package com.fullfacing.keycloak4s.auth.akka.http.directives.magnets;

import akka.http.scaladsl.model.HttpMethod;
import akka.http.scaladsl.model.Uri;
import akka.http.scaladsl.server.Directive;
import akka.http.scaladsl.server.Directive$;
import akka.http.scaladsl.server.Directive$SingleValueTransformers$;
import akka.http.scaladsl.server.Directives$;
import akka.http.scaladsl.server.StandardRoute;
import akka.http.scaladsl.server.StandardRoute$;
import akka.http.scaladsl.server.util.Tuple$;
import com.fullfacing.keycloak4s.auth.akka.http.directives.AuthDirectives;
import com.fullfacing.keycloak4s.auth.akka.http.directives.ValidationDirectives;
import com.fullfacing.keycloak4s.auth.core.Logging$;
import com.fullfacing.keycloak4s.auth.core.authorization.PathAuthorization;
import com.fullfacing.keycloak4s.auth.core.models.AuthPayload;
import com.fullfacing.keycloak4s.auth.core.models.AuthRoles;
import com.fullfacing.keycloak4s.auth.core.validation.TokenValidator;
import com.fullfacing.keycloak4s.core.models.enums.PathMatchingMode;
import java.util.UUID;
import scala.Function0;
import scala.Function1;
import scala.MatchError;
import scala.Tuple1;
import scala.Tuple2;
import scala.Tuple3;
import scala.collection.immutable.List;

/* compiled from: SecurityMagnet.scala */
/* loaded from: input_file:com/fullfacing/keycloak4s/auth/akka/http/directives/magnets/SecurityMagnet$.class */
public final class SecurityMagnet$ implements AuthDirectives, ValidationDirectives {
    public static SecurityMagnet$ MODULE$;

    static {
        new SecurityMagnet$();
    }

    @Override // com.fullfacing.keycloak4s.auth.akka.http.directives.ValidationDirectives
    public Directive<Tuple2<UUID, AuthPayload>> validateToken(Function0<UUID> function0, TokenValidator tokenValidator) {
        return ValidationDirectives.validateToken$(this, function0, tokenValidator);
    }

    @Override // com.fullfacing.keycloak4s.auth.akka.http.directives.AuthDirectives
    public <A> Directive<A> checkPermissions(String str, AuthPayload authPayload, Function1<AuthRoles, Directive<A>> function1, UUID uuid) {
        return checkPermissions(str, authPayload, function1, uuid);
    }

    @Override // com.fullfacing.keycloak4s.auth.akka.http.directives.AuthDirectives
    public Directive<Tuple1<Tuple3<Uri.Path, HttpMethod, List<String>>>> authorizeResourceServerAccess(AuthPayload authPayload, String str, PathMatchingMode pathMatchingMode, UUID uuid) {
        return authorizeResourceServerAccess(authPayload, str, pathMatchingMode, uuid);
    }

    @Override // com.fullfacing.keycloak4s.auth.akka.http.directives.AuthDirectives
    public StandardRoute authorizationFailed() {
        return authorizationFailed();
    }

    public SecurityMagnet run(Tuple2<PathAuthorization, UUID> tuple2, TokenValidator tokenValidator) {
        return () -> {
            if (tuple2 == null) {
                throw new MatchError(tuple2);
            }
            Tuple2 tuple22 = new Tuple2((PathAuthorization) tuple2._1(), (UUID) tuple2._2());
            PathAuthorization pathAuthorization = (PathAuthorization) tuple22._1();
            UUID uuid = (UUID) tuple22._2();
            return MODULE$.authorize(pathAuthorization, () -> {
                return uuid;
            }, tokenValidator);
        };
    }

    public SecurityMagnet run(PathAuthorization pathAuthorization, TokenValidator tokenValidator) {
        return () -> {
            return MODULE$.authorize(pathAuthorization, () -> {
                return UUID.randomUUID();
            }, tokenValidator);
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Directive<Tuple1<AuthPayload>> authorize(PathAuthorization pathAuthorization, Function0<UUID> function0, TokenValidator tokenValidator) {
        return validateToken(function0, tokenValidator).tflatMap(tuple2 -> {
            if (tuple2 == null) {
                throw new MatchError(tuple2);
            }
            UUID uuid = (UUID) tuple2._1();
            AuthPayload authPayload = (AuthPayload) tuple2._2();
            return pathAuthorization.policyDisabled() ? Directives$.MODULE$.provide(authPayload) : Directive$SingleValueTransformers$.MODULE$.flatMap$extension(Directive$.MODULE$.SingleValueTransformers(MODULE$.authorizeResourceServerAccess(authPayload, pathAuthorization.service(), pathAuthorization.pathMatchingMode(), uuid)), tuple3 -> {
                if (tuple3 == null) {
                    throw new MatchError(tuple3);
                }
                Uri.Path path = (Uri.Path) tuple3._1();
                HttpMethod httpMethod = (HttpMethod) tuple3._2();
                if (!pathAuthorization.authorizeRequest(new PathAuthorization.AuthRequest(path.toString(), httpMethod.value(), (List) tuple3._3()), uuid)) {
                    return StandardRoute$.MODULE$.toDirective(MODULE$.authorizationFailed(), Tuple$.MODULE$.forTuple1());
                }
                Logging$.MODULE$.requestAuthorized(() -> {
                    return uuid;
                });
                return Directives$.MODULE$.provide(authPayload);
            }, Tuple$.MODULE$.forTuple1());
        }, Tuple$.MODULE$.forTuple1());
    }

    private SecurityMagnet$() {
        MODULE$ = this;
        AuthDirectives.$init$(this);
        ValidationDirectives.$init$(this);
    }
}
