package br.pucrio.tecgraf.soma.logservice.filter;

import br.pucrio.tecgraf.soma.logservice.service.ProjectPermissionsService;
import br.pucrio.tecgraf.soma.logservice.utils.ResponseBuilder;
import java.util.Base64;
import java.util.List;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.rest.client.inject.RestClient;
import org.jboss.logging.Logger;

@Priority(2000)
@Provider
/* loaded from: input_file:br/pucrio/tecgraf/soma/logservice/filter/AuthFilter.class */
public class AuthFilter implements ContainerRequestFilter {
    private static final Logger LOG = Logger.getLogger(AuthFilter.class);

    @Context
    UriInfo info;

    @Inject
    @RestClient
    ProjectPermissionsService projectPermissionsService;

    @ConfigProperty(name = "application.project.permission.check.enable")
    public boolean projectPermissionCheckEnabled;

    public void filter(ContainerRequestContext containerRequestContext) {
        String authToken = getAuthToken(containerRequestContext);
        if (StringUtils.isEmpty(authToken)) {
            LOG.infof("Invalid or missing token", new Object[0]);
            containerRequestContext.abortWith(ResponseBuilder.buildBadRequestResponse(6));
            return;
        }
        addAuthTokenToHeader(containerRequestContext, authToken);
        List list = (List) this.info.getQueryParameters().get("projectId");
        if (CollectionUtils.isEmpty(list)) {
            LOG.infof("Mandatory projectId query parameter is missing", new Object[0]);
            containerRequestContext.abortWith(ResponseBuilder.buildBadRequestResponse(4));
            return;
        }
        String str = (String) list.get(0);
        if (StringUtils.isEmpty(str)) {
            LOG.infof("Mandatory projectId query parameter is missing", new Object[0]);
            containerRequestContext.abortWith(ResponseBuilder.buildBadRequestResponse(4));
            return;
        }
        try {
            String str2 = new String(Base64.getUrlDecoder().decode(str));
            if (checkProjectPermission(str2).booleanValue()) {
                return;
            }
            LOG.warnf("User not allowed to project %s", str2);
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        } catch (IllegalArgumentException e) {
            LOG.infof("Mandatory projectId query parameter is not in base64", new Object[0]);
            containerRequestContext.abortWith(ResponseBuilder.buildBadRequestResponse(4));
        }
    }

    private Boolean checkProjectPermission(String str) {
        if (this.projectPermissionCheckEnabled) {
            LOG.infof("Checking user permission to project %s", str);
            return Boolean.valueOf(this.projectPermissionsService.getProjectPermissions().contains(str));
        }
        LOG.infof("Skipping user permission check to project %s", str);
        return true;
    }

    private String getAuthToken(ContainerRequestContext containerRequestContext) {
        List list = (List) this.info.getQueryParameters().get("token");
        return CollectionUtils.isEmpty(list) ? containerRequestContext.getHeaderString("Authorization") : (String) list.get(0);
    }

    private void addAuthTokenToHeader(ContainerRequestContext containerRequestContext, String str) {
        if (containerRequestContext.getHeaders().containsKey("Authorization")) {
            return;
        }
        containerRequestContext.getHeaders().add("Authorization", "Bearer " + str);
    }
}
