package com.spotify.styx.api;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.common.base.CharMatcher;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableSet;
import com.spotify.apollo.Request;
import com.spotify.apollo.RequestContext;
import com.spotify.apollo.Response;
import com.spotify.apollo.Status;
import com.spotify.apollo.route.AsyncHandler;
import com.spotify.apollo.route.Middleware;
import com.spotify.apollo.route.SyncHandler;
import com.spotify.styx.serialization.Json;
import com.spotify.styx.util.MDCUtil;
import io.opencensus.trace.AttributeValue;
import io.opencensus.trace.Span;
import io.opencensus.trace.Tracer;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import okio.ByteString;
import org.apache.hadoop.hbase.shaded.org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;

/* loaded from: input_file:com/spotify/styx/api/Middlewares.class */
public final class Middlewares {
    public static final String BEARER_PREFIX = "Bearer ";
    private static final String REQUEST_ID = "request-id";
    private static final String X_REQUEST_ID = "X-Request-Id";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) Middlewares.class);
    private static final Set<String> BLACKLISTED_HEADERS = ImmutableSet.of("Authorization");

    private Middlewares() {
        throw new UnsupportedOperationException();
    }

    public static Middleware<SyncHandler<? extends Response<?>>, AsyncHandler<Response<ByteString>>> json() {
        return syncHandler -> {
            return jsonAsync().apply(Middleware.syncToAsync(syncHandler));
        };
    }

    public static Middleware<AsyncHandler<? extends Response<?>>, AsyncHandler<Response<ByteString>>> jsonAsync() {
        return asyncHandler -> {
            return asyncHandler.map(response -> {
                if (!response.payload().isPresent()) {
                    return response;
                }
                try {
                    return response.withPayload(ByteString.of(Json.OBJECT_MAPPER.writeValueAsBytes(response.payload().get()))).withHeader("Content-Type", "application/json");
                } catch (JsonProcessingException e) {
                    return Response.forStatus(Status.INTERNAL_SERVER_ERROR.withReasonPhrase("Failed to serialize response " + e.getMessage()));
                }
            });
        };
    }

    public static <T> Middleware<AsyncHandler<Response<T>>, AsyncHandler<Response<T>>> clientValidator(Supplier<List<String>> supplier) {
        return asyncHandler -> {
            return requestContext -> {
                return ((Boolean) requestContext.request().header("User-Agent").map(str -> {
                    return Boolean.valueOf(((List) supplier.get()).contains(str));
                }).orElse(false)).booleanValue() ? CompletableFuture.completedFuture(Response.forStatus(Status.NOT_ACCEPTABLE.withReasonPhrase("blacklisted client version, please upgrade"))) : asyncHandler.invoke(requestContext);
            };
        };
    }

    public static <T> Middleware<AsyncHandler<Response<T>>, AsyncHandler<Response<T>>> exceptionAndRequestIdHandler() {
        return asyncHandler -> {
            return requestContext -> {
                String str = requestContext.request().headers().get(X_REQUEST_ID);
                String replace = str != null ? str : UUID.randomUUID().toString().replace("-", "");
                try {
                    MDC.MDCCloseable safePutCloseable = MDCUtil.safePutCloseable(REQUEST_ID, replace);
                    Throwable th = null;
                    try {
                        try {
                            CompletionStage handle = asyncHandler.invoke(requestContext).handle((response, th2) -> {
                                return (th2 != null ? th2 instanceof ResponseException ? ((ResponseException) th2).getResponse() : Response.forStatus(Status.INTERNAL_SERVER_ERROR.withReasonPhrase(internalServerErrorReason(replace, th2))) : response).withHeader(X_REQUEST_ID, replace);
                            });
                            if (safePutCloseable != null) {
                                if (0 != 0) {
                                    try {
                                        safePutCloseable.close();
                                    } catch (Throwable th3) {
                                        th.addSuppressed(th3);
                                    }
                                } else {
                                    safePutCloseable.close();
                                }
                            }
                            return handle;
                        } finally {
                        }
                    } catch (Throwable th4) {
                        if (safePutCloseable != null) {
                            if (th != null) {
                                try {
                                    safePutCloseable.close();
                                } catch (Throwable th5) {
                                    th.addSuppressed(th5);
                                }
                            } else {
                                safePutCloseable.close();
                            }
                        }
                        throw th4;
                    }
                } catch (ResponseException e) {
                    return CompletableFuture.completedFuture(e.getResponse().withHeader(X_REQUEST_ID, replace));
                } catch (Exception e2) {
                    return CompletableFuture.completedFuture(Response.forStatus(Status.INTERNAL_SERVER_ERROR.withReasonPhrase(internalServerErrorReason(replace, e2))).withHeader(X_REQUEST_ID, replace));
                }
            };
        };
    }

