package org.apache.unomi.rest.endpoints;

import com.fasterxml.jackson.core.JsonProcessingException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.jws.WebService;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import javax.validation.constraints.Pattern;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.rs.security.cors.CrossOriginResourceSharing;
import org.apache.unomi.api.ContextRequest;
import org.apache.unomi.api.ContextResponse;
import org.apache.unomi.api.Event;
import org.apache.unomi.api.Item;
import org.apache.unomi.api.Persona;
import org.apache.unomi.api.PersonaWithSessions;
import org.apache.unomi.api.PersonalizationResult;
import org.apache.unomi.api.Profile;
import org.apache.unomi.api.Session;
import org.apache.unomi.api.conditions.Condition;
import org.apache.unomi.api.services.ConfigSharingService;
import org.apache.unomi.api.services.EventService;
import org.apache.unomi.api.services.PersonalizationService;
import org.apache.unomi.api.services.PrivacyService;
import org.apache.unomi.api.services.ProfileService;
import org.apache.unomi.api.services.RulesService;
import org.apache.unomi.persistence.spi.CustomObjectMapper;
import org.apache.unomi.rest.service.RestServiceUtils;
import org.apache.unomi.utils.Changes;
import org.apache.unomi.utils.HttpUtils;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/")
@Consumes({"application/json"})
@Component(service = {ContextJsonEndpoint.class}, property = {"osgi.jaxrs.resource=true"})
@WebService
@CrossOriginResourceSharing(allowAllOrigins = true, allowCredentials = true)
/* loaded from: input_file:org/apache/unomi/rest/endpoints/ContextJsonEndpoint.class */
public class ContextJsonEndpoint {
    private static final Logger logger = LoggerFactory.getLogger(ContextJsonEndpoint.class.getName());
    private boolean sanitizeConditions = Boolean.parseBoolean(System.getProperty("org.apache.unomi.security.personalization.sanitizeConditions", "true"));

    @Context
    ServletContext context;

    @Context
    HttpServletRequest request;

    @Context
    HttpServletResponse response;

    @Reference
    private ProfileService profileService;

    @Reference
    private PrivacyService privacyService;

    @Reference
    private EventService eventService;

    @Reference
    private RulesService rulesService;

    @Reference
    private PersonalizationService personalizationService;

    @Reference
    private ConfigSharingService configSharingService;

    @Reference
    private RestServiceUtils restServiceUtils;

    @Path("/context.js")
    @OPTIONS
    public Response contextJSAsOptions() {
        return Response.status(Response.Status.NO_CONTENT).header("Access-Control-Allow-Origin", "*").build();
    }

    @Path("/context.json")
    @OPTIONS
    public Response contextJSONAsOptions() {
        return contextJSAsOptions();
    }

    @POST
    @Produces({"text/plain"})
    @Path("/context.js")
    public Response contextJSAsPost(@Valid ContextRequest contextRequest, @QueryParam("personaId") @Pattern(regexp = "^(\\w|[-_@\\.]){0,60}$") String str, @QueryParam("sessionId") @Pattern(regexp = "^(\\w|[-_@\\.]){0,60}$") String str2, @QueryParam("timestamp") Long l, @QueryParam("invalidateProfile") boolean z, @QueryParam("invalidateSession") boolean z2) throws JsonProcessingException {
        return contextJSAsGet(contextRequest, str, str2, l, z, z2);
    }

    @GET
    @Produces({"text/plain"})
    @Path("/context.js")
    public Response contextJSAsGet(@QueryParam("payload") @Valid ContextRequest contextRequest, @QueryParam("personaId") @Pattern(regexp = "^(\\w|[-_@\\.]){0,60}$") String str, @QueryParam("sessionId") @Pattern(regexp = "^(\\w|[-_@\\.]){0,60}$") String str2, @QueryParam("timestamp") Long l, @QueryParam("invalidateProfile") boolean z, @QueryParam("invalidateSession") boolean z2) throws JsonProcessingException {
        String writeValueAsString = CustomObjectMapper.getObjectMapper().writeValueAsString(contextJSONAsPost(contextRequest, str, str2, l, z, z2));
        StringBuilder sb = new StringBuilder();
        sb.append("window.digitalData = window.digitalData || {};\n").append("var cxs = ").append(writeValueAsString).append(";\n");
        return Response.ok(sb.toString()).build();
    }

