package com.manydesigns.portofino.rest;

import com.manydesigns.elements.ElementsThreadLocals;
import com.manydesigns.elements.messages.RequestMessages;
import com.manydesigns.portofino.cache.ControlsCache;
import com.manydesigns.portofino.operations.Guarded;
import com.manydesigns.portofino.operations.Operations;
import com.manydesigns.portofino.resourceactions.ResourceAction;
import com.manydesigns.portofino.resourceactions.log.LogAccesses;
import com.manydesigns.portofino.security.SecurityFacade;
import com.manydesigns.portofino.security.noop.NoSecurity;
import java.lang.reflect.Method;
import java.util.Iterator;
import javax.annotation.Priority;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.ConstrainedTo;
import javax.ws.rs.RuntimeType;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

@Provider
@Priority(PortofinoFilter.PRIORITY)
@ConstrainedTo(RuntimeType.SERVER)
/* loaded from: input_file:com/manydesigns/portofino/rest/PortofinoFilter.class */
public class PortofinoFilter implements ContainerRequestFilter, ContainerResponseFilter {
    public static final String copyright = "Copyright (C) 2005-2022 ManyDesigns srl";
    public static final String MESSAGE_HEADER = "X-Portofino-Message";
    public static final String PORTOFINO_API_VERSION_HEADER = "X-Portofino-API-Version";
    public static final String PORTOFINO_API_VERSION = "5.2";
    public static final int PRIORITY = 6000;

    @Context
    protected ResourceInfo resourceInfo;

    @Context
    protected HttpServletRequest request;

    @Context
    protected ServletContext servletContext;
    private static final Logger logger = LoggerFactory.getLogger(PortofinoFilter.class);
    public static final String ACCESS_LOGGER_NAME = "com.manydesigns.portofino.access";
    private static final Logger accessLogger = LoggerFactory.getLogger(ACCESS_LOGGER_NAME);

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v28, types: [com.manydesigns.portofino.security.SecurityFacade] */
    public void filter(ContainerRequestContext containerRequestContext) {
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if (uriInfo.getMatchedResources().isEmpty()) {
            return;
        }
        Object obj = uriInfo.getMatchedResources().get(0);
        if (this.resourceInfo == null || this.resourceInfo.getResourceClass() == null) {
            return;
        }
        if (obj.getClass() != this.resourceInfo.getResourceClass()) {
            throw new RuntimeException("Inconsistency: matched resource is not of the right type, " + this.resourceInfo.getResourceClass());
        }
        logger.debug("Setting up logging MDC");
        MDC.clear();
        HttpServletRequest httpServletRequest = ElementsThreadLocals.getHttpServletRequest();
        if (httpServletRequest != null) {
            MDC.put("req.requestURI", httpServletRequest.getRequestURI());
        }
        if (obj instanceof ResourceAction) {
            ResourceAction resourceAction = (ResourceAction) obj;
            logger.debug("Retrieving user");
            Object userId = resourceAction.getSecurity().getUserId();
            if (userId != null) {
                MDC.put("userId", userId.toString());
            }
            ElementsThreadLocals.getOgnlContext().put("securityUtils", resourceAction.getSecurity().getSecurityUtilsBean());
            resourceAction.prepareForExecution();
        }
        WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(this.servletContext);
        NoSecurity noSecurity = NoSecurity.AT_ALL;
        if (webApplicationContext != null) {
            try {
                noSecurity = (SecurityFacade) webApplicationContext.getBean(SecurityFacade.class);
            } catch (NoSuchBeanDefinitionException e) {
                logger.debug("No security facade found, using no-op", e);
            }
        }
        noSecurity.checkWebResourceIsAccessible(containerRequestContext, obj, this.resourceInfo.getResourceMethod());
        if (obj instanceof ResourceAction) {
            checkResourceActionInvocation(containerRequestContext, (ResourceAction) obj);
        }
        Method resourceMethod = this.resourceInfo.getResourceMethod();
        if (isAccessToBeLogged(obj, resourceMethod)) {
            accessLogger.info(containerRequestContext.getMethod() + " " + resourceMethod.getName() + ", queryString " + httpServletRequest.getQueryString());
        }
    }

    public static boolean isAccessToBeLogged(Object obj, Method method) {
        LogAccesses logAccesses;
        if (obj == null) {
            return false;
        }
        Boolean bool = null;
        Class<?> cls = obj.getClass();
        if (method != null && (logAccesses = (LogAccesses) method.getAnnotation(LogAccesses.class)) != null) {
            bool = Boolean.valueOf(logAccesses.value());
        }
        if (bool == null) {
            LogAccesses logAccesses2 = (LogAccesses) cls.getAnnotation(LogAccesses.class);
            bool = Boolean.valueOf(logAccesses2 != null && logAccesses2.value());
        }
        return bool.booleanValue();
    }

    protected void addCacheHeaders(ContainerResponseContext containerResponseContext) {
        if (this.resourceInfo.getResourceMethod() == null || !this.resourceInfo.getResourceMethod().isAnnotationPresent(ControlsCache.class)) {
            containerResponseContext.getHeaders().putSingle("Pragma", "no-cache");
            containerResponseContext.getHeaders().putSingle("Expires", 0);
            containerResponseContext.getHeaders().add("Cache-Control", "no-cache");
            containerResponseContext.getHeaders().add("Cache-Control", "no-store");
        }
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
        addCacheHeaders(containerResponseContext);
        MultivaluedMap headers = containerResponseContext.getHeaders();
        Iterator it = RequestMessages.consumeErrorMessages().iterator();
        while (it.hasNext()) {
            headers.add(MESSAGE_HEADER, "error: " + ((String) it.next()));
        }
        Iterator it2 = RequestMessages.consumeWarningMessages().iterator();
        while (it2.hasNext()) {
            headers.add(MESSAGE_HEADER, "warning: " + ((String) it2.next()));
        }
        Iterator it3 = RequestMessages.consumeInfoMessages().iterator();
        while (it3.hasNext()) {
            headers.add(MESSAGE_HEADER, "info: " + ((String) it3.next()));
        }
        if (headers.containsKey(PORTOFINO_API_VERSION_HEADER)) {
            return;
        }
        headers.putSingle(PORTOFINO_API_VERSION_HEADER, PORTOFINO_API_VERSION);
    }

    protected void checkResourceActionInvocation(ContainerRequestContext containerRequestContext, ResourceAction resourceAction) {
        Method resourceMethod = this.resourceInfo.getResourceMethod();
        HttpServletRequest httpServletRequest = ElementsThreadLocals.getHttpServletRequest();
        if (!resourceAction.getSecurity().isOperationAllowed(httpServletRequest, resourceAction.getActionInstance(), resourceAction, resourceMethod) || !resourceAction.isAccessible()) {
            logger.warn("Request not allowed: " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI());
            containerRequestContext.abortWith(Response.status(resourceAction.getSecurity().isUserAuthenticated() ? Response.Status.FORBIDDEN : Response.Status.UNAUTHORIZED).build());
        } else if (Operations.doGuardsPass(resourceAction, resourceMethod)) {
            logger.debug("Portofino-specific security check passed");
        } else if (resourceAction instanceof Guarded) {
            containerRequestContext.abortWith(((Guarded) resourceAction).guardsFailed(resourceMethod));
        } else {
            containerRequestContext.abortWith(Response.status(Response.Status.CONFLICT).entity("The action couldn't be invoked, a guard did not pass").build());
        }
    }
}
