package org.apache.streampipes.rest.impl;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.streampipes.mail.MailSender;
import org.apache.streampipes.model.client.user.ChangePasswordRequest;
import org.apache.streampipes.model.client.user.Principal;
import org.apache.streampipes.model.client.user.PrincipalType;
import org.apache.streampipes.model.client.user.RawUserApiToken;
import org.apache.streampipes.model.client.user.Role;
import org.apache.streampipes.model.client.user.ServiceAccount;
import org.apache.streampipes.model.client.user.UserAccount;
import org.apache.streampipes.model.message.Notifications;
import org.apache.streampipes.rest.core.base.impl.AbstractAuthGuardedRestResource;
import org.apache.streampipes.rest.security.AuthConstants;
import org.apache.streampipes.rest.shared.annotation.JacksonSerialized;
import org.apache.streampipes.user.management.encryption.SecretEncryptionManager;
import org.apache.streampipes.user.management.service.TokenService;
import org.apache.streampipes.user.management.util.PasswordUtil;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Path("/v2/users")
@Component
/* loaded from: input_file:BOOT-INF/lib/streampipes-rest-0.91.0.jar:org/apache/streampipes/rest/impl/UserResource.class */
public class UserResource extends AbstractAuthGuardedRestResource {
    @Produces({"application/json"})
    @PreAuthorize(AuthConstants.IS_ADMIN_ROLE)
    @GET
    @JacksonSerialized
    public Response getAllUsers(@QueryParam("type") String str) {
        ArrayList arrayList = new ArrayList();
        if (str != null && str.equals(PrincipalType.USER_ACCOUNT.name())) {
            arrayList.addAll(getUserStorage().getAllUserAccounts());
        } else if (str == null || !str.equals(PrincipalType.SERVICE_ACCOUNT.name())) {
            arrayList.addAll(getUserStorage().getAllUsers());
        } else {
            arrayList.addAll(getUserStorage().getAllServiceAccounts());
        }
        removeCredentials(arrayList);
        return ok(arrayList);
    }

    @Produces({"application/json"})
    @GET
    @Path("{principalId}")
    @JacksonSerialized
    public Response getUserDetails(@PathParam("principalId") String str) {
        Principal principalById = getPrincipalById(str);
        removeCredentials(principalById);
        return principalById != null ? ok(principalById) : statusMessage(Notifications.error("User not found"));
    }

    @Produces({"application/json"})
    @GET
    @Path("username/{username}")
    @JacksonSerialized
    public Response getUserDetailsByName(@PathParam("username") String str) {
        Principal principal = getPrincipal(str);
        removeCredentials(principal);
        return principal != null ? ok(principal) : statusMessage(Notifications.error("User not found"));
    }

    @PreAuthorize(AuthConstants.IS_ADMIN_ROLE)
    @DELETE
    @Path("{principalId}")
    @JacksonSerialized
    public Response deleteUser(@PathParam("principalId") String str) {
        if (getPrincipalById(str) == null) {
            return statusMessage(Notifications.error("User not found"));
        }
        getUserStorage().deleteUser(str);
        return ok();
    }

    @PUT
    @Produces({"application/json"})
    @Path("{userId}/appearance/mode/{darkMode}")
    public Response updateAppearanceMode(@PathParam("userId") String str, @PathParam("darkMode") boolean z) {
        String authenticatedUsername = getAuthenticatedUsername();
        if (authenticatedUsername == null) {
            return statusMessage(Notifications.error("User not found"));
        }
        UserAccount user = getUser(authenticatedUsername);
        user.setDarkMode(z);
        getUserStorage().updateUser(user);
        return ok(Notifications.success("Appearance updated"));
    }

    @Produces({"application/json"})
    @POST
    @Path("/user")
    @JacksonSerialized
    @Consumes({"application/json"})
    public Response registerUser(UserAccount userAccount) {
        try {
            if (getUserStorage().getUser(userAccount.getUsername()) != null) {
                return badRequest(Notifications.error("This user ID already exists. Please choose another address."));
            }
            String password = userAccount.getPassword();
            if (password != null) {
                encryptAndStore(userAccount, password);
            } else {
                String generateRandomPassword = PasswordUtil.generateRandomPassword();
                encryptAndStore(userAccount, generateRandomPassword);
                new MailSender().sendInitialPasswordMail(userAccount.getUsername(), generateRandomPassword);
            }
            return ok();
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            return badRequest();
        }
    }

    @Produces({"application/json"})
    @POST
    @Path("/service")
    @JacksonSerialized
    @Consumes({"application/json"})
    public Response registerService(ServiceAccount serviceAccount) {
        if (getUserStorage().getUser(serviceAccount.getUsername()) != null) {
            return badRequest(Notifications.error("This user ID already exists. Please choose another address."));
        }
        serviceAccount.setClientSecret(SecretEncryptionManager.encrypt(serviceAccount.getClientSecret()));
        serviceAccount.setSecretEncrypted(true);
        getUserStorage().storeUser(serviceAccount);
        return ok();
    }

    @Produces({"application/json"})
    @POST
    @Path("{userId}/tokens")
    @Consumes({"application/json"})
    @JacksonSerialized
    public Response createNewApiToken(@PathParam("userId") String str, RawUserApiToken rawUserApiToken) {
        return ok(new TokenService().createAndStoreNewToken(str, rawUserApiToken));
    }