    @GET
    @Produces({"application/json;charset=UTF-8"})
    @Path("/context.json")
    public ContextResponse contextJSONAsGet(@QueryParam("payload") @Valid ContextRequest contextRequest, @QueryParam("personaId") @Pattern(regexp = "^(\\w|[-_@\\.]){0,60}$") String str, @QueryParam("sessionId") @Pattern(regexp = "^(\\w|[-_@\\.]){0,60}$") String str2, @QueryParam("timestamp") Long l, @QueryParam("invalidateProfile") boolean z, @QueryParam("invalidateSession") boolean z2) {
        return contextJSONAsPost(contextRequest, str, str2, l, z, z2);
    }

    @POST
    @Produces({"application/json;charset=UTF-8"})
    @Path("/context.json")
    public ContextResponse contextJSONAsPost(@Valid ContextRequest contextRequest, @QueryParam("personaId") @Pattern(regexp = "^(\\w|[-_@\\.]){0,60}$") String str, @QueryParam("sessionId") @Pattern(regexp = "^(\\w|[-_@\\.]){0,60}$") String str2, @QueryParam("timestamp") Long l, @QueryParam("invalidateProfile") boolean z, @QueryParam("invalidateSession") boolean z2) {
        Date date = new Date();
        if (l != null) {
            date = new Date(l.longValue());
        }
        Persona persona = null;
        Session session = null;
        String str3 = null;
        if (str != null) {
            PersonaWithSessions loadPersonaWithSessions = this.profileService.loadPersonaWithSessions(str);
            if (loadPersonaWithSessions == null) {
                logger.error("Couldn't find persona, please check your personaId parameter");
                persona = null;
            } else {
                persona = loadPersonaWithSessions.getPersona();
                session = loadPersonaWithSessions.getLastSession();
            }
        }
        String str4 = null;
        if (contextRequest != null) {
            if (contextRequest.getSource() != null) {
                str4 = contextRequest.getSource().getScope();
            }
            if (contextRequest.getSessionId() != null) {
                str2 = contextRequest.getSessionId();
            }
            str3 = contextRequest.getProfileId();
        }
        if (str3 == null) {
            str3 = this.restServiceUtils.getProfileIdCookieValue(this.request);
        }
        if (str3 == null && str2 == null && str == null) {
            logger.error("Couldn't find profileId, sessionId or personaId in incoming request! Stopped processing request. See debug level for more information");
            if (logger.isDebugEnabled()) {
                logger.debug("Request dump: {}", HttpUtils.dumpRequestInfo(this.request));
            }
            throw new BadRequestException("Couldn't find profileId, sessionId or personaId in incoming request!");
        }
        int i = 0;
        if (persona == null) {
            boolean z3 = false;
            if (str3 == null || z) {
                persona = createNewProfile(null, date);
                z3 = true;
            } else {
                Profile load = this.profileService.load(str3);
                if (load == null) {
                    persona = createNewProfile(str3, date);
                    z3 = true;
                } else {
                    Changes checkMergedProfile = checkMergedProfile(load, session);
                    i = 0 | checkMergedProfile.getChangeType();
                    persona = checkMergedProfile.getProfile();
                }
            }
            if (StringUtils.isNotBlank(str2) && !z2) {
                session = this.profileService.loadSession(str2, date);
                if (session != null) {
                    Profile profile = session.getProfile();
                    boolean isAnonymousProfile = profile.isAnonymousProfile();
                    if (!persona.isAnonymousProfile() && !isAnonymousProfile && !persona.getItemId().equals(profile.getItemId())) {
                        persona = this.profileService.load(profile.getItemId());
                    }
                    Boolean isRequireAnonymousBrowsing = this.privacyService.isRequireAnonymousBrowsing(persona);
                    if (!isRequireAnonymousBrowsing.booleanValue() || !isAnonymousProfile) {
                        if (isRequireAnonymousBrowsing.booleanValue() && !isAnonymousProfile) {
