.springdog.manager.util.RequestHandlerUtil;
import org.easypeelsecurity.springdog.shared.dto.EndpointDto;
import org.easypeelsecurity.springdog.shared.enums.RuleStatus;
import org.easypeelsecurity.springdog.shared.util.IpAddressUtil;
import org.easypeelsecurity.springdog.shared.util.MethodSignatureParser;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.util.ContentCachingRequestWrapper;

@Service
/* loaded from: input_file:org/easypeelsecurity/springdog/manager/ratelimit/RatelimitInterceptor.class */
public class RatelimitInterceptor implements HandlerInterceptor {
    private final EndpointService endpointService;
    private final Logger logger = Logger.getLogger(RatelimitInterceptor.class.getName());
    private final ObjectMapper objectMapper = new ObjectMapper();

    public RatelimitInterceptor(EndpointService endpointService) {
        this.endpointService = endpointService;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(httpServletRequest instanceof ContentCachingRequestWrapper)) {
            httpServletRequest = new ContentCachingRequestWrapper(httpServletRequest);
        }
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        if (RequestHandlerUtil.shouldSkipRequest(handlerMethod.getBean().getClass())) {
            return true;
        }
        String parse = MethodSignatureParser.parse(handlerMethod);
        Optional<EndpointDto> validEndpoint = getValidEndpoint(parse);
        if (validEndpoint.isEmpty()) {
            return true;
        }
        EndpointDto endpointDto = validEndpoint.get();
        if (!RuleStatus.ACTIVE.equals(endpointDto.getRuleStatus())) {
            return true;
        }
        if (!RatelimitCache.isBannedRequest(generateRequestHash(httpServletRequest, endpointDto), endpointDto, LocalDateTime.now())) {
            httpServletResponse.setHeader("X-RateLimit-Remaining", "");
            return true;
        }
        applyRatelimitResponse(httpServletResponse, String.valueOf(endpointDto.isRulePermanentBan() ? Integer.MAX_VALUE : endpointDto.getRuleBanTimeInSeconds()));
        EndpointMetricCacheManager.incrementFailureCount(parse);
        return false;
    }

    private Optional<EndpointDto> getValidEndpoint(String str) {
        return Optional.ofNullable((EndpointDto) RuleCache.findEndpointByMethodSignature(str).orElseGet(() -> {
            EndpointDto endpointByMethodSignature = this.endpointService.getEndpointByMethodSignature(str);
            if (endpointByMethodSignature == null) {
                return null;
            }
            RuleCache.cachingRule(endpointByMethodSignature);
            return endpointByMethodSignature;
        }));
    }

    private void applyRatelimitResponse(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
        httpServletResponse.getWriter().write("Too many requests");
        httpServletResponse.setHeader("Retry-After", str);
        httpServletResponse.setHeader("X-RateLimit-Remaining", "0");
    }

    private String generateRequestHash(HttpServletRequest httpServletRequest, EndpointDto endpointDto) {
        StringBuilder sb = new StringBuilder();
        sb.append(endpointDto.getMethodSignature()).append("\n");
        if (endpointDto.isRuleIpBased()) {
            sb.append(IpAddressUtil.getClientIp(httpServletRequest)).append("\n");
        }
        endpointDto.getParameters().stream().sorted(Comparator.comparing((v0) -> {
            return v0.getName();
        })).filter((v0) -> {
            return v0.isEnabled();
        }).forEach(endpointParameterDto -> {
            String parameter = httpServletRequest.getParameter(endpointParameterDto.getName());
            if (parameter != null) {
                sb.append(endpointParameterDto.getName()).append("=").append(parameter).append("\n");
            }
        });
        endpointDto.getHeaders().stream().sorted(Comparator.comparing((v0) -> {
            return v0.getName();
        })).filter((v0) -> {
            return v0.isEnabled();
        }).forEach(endpointHeaderDto -> {
            String header = httpServletRequest.getHeader(endpointHeaderDto.getName());
            if (header != null) {
                sb.append(endpointHeaderDto.getName()).append("=").append(header).append("\n");
            }
        });
        try {
            JsonNode requestBodyAsJson = getRequestBodyAsJson(httpServletRequest);
            for (Method method : Class.forName(endpointDto.getFqcn()).getDeclaredMethods()) {
                if (method.toString().contains(endpointDto.getMethodSignature())) {
                    for (Parameter parameter : method.getParameters()) {
                        if (parameter.isAnnotationPresent(RequestBody.class)) {
                            Field[] declaredFields = parameter.getType().getDeclaredFields();
                            Arrays.sort(declaredFields, Comparator.comparing((v0) -> {
                                return v0.getName();
                            }));
                            processFields(declaredFields, httpServletRequest, requestBodyAsJson, sb);
                        }
                    }
                }
            }
            return sb.toString();
        } catch (ClassNotFoundException e) {
            this.logger.warning("Failed to generate request hash. " + e.getMessage());
            throw new RuntimeException(e);
        }
    }

    private JsonNode getRequestBodyAsJson(HttpServletRequest httpServletRequest) {
        try {
            return this.objectMapper.readTree(httpServletRequest.getReader());
        } catch (IOException e) {
            this.logger.warning("Failed to read request body as json" + e.getMessage());
            return null;
        }
    }

    private void processFields(Field[] fieldArr, HttpServletRequest httpServletRequest, JsonNode jsonNode, StringBuilder sb) {
        for (Field field : fieldArr) {
            String parameter = httpServletRequest.getParameter(field.getName());
            if (parameter == null && jsonNode != null && jsonNode.has(field.getName())) {
                parameter = jsonNode.get(field.getName()).asText();
            }
            if (parameter != null) {
                sb.append(field.getName()).append("=").append(parameter).append("\n");
            }
        }
    }
}
