package otoroshi.controllers;

import akka.http.scaladsl.util.FastFuture$;
import akka.util.ByteString$;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Base64;
import java.util.concurrent.TimeUnit;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import otoroshi.actions.BackOfficeAction;
import otoroshi.actions.BackOfficeActionAuth;
import otoroshi.actions.BackOfficeActionContext;
import otoroshi.actions.BackOfficeActionContextAuth;
import otoroshi.actions.PrivateAppsAction;
import otoroshi.actions.PrivateAppsActionContext;
import otoroshi.auth.AuthModuleConfig;
import otoroshi.auth.BasicAuthModule;
import otoroshi.auth.BasicAuthModuleConfig;
import otoroshi.auth.GenericOauth2ModuleConfig;
import otoroshi.auth.Oauth1ModuleConfig;
import otoroshi.auth.SamlAuthModuleConfig;
import otoroshi.env.Env;
import otoroshi.events.AdminFirstLogin;
import otoroshi.events.AdminFirstLogin$;
import otoroshi.events.AdminLoggedInAlert;
import otoroshi.events.AdminLoggedInAlert$;
import otoroshi.events.AdminLoggedOutAlert;
import otoroshi.events.AdminLoggedOutAlert$;
import otoroshi.events.Alerts$;
import otoroshi.events.UserLoggedInAlert;
import otoroshi.events.UserLoggedInAlert$;
import otoroshi.gateway.Errors$;
import otoroshi.models.BackOfficeUser;
import otoroshi.models.CorsSettings;
import otoroshi.models.CorsSettings$;
import otoroshi.models.PrivateAppsUser;
import otoroshi.models.ServiceDescriptor;
import otoroshi.security.IdGenerator$;
import otoroshi.utils.TypedMap;
import otoroshi.utils.TypedMap$;
import otoroshi.utils.http.RequestImplicits$;
import otoroshi.utils.http.RequestImplicits$EnhancedRequestHeader$;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterJsValue$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import otoroshi.views.html.backoffice.unauthorized$;
import otoroshi.views.html.oto.error$;
import play.api.Logger;
import play.api.Logger$;
import play.api.MarkerContext$;
import play.api.http.ContentTypeOf$;
import play.api.http.Writeable$;
import play.api.libs.json.JsLookup$;
import play.api.libs.json.JsValue;
import play.api.libs.json.JsValue$;
import play.api.libs.json.Json$;
import play.api.libs.json.Reads$;
import play.api.libs.json.Writes$;
import play.api.mvc.AbstractController;
import play.api.mvc.Action;
import play.api.mvc.AnyContent;
import play.api.mvc.Codec$;
import play.api.mvc.ControllerComponents;
import play.api.mvc.Cookie;
import play.api.mvc.Request;
import play.api.mvc.RequestHeader;
import play.api.mvc.Result;
import play.api.mvc.Results;
import play.api.mvc.Results$;
import scala.Array$;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.Tuple3;
import scala.collection.IterableLike;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.duration.Duration$;
import scala.reflect.ClassTag$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Left;
import scala.util.Right;
import scala.util.Try$;