                            session.setProfile(this.privacyService.getAnonymousProfile(persona));
                            i |= 2;
                        } else if (!isRequireAnonymousBrowsing.booleanValue() && isAnonymousProfile) {
                            session.setProfile(persona);
                            i |= 2;
                        } else if (!isRequireAnonymousBrowsing.booleanValue() && !isAnonymousProfile) {
                            Persona persona2 = persona;
                            if (!session.getProfileId().equals(persona2.getItemId())) {
                                i |= 2;
                            }
                            session.setProfile(persona2);
                        }
                    }
                }
            }
            if (session == null || z2) {
                Persona anonymousProfile = this.privacyService.isRequireAnonymousBrowsing(persona).booleanValue() ? this.privacyService.getAnonymousProfile(persona) : persona;
                if (StringUtils.isNotBlank(str2)) {
                    session = new Session(str2, anonymousProfile, date, str4);
                    int i2 = i | 2;
                    Event event = new Event("sessionCreated", session, persona, str4, (Item) null, session, date);
                    if (anonymousProfile.isAnonymousProfile()) {
                        event.setProfileId((String) null);
                    }
                    event.getAttributes().put("http_request", this.request);
                    event.getAttributes().put("http_response", this.response);
                    if (logger.isDebugEnabled()) {
                        logger.debug("Received event {} for profile={} session={} target={} timestamp={}", new Object[]{event.getEventType(), persona.getItemId(), session.getItemId(), event.getTarget(), date});
                    }
                    i = i2 | this.eventService.send(event);
                }
            }
            if (z3) {
                int i3 = i | 4;
                Event event2 = new Event("profileUpdated", session, persona, str4, (Item) null, persona, date);
                event2.setPersistent(false);
                event2.getAttributes().put("http_request", this.request);
                event2.getAttributes().put("http_response", this.response);
                if (logger.isDebugEnabled()) {
                    Logger logger2 = logger;
                    Object[] objArr = new Object[5];
                    objArr[0] = event2.getEventType();
                    objArr[1] = persona.getItemId();
                    objArr[2] = " session=" + (session != null ? session.getItemId() : null);
                    objArr[3] = event2.getTarget();
                    objArr[4] = date;
                    logger2.debug("Received event {} for profile={} {} target={} timestamp={}", objArr);
                }
                i = i3 | this.eventService.send(event2);
            }
        }
        ContextResponse contextResponse = new ContextResponse();
        contextResponse.setProfileId(persona.getItemId());
        if (session != null) {
            contextResponse.setSessionId(session.getItemId());
        } else if (str2 != null) {
            contextResponse.setSessionId(str2);
        }
        if (contextRequest != null) {
            Changes handleRequest = handleRequest(contextRequest, session, persona, contextResponse, this.request, this.response, date);
            i |= handleRequest.getChangeType();
            persona = handleRequest.getProfile();
        }
        if ((i & 4) == 4) {
            this.profileService.save(persona);
            contextResponse.setProfileId(persona.getItemId());
        }
        if ((i & 2) == 2 && session != null) {
            this.profileService.saveSession(session);
            contextResponse.setSessionId(session.getItemId());
        }
        if ((i & 1) == 1) {
            this.response.setStatus(500);
        }
        if (!(persona instanceof Persona)) {
            this.response.setHeader("Set-Cookie", HttpUtils.getProfileCookieString(persona, this.configSharingService, this.request.isSecure()));
        }
        return contextResponse;
    }