    @Produces({"application/json"})
    @PUT
    @Path("user/{principalId}")
    @Consumes({"application/json"})
    public Response updateUserAccountDetails(@PathParam("principalId") String str, UserAccount userAccount) {
        String authenticatedUsername = getAuthenticatedUsername();
        if (userAccount == null || !(authenticatedUsername.equals(str) || isAdmin())) {
            return statusMessage(Notifications.error("User not found"));
        }
        UserAccount userAccount2 = (UserAccount) getPrincipalById(str);
        updateUser(userAccount2, userAccount, isAdmin(), userAccount2.getPassword());
        userAccount.setRev(userAccount2.getRev());
        getUserStorage().updateUser(userAccount);
        return ok(Notifications.success("User updated"));
    }

    @Produces({"application/json"})
    @PUT
    @Path("user/{principalId}/username")
    @Consumes({"application/json"})
    public Response updateUsername(@PathParam("principalId") String str, UserAccount userAccount) {
        String authenticatedUsername = getAuthenticatedUsername();
        if (userAccount == null || !(authenticatedUsername.equals(str) || isAdmin())) {
            return Response.status(401).build();
        }
        UserAccount userAccount2 = (UserAccount) getPrincipalById(str);
        try {
            if (!PasswordUtil.validatePassword(userAccount.getPassword(), userAccount2.getPassword())) {
                return badRequest(Notifications.error("Incorrect password"));
            }
            userAccount2.setUsername(userAccount.getUsername());
            if (!getUserStorage().getAllUserAccounts().stream().noneMatch(userAccount3 -> {
                return userAccount3.getUsername().equalsIgnoreCase(userAccount.getUsername());
            })) {
                return badRequest(Notifications.error("Username already taken"));
            }
            updateUser(userAccount2, userAccount, isAdmin(), userAccount2.getPassword());
            getUserStorage().updateUser(userAccount2);
            return ok();
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            return badRequest();
        }
    }

    @Produces({"application/json"})
    @PUT
    @Path("user/{principalId}/password")
    @Consumes({"application/json"})
    public Response updatePassword(@PathParam("principalId") String str, ChangePasswordRequest changePasswordRequest) {
        String authenticatedUsername = getAuthenticatedUsername();
        UserAccount userAccount = (UserAccount) getPrincipalById(str);
        if (!str.equals(authenticatedUsername) && !isAdmin()) {
            return badRequest(Notifications.error("The user ID does not match the current user."));
        }
        try {
            if (!PasswordUtil.validatePassword(changePasswordRequest.getExistingPassword(), userAccount.getPassword())) {
                return badRequest(Notifications.error("Wrong password"));
            }
            updateUser(userAccount, userAccount, isAdmin(), PasswordUtil.encryptPassword(changePasswordRequest.getNewPassword()));
            getUserStorage().updateUser(userAccount);
            return ok();
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            return badRequest();
        }
    }

    @Produces({"application/json"})
    @PUT
    @Path("service/{principalId}")
    @Consumes({"application/json"})
    public Response updateServiceAccountDetails(@PathParam("principalId") String str, ServiceAccount serviceAccount) {
        String authenticatedUsername = getAuthenticatedUsername();
        if (serviceAccount == null || !(authenticatedUsername.equals(str) || isAdmin())) {
            return statusMessage(Notifications.error("User not found"));
        }
        Principal principalById = getPrincipalById(str);
        serviceAccount.setRev(principalById.getRev());
        if (!isAdmin()) {
            replacePermissions(serviceAccount, principalById);
        }
        if (!serviceAccount.isSecretEncrypted()) {
            serviceAccount.setClientSecret(SecretEncryptionManager.encrypt(serviceAccount.getClientSecret()));
            serviceAccount.setSecretEncrypted(true);
        }
        getUserStorage().updateUser(serviceAccount);
        return ok(Notifications.success("User updated"));
    }

    private boolean isAdmin() {
        return SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().equals(Role.ROLE_ADMIN.name());
        });
    }

    private void updateUser(UserAccount userAccount, UserAccount userAccount2, boolean z, String str) {
        userAccount2.setPassword(str);
        if (!z) {
            replacePermissions(userAccount2, userAccount);
        }
        userAccount2.setUserApiTokens((List) userAccount.getUserApiTokens().stream().filter(userApiToken -> {
            return userAccount2.getUserApiTokens().stream().anyMatch(userApiToken -> {
                return userApiToken.getTokenId().equals(userApiToken.getTokenId());
            });
        }).collect(Collectors.toList()));
    }

    private void encryptAndStore(UserAccount userAccount, String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        userAccount.setPassword(PasswordUtil.encryptPassword(str));
        getUserStorage().storeUser(userAccount);
    }

    private UserAccount getUser(String str) {
        return getUserStorage().getUserAccount(str);
    }

    private Principal getPrincipal(String str) {
        return getUserStorage().getUser(str);
    }

    private Principal getPrincipalById(String str) {
        return getUserStorage().getUserById(str);
    }

    private void removeCredentials(List<Principal> list) {
        list.forEach(this::removeCredentials);
    }

    private void removeCredentials(Principal principal) {
        if (principal instanceof UserAccount) {
            ((UserAccount) principal).setPassword("");
        }
    }

    private void replacePermissions(Principal principal, Principal principal2) {
        principal.setGroups(principal2.getGroups());
        principal.setObjectPermissions(principal2.getObjectPermissions());
        principal.setRoles(principal2.getRoles());
    }
}
