package com.fullfacing.keycloak4s.auth.akka.http.directives;

import akka.http.scaladsl.marshalling.Marshaller$;
import akka.http.scaladsl.marshalling.ToResponseMarshallable$;
import akka.http.scaladsl.model.ContentTypes$;
import akka.http.scaladsl.model.HttpEntity;
import akka.http.scaladsl.model.HttpEntity$;
import akka.http.scaladsl.model.HttpMethod;
import akka.http.scaladsl.model.HttpResponse$;
import akka.http.scaladsl.model.StatusCode;
import akka.http.scaladsl.model.StatusCode$;
import akka.http.scaladsl.model.Uri;
import akka.http.scaladsl.server.Directive;
import akka.http.scaladsl.server.Directive$;
import akka.http.scaladsl.server.Directive$SingleValueTransformers$;
import akka.http.scaladsl.server.Directives$;
import akka.http.scaladsl.server.StandardRoute;
import akka.http.scaladsl.server.StandardRoute$;
import akka.http.scaladsl.server.util.Tuple$;
import com.fullfacing.keycloak4s.auth.core.Logging$;
import com.fullfacing.keycloak4s.auth.core.PayloadImplicits$;
import com.fullfacing.keycloak4s.auth.core.models.AuthPayload;
import com.fullfacing.keycloak4s.auth.core.models.AuthRoles;
import com.fullfacing.keycloak4s.core.Exceptions$;
import com.fullfacing.keycloak4s.core.models.enums.PathMatchingMode;
import com.fullfacing.keycloak4s.core.models.enums.PathMatchingModes$Full$;
import java.util.UUID;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Some;
import scala.Tuple1;
import scala.Tuple2;
import scala.Tuple3;
import scala.collection.immutable.List;
import scala.runtime.BoxesRunTime;

/* compiled from: AuthDirectives.scala */
/* loaded from: input_file:com/fullfacing/keycloak4s/auth/akka/http/directives/AuthDirectives$.class */
public final class AuthDirectives$ {
    public static AuthDirectives$ MODULE$;

    static {
        new AuthDirectives$();
    }

    public <A> Directive<A> checkPermissions(String str, AuthPayload authPayload, Function1<AuthRoles, Directive<A>> function1, UUID uuid) {
        Directive<A> routeToDirective;
        Tuple2 tuple2;
        Some find = PayloadImplicits$.MODULE$.PayloadImpl(authPayload.accessToken()).extractResourceAccess().find(tuple22 -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkPermissions$1(str, tuple22));
        });
        if ((find instanceof Some) && (tuple2 = (Tuple2) find.value()) != null) {
            routeToDirective = (Directive) function1.apply((AuthRoles) tuple2._2());
        } else {
            if (!None$.MODULE$.equals(find)) {
                throw new MatchError(find);
            }
            Logging$.MODULE$.authorizationDenied(uuid, str);
            routeToDirective = routeToDirective(authorizationFailed());
        }
        return routeToDirective;
    }

    public Directive<Tuple1<Tuple3<Uri.Path, HttpMethod, List<String>>>> authorizeResourceServerAccess(AuthPayload authPayload, String str, PathMatchingMode pathMatchingMode, UUID uuid) {
        return Directive$SingleValueTransformers$.MODULE$.flatMap$extension(Directive$.MODULE$.SingleValueTransformers(Directives$.MODULE$.extractMethod()), httpMethod -> {
            return Directive$SingleValueTransformers$.MODULE$.flatMap$extension(Directive$.MODULE$.SingleValueTransformers(Directives$.MODULE$.extractMatchedPath()), path -> {
                return Directive$SingleValueTransformers$.MODULE$.flatMap$extension(Directive$.MODULE$.SingleValueTransformers(Directives$.MODULE$.extractUnmatchedPath()), path -> {
                    PathMatchingModes$Full$ pathMatchingModes$Full$ = PathMatchingModes$Full$.MODULE$;
                    Uri.Path $plus$plus = (pathMatchingMode != null ? !pathMatchingMode.equals(pathMatchingModes$Full$) : pathMatchingModes$Full$ != null) ? path : path.$plus$plus(path);
                    Logging$.MODULE$.requestAuthorizing(() -> {
                        return uuid;
                    }, () -> {
                        return $plus$plus.toString();
                    }, () -> {
                        return httpMethod.value();
                    });
                    return MODULE$.checkPermissions(str, authPayload, authRoles -> {
                        return Directives$.MODULE$.provide(new Tuple3($plus$plus, httpMethod, authRoles.roles()));
                    }, uuid);
                }, Tuple$.MODULE$.forTuple1());
            }, Tuple$.MODULE$.forTuple1());
        }, Tuple$.MODULE$.forTuple1());
    }

    public StandardRoute authorizationFailed() {
        return Directives$.MODULE$.complete(() -> {
            ToResponseMarshallable$ toResponseMarshallable$ = ToResponseMarshallable$.MODULE$;
            StatusCode int2StatusCode = StatusCode$.MODULE$.int2StatusCode(Exceptions$.MODULE$.UNAUTHORIZED().code());
            HttpEntity.Strict apply = HttpEntity$.MODULE$.apply(ContentTypes$.MODULE$.text$divplain$u0028UTF$minus8$u0029(), Exceptions$.MODULE$.UNAUTHORIZED().getMessage());
            return toResponseMarshallable$.apply(HttpResponse$.MODULE$.apply(int2StatusCode, HttpResponse$.MODULE$.apply$default$2(), apply, HttpResponse$.MODULE$.apply$default$4()), Marshaller$.MODULE$.fromResponse());
        });
    }

    private <A> Directive<A> routeToDirective(StandardRoute standardRoute) {
        return StandardRoute$.MODULE$.toDirective(standardRoute, Tuple$.MODULE$.yes());
    }

    public static final /* synthetic */ boolean $anonfun$checkPermissions$1(String str, Tuple2 tuple2) {
        if (tuple2 != null) {
            return ((String) tuple2._1()).equalsIgnoreCase(str);
        }
        throw new MatchError(tuple2);
    }

    private AuthDirectives$() {
        MODULE$ = this;
    }
}