    private Changes checkMergedProfile(Profile profile, Session session) {
        int i = 0;
        if (profile.getMergedWith() != null && !this.privacyService.isRequireAnonymousBrowsing(profile).booleanValue() && !profile.isAnonymousProfile()) {
            String mergedWith = profile.getMergedWith();
            Profile load = this.profileService.load(mergedWith);
            if (load != null) {
                logger.info("Current profile {} was merged with profile {}, replacing profile in session", profile.getItemId(), mergedWith);
                profile = load;
                if (session != null) {
                    session.setProfile(profile);
                    i = 2;
                }
            } else {
                logger.warn("Couldn't find merged profile {}, falling back to profile {}", mergedWith, profile.getItemId());
                profile.setMergedWith((String) null);
                i = 4;
            }
        }
        return new Changes(i, profile);
    }

    private Changes handleRequest(ContextRequest contextRequest, Session session, Profile profile, ContextResponse contextResponse, ServletRequest servletRequest, ServletResponse servletResponse, Date date) {
        processOverrides(contextRequest, profile, session);
        Changes handleEvents = this.restServiceUtils.handleEvents(contextRequest.getEvents(), session, profile, servletRequest, servletResponse, date);
        contextResponse.setProcessedEvents(handleEvents.getProcessedItems());
        List<PersonalizationService.PersonalizedContent> filters = contextRequest.getFilters();
        if (filters != null) {
            contextResponse.setFilteringResults(new HashMap());
            for (PersonalizationService.PersonalizedContent personalizedContent : sanitizePersonalizedContentObjects(filters)) {
                contextResponse.getFilteringResults().put(personalizedContent.getId(), Boolean.valueOf(this.personalizationService.filter(profile, session, personalizedContent)));
            }
        }
        List<PersonalizationService.PersonalizationRequest> personalizations = contextRequest.getPersonalizations();
        if (personalizations != null) {
            contextResponse.setPersonalizationResults(new HashMap());
            contextResponse.setPersonalizations(new HashMap());
            for (PersonalizationService.PersonalizationRequest personalizationRequest : sanitizePersonalizations(personalizations)) {
                PersonalizationResult personalizeList = this.personalizationService.personalizeList(profile, session, personalizationRequest);
                handleEvents.setChangeType(handleEvents.getChangeType() | personalizeList.getChangeType());
                contextResponse.getPersonalizationResults().put(personalizationRequest.getId(), personalizeList);
                contextResponse.getPersonalizations().put(personalizationRequest.getId(), personalizeList.getContentIds());
            }
        }
        Profile profile2 = handleEvents.getProfile();
        if (contextRequest.isRequireSegments()) {
            contextResponse.setProfileSegments(profile2.getSegments());
        }
        if (contextRequest.isRequireScores()) {
            contextResponse.setProfileScores(profile2.getScores());
        }
        if (contextRequest.getRequiredProfileProperties() != null) {
            HashMap hashMap = new HashMap(profile2.getProperties());
            if (!contextRequest.getRequiredProfileProperties().contains("*")) {
                hashMap.keySet().retainAll(contextRequest.getRequiredProfileProperties());
            }
            contextResponse.setProfileProperties(hashMap);
        }
        if (session != null) {
            contextResponse.setSessionId(session.getItemId());
            if (contextRequest.getRequiredSessionProperties() != null) {
                HashMap hashMap2 = new HashMap(session.getProperties());
                if (!contextRequest.getRequiredSessionProperties().contains("*")) {
                    hashMap2.keySet().retainAll(contextRequest.getRequiredSessionProperties());
                }
                contextResponse.setSessionProperties(hashMap2);
            }
        }
        if (profile2 instanceof Persona) {
            contextResponse.setTrackedConditions(Collections.emptySet());
        } else {
            contextResponse.setTrackedConditions(this.rulesService.getTrackedConditions(contextRequest.getSource()));
        }
        contextResponse.setAnonymousBrowsing(this.privacyService.isRequireAnonymousBrowsing(profile2).booleanValue());
        contextResponse.setConsents(profile2.getConsents());
        return handleEvents;
    }