    private static String internalServerErrorReason(String str, Throwable th) {
        StringBuilder append = new StringBuilder(Status.INTERNAL_SERVER_ERROR.reasonPhrase()).append(" (").append("Request ID: ").append(str).append(")").append(": ").append(th.getClass().getSimpleName()).append(": ").append(th.getMessage());
        Throwable rootCause = Throwables.getRootCause(th);
        if (!th.equals(rootCause)) {
            append.append(": ").append(rootCause.getClass().getSimpleName()).append(": ").append(rootCause.getMessage());
        }
        return CharMatcher.anyOf("\n\r").replaceFrom((CharSequence) append.toString(), ' ');
    }

    public static <T> Middleware<AsyncHandler<Response<T>>, AsyncHandler<Response<T>>> httpLogger(Authenticator authenticator) {
        return httpLogger(LOG, authenticator);
    }

    public static <T> Middleware<AsyncHandler<Response<T>>, AsyncHandler<Response<T>>> httpLogger(Logger logger, Authenticator authenticator) {
        return asyncHandler -> {
            return requestContext -> {
                Request request = requestContext.request();
                Object[] objArr = new Object[7];
                objArr[0] = "GET".equals(request.method()) ? "" : "[AUDIT] ";
                objArr[1] = request.method();
                objArr[2] = request.uri();
                objArr[3] = auth(requestContext, authenticator).map(googleIdToken -> {
                    return googleIdToken.getPayload().getEmail();
                }).orElse("anonymous");
                objArr[4] = hideSensitiveHeaders(request.headers());
                objArr[5] = request.parameters();
                objArr[6] = ((String) request.payload().map((v0) -> {
                    return v0.utf8();
                }).orElse("")).replaceAll(IOUtils.LINE_SEPARATOR_UNIX, " ");
                logger.info("{}{} {} by {} with headers {} parameters {} and payload {}", objArr);
                return asyncHandler.invoke(requestContext);
            };
        };
    }

    public static <T> Middleware<AsyncHandler<Response<T>>, AsyncHandler<Response<T>>> tracer(Tracer tracer, String str) {
        return asyncHandler -> {
            return requestContext -> {
                Request request = requestContext.request();
                Span startSpan = tracer.spanBuilder(str + '/' + URI.create(request.uri()).getPath()).startSpan();
                startSpan.putAttribute("method", AttributeValue.stringAttributeValue(request.method()));
                startSpan.putAttribute("uri", AttributeValue.stringAttributeValue(request.uri()));
                try {
                    CompletionStage invoke = asyncHandler.invoke(requestContext);
                    invoke.whenComplete((response, th) -> {
                        if (th != null) {
                            startSpan.setStatus(io.opencensus.trace.Status.UNKNOWN);
                        }
                        startSpan.end();
                    });
                    return invoke;
                } catch (Exception e) {
                    startSpan.setStatus(io.opencensus.trace.Status.UNKNOWN);
                    startSpan.end();
                    Throwables.throwIfUnchecked(e);
                    throw new RuntimeException(e);
                }
            };
        };
    }

    private static Optional<GoogleIdToken> auth(RequestContext requestContext, Authenticator authenticator) {
        Request request = requestContext.request();
        if (!request.header("Authorization").isPresent()) {
            return Optional.empty();
        }
        String str = request.header("Authorization").get();
        if (!str.startsWith(BEARER_PREFIX)) {
            throw new ResponseException(Response.forStatus(Status.BAD_REQUEST.withReasonPhrase("Authorization token must be of type Bearer")));
        }
        try {
            GoogleIdToken authenticate = authenticator.authenticate(str.substring(BEARER_PREFIX.length()));
            if (authenticate == null) {
                throw new ResponseException(Response.forStatus(Status.UNAUTHORIZED.withReasonPhrase("Authorization token is invalid")));
            }
            return Optional.of(authenticate);
        } catch (IllegalArgumentException e) {
            throw new ResponseException(Response.forStatus(Status.BAD_REQUEST.withReasonPhrase("Failed to parse Authorization token")), e);
        }
    }

    private static Map<String, String> hideSensitiveHeaders(Map<String, String> map) {
        return (Map) map.entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return BLACKLISTED_HEADERS.contains(entry.getKey()) ? "<hidden>" : (String) entry.getValue();
        }));
    }

    public static <T> Middleware<AsyncHandler<Response<T>>, AsyncHandler<Response<T>>> authenticator(Authenticator authenticator) {
        return asyncHandler -> {
            return requestContext -> {
                return ("GET".equals(requestContext.request().method()) || auth(requestContext, authenticator).isPresent()) ? asyncHandler.invoke(requestContext) : CompletableFuture.completedFuture(Response.forStatus(Status.UNAUTHORIZED.withReasonPhrase("Unauthorized access")));
            };
        };
    }
}
