package org.apache.hugegraph.api.auth;

import com.codahale.metrics.annotation.Timed;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.collect.ImmutableMap;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.inject.Singleton;
import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.HeaderParam;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Context;
import javax.security.sasl.AuthenticationException;
import org.apache.commons.lang3.StringUtils;
import org.apache.hugegraph.api.API;
import org.apache.hugegraph.api.filter.AuthenticationFilter;
import org.apache.hugegraph.api.filter.StatusFilter;
import org.apache.hugegraph.auth.HugeAuthenticator;
import org.apache.hugegraph.auth.UserWithRole;
import org.apache.hugegraph.core.GraphManager;
import org.apache.hugegraph.define.Checkable;
import org.apache.hugegraph.util.E;
import org.apache.hugegraph.util.Log;
import org.slf4j.Logger;

@Singleton
@Path("graphs/{graph}/auth")
@Tag(name = "LoginAPI")
/* loaded from: input_file:org/apache/hugegraph/api/auth/LoginAPI.class */
public class LoginAPI extends API {
    private static final Logger LOG = Log.logger(LoginAPI.class);

    /* loaded from: input_file:org/apache/hugegraph/api/auth/LoginAPI$JsonLogin.class */
    private static class JsonLogin implements Checkable {

        @JsonProperty("user_name")
        private String name;

        @JsonProperty("user_password")
        private String password;

        private JsonLogin() {
        }

        @Override // org.apache.hugegraph.define.Checkable
        public void checkCreate(boolean z) {
            E.checkArgument(!StringUtils.isEmpty(this.name), "The name of user can't be null", new Object[0]);
            E.checkArgument(!StringUtils.isEmpty(this.password), "The password of user can't be null", new Object[0]);
        }

        @Override // org.apache.hugegraph.define.Checkable
        public void checkUpdate() {
        }
    }

    @StatusFilter.Status(StatusFilter.Status.OK)
    @Produces({API.APPLICATION_JSON_WITH_CHARSET})
    @Timed
    @POST
    @Path("login")
    @Consumes({API.APPLICATION_JSON})
    public String login(@Context GraphManager graphManager, @PathParam("graph") String str, JsonLogin jsonLogin) {
        LOG.debug("Graph [{}] user login: {}", str, jsonLogin);
        checkCreatingBody(jsonLogin);
        try {
            return graphManager.serializer(graph(graphManager, str)).writeMap(ImmutableMap.of(HugeAuthenticator.KEY_TOKEN, graphManager.authManager().loginUser(jsonLogin.name, jsonLogin.password)));
        } catch (AuthenticationException e) {
            throw new NotAuthorizedException(e.getMessage(), e, new Object[0]);
        }
    }

    @StatusFilter.Status(StatusFilter.Status.OK)
    @Produces({API.APPLICATION_JSON_WITH_CHARSET})
    @Timed
    @DELETE
    @Path("logout")
    @Consumes({API.APPLICATION_JSON})
    public void logout(@Context GraphManager graphManager, @PathParam("graph") String str, @HeaderParam("Authorization") String str2) {
        E.checkArgument(StringUtils.isNotEmpty(str2), "Request header Authorization must not be null", new Object[0]);
        LOG.debug("Graph [{}] user logout: {}", str, str2);
        if (!str2.startsWith(AuthenticationFilter.BEARER_TOKEN_PREFIX)) {
            throw new BadRequestException("Only HTTP Bearer authentication is supported");
        }
        graphManager.authManager().logoutUser(str2.substring(AuthenticationFilter.BEARER_TOKEN_PREFIX.length()));
    }

    @StatusFilter.Status(StatusFilter.Status.OK)
    @Produces({API.APPLICATION_JSON_WITH_CHARSET})
    @Timed
    @GET
    @Path("verify")
    @Consumes({API.APPLICATION_JSON})
    public String verifyToken(@Context GraphManager graphManager, @PathParam("graph") String str, @HeaderParam("Authorization") String str2) {
        E.checkArgument(StringUtils.isNotEmpty(str2), "Request header Authorization must not be null", new Object[0]);
        LOG.debug("Graph [{}] get user: {}", str, str2);
        if (!str2.startsWith(AuthenticationFilter.BEARER_TOKEN_PREFIX)) {
            throw new BadRequestException("Only HTTP Bearer authentication is supported");
        }
        UserWithRole validateUser = graphManager.authManager().validateUser(str2.substring(AuthenticationFilter.BEARER_TOKEN_PREFIX.length()));
        return graphManager.serializer(graph(graphManager, str)).writeMap(ImmutableMap.of("user_name", validateUser.username(), "user_id", validateUser.userId()));
    }
}