    private void processOverrides(ContextRequest contextRequest, Profile profile, Session session) {
        if (!(profile instanceof Persona) || contextRequest.getProfileOverrides() == null) {
            return;
        }
        if (contextRequest.getProfileOverrides().getScores() != null) {
            profile.setScores(contextRequest.getProfileOverrides().getScores());
        }
        if (contextRequest.getProfileOverrides().getSegments() != null) {
            profile.setSegments(contextRequest.getProfileOverrides().getSegments());
        }
        if (contextRequest.getProfileOverrides().getProperties() != null) {
            profile.setProperties(contextRequest.getProfileOverrides().getProperties());
        }
        if (contextRequest.getSessionPropertiesOverrides() == null || session == null) {
            return;
        }
        session.setProperties(contextRequest.getSessionPropertiesOverrides());
    }

    private Profile createNewProfile(String str, Date date) {
        String str2 = str;
        if (str2 == null) {
            str2 = UUID.randomUUID().toString();
        }
        Profile profile = new Profile(str2);
        profile.setProperty("firstVisit", date);
        return profile;
    }

    public void destroy() {
        logger.info("Context servlet shutdown.");
    }

    private List<PersonalizationService.PersonalizedContent> sanitizePersonalizedContentObjects(List<PersonalizationService.PersonalizedContent> list) {
        if (!this.sanitizeConditions) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        for (PersonalizationService.PersonalizedContent personalizedContent : list) {
            boolean z = false;
            if (personalizedContent.getFilters() != null) {
                Iterator it = personalizedContent.getFilters().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (sanitizeCondition(((PersonalizationService.Filter) it.next()).getCondition()) == null) {
                        z = true;
                        break;
                    }
                }
            }
            if (!z) {
                arrayList.add(personalizedContent);
            }
        }
        return arrayList;
    }

    private List<PersonalizationService.PersonalizationRequest> sanitizePersonalizations(List<PersonalizationService.PersonalizationRequest> list) {
        if (!this.sanitizeConditions) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        for (PersonalizationService.PersonalizationRequest personalizationRequest : list) {
            List<PersonalizationService.PersonalizedContent> sanitizePersonalizedContentObjects = sanitizePersonalizedContentObjects(personalizationRequest.getContents());
            if (sanitizePersonalizedContentObjects != null && !sanitizePersonalizedContentObjects.isEmpty()) {
                arrayList.add(personalizationRequest);
            }
        }
        return arrayList;
    }

    private Condition sanitizeCondition(Condition condition) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Map.Entry entry : condition.getParameterValues().entrySet()) {
            if (sanitizeValue(entry.getValue()) == null) {
                return null;
            }
            linkedHashMap.put(entry.getKey(), entry.getValue());
        }
        return condition;
    }

    private Object sanitizeValue(Object obj) {
        if (obj instanceof String) {
            String str = (String) obj;
            if (!str.startsWith("script::") && !str.startsWith("parameter::")) {
                return str;
            }
            logger.warn("Scripting detected in context request, filtering out. See debug level for more information");
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Scripting detected in context request with value {}, filtering out...", obj);
            return null;
        }
        if (!(obj instanceof List)) {
            if (!(obj instanceof Map)) {
                return obj instanceof Condition ? sanitizeCondition((Condition) obj) : obj;
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            ((Map) obj).forEach((obj2, obj3) -> {
                Object sanitizeValue = sanitizeValue(obj3);
                if (sanitizeValue != null) {
                    linkedHashMap.put(obj2, sanitizeValue);
                }
            });
            return linkedHashMap;
        }
        List list = (List) obj;
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            Object sanitizeValue = sanitizeValue(it.next());
            if (sanitizeValue != null) {
                arrayList.add(sanitizeValue);
            }
        }
        return list;
    }
}