/* compiled from: Auth0Controller.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005]e\u0001B\f\u0019\u0001uA\u0001\u0002\u000b\u0001\u0003\u0002\u0003\u0006I!\u000b\u0005\t_\u0001\u0011\t\u0011)A\u0005a!A1\u0007\u0001B\u0001B\u0003%A\u0007C\u00058\u0001\t\u0005\t\u0015!\u00039w!AQ\b\u0001B\u0001B\u0003-a\bC\u0003D\u0001\u0011\u0005A\t\u0003\u0005N\u0001!\u0015\r\u0011b\u0001O\u0011!9\u0006\u0001#b\u0001\n\u0003A\u0006\"B/\u0001\t\u0003q\u0006\"\u00027\u0001\t\u0003i\u0007bBA\u0011\u0001\u0011\u0005\u00111\u0005\u0005\b\u0003w\u0001A\u0011AA\u001f\u0011\u001d\tI\u0005\u0001C\u0001\u0003\u0017Bq!!\u0017\u0001\t\u0003\tY\u0005C\u0004\u0002\\\u0001!\t!a\u0013\t\u000f\u0005u\u0003\u0001\"\u0001\u0002L!9\u0011q\f\u0001\u0005\u0002\u0005\u0005\u0004bBA9\u0001\u0011\u0005\u00111\n\u0005\b\u0003g\u0002A\u0011AA&\u0011\u001d\t)\b\u0001C\u0001\u0003oB\u0011\"! \u0001#\u0003%\t!a \t\u0013\u0005U\u0005!%A\u0005\u0002\u0005}$AD!vi\"\u001cuN\u001c;s_2dWM\u001d\u0006\u00033i\t1bY8oiJ|G\u000e\\3sg*\t1$\u0001\u0005pi>\u0014xn\u001d5j\u0007\u0001\u0019\"\u0001\u0001\u0010\u0011\u0005}1S\"\u0001\u0011\u000b\u0005\u0005\u0012\u0013aA7wG*\u00111\u0005J\u0001\u0004CBL'\"A\u0013\u0002\tAd\u0017-_\u0005\u0003O\u0001\u0012!#\u00112tiJ\f7\r^\"p]R\u0014x\u000e\u001c7fe\u0006!\")Y2l\u001f\u001a4\u0017nY3BGRLwN\\!vi\"\u0004\"AK\u0017\u000e\u0003-R!\u0001\f\u000e\u0002\u000f\u0005\u001cG/[8og&\u0011af\u000b\u0002\u0015\u0005\u0006\u001c7n\u00144gS\u000e,\u0017i\u0019;j_:\fU\u000f\u001e5\u0002#A\u0013\u0018N^1uK\u0006\u0003\bo]!di&|g\u000e\u0005\u0002+c%\u0011!g\u000b\u0002\u0012!JLg/\u0019;f\u0003B\u00048/Q2uS>t\u0017\u0001\u0005\"bG.|eMZ5dK\u0006\u001bG/[8o!\tQS'\u0003\u00027W\t\u0001\")Y2l\u001f\u001a4\u0017nY3BGRLwN\\\u0001\u0003G\u000e\u0004\"aH\u001d\n\u0005i\u0002#\u0001F\"p]R\u0014x\u000e\u001c7fe\u000e{W\u000e]8oK:$8/\u0003\u0002=M\u0005!2m\u001c8ue>dG.\u001a:D_6\u0004xN\\3oiN\f1!\u001a8w!\ty\u0014)D\u0001A\u0015\ti$$\u0003\u0002C\u0001\n\u0019QI\u001c<\u0002\rqJg.\u001b;?)\u0015)\u0015JS&M)\t1\u0005\n\u0005\u0002H\u00015\t\u0001\u0004C\u0003>\r\u0001\u000fa\bC\u0003)\r\u0001\u0007\u0011\u0006C\u00030\r\u0001\u0007\u0001\u0007C\u00034\r\u0001\u0007A\u0007C\u00038\r\u0001\u0007\u0001(\u0001\u0002fGV\tq\n\u0005\u0002Q+6\t\u0011K\u0003\u0002S'\u0006Q1m\u001c8dkJ\u0014XM\u001c;\u000b\u0003Q\u000bQa]2bY\u0006L!AV)\u0003!\u0015CXmY;uS>t7i\u001c8uKb$\u0018A\u00027pO\u001e,'/F\u0001Z!\tQ6,D\u0001#\u0013\ta&E\u0001\u0004M_\u001e<WM]\u0001\rI\u0016\u001c'/\u001f9u'R\fG/\u001a\u000b\u0003?\u001e\u0004\"\u0001Y3\u000e\u0003\u0005T!AY2\u0002\t)\u001cxN\u001c\u0006\u0003I\n\nA\u0001\\5cg&\u0011a-\u0019\u0002\b\u0015N4\u0016\r\\;f\u0011\u0015A\u0017\u00021\u0001j\u0003\r\u0011X-\u001d\t\u0003?)L!a\u001b\u0011\u0003\u001bI+\u0017/^3ti\"+\u0017\rZ3s\u0003)1XM]5gs\"\u000b7\u000f\u001b\u000b\b]\u0006\r\u0011QDA\u0010)\tyW\u000fE\u0002QaJL!!])\u0003\r\u0019+H/\u001e:f!\ty2/\u0003\u0002uA\t1!+Z:vYRDQA\u001e\u0006A\u0002]\f\u0011A\u001a\t\u0005qf\\x.D\u0001T\u0013\tQ8KA\u0005Gk:\u001cG/[8ocA\u0011Ap`\u0007\u0002{*\u0011aPG\u0001\u0005CV$\b.C\u0002\u0002\u0002u\u0014\u0001#Q;uQ6{G-\u001e7f\u0007>tg-[4\t\u000f\u0005\u0015!\u00021\u0001\u0002\b\u00051A-Z:d\u0013\u0012\u0004B!!\u0003\u0002\u00189!\u00111BA\n!\r\tiaU\u0007\u0003\u0003\u001fQ1!!\u0005\u001d\u0003\u0019a$o\\8u}%\u0019\u0011QC*\u0002\rA\u0013X\rZ3g\u0013\u0011\tI\"a\u0007\u0003\rM#(/\u001b8h\u0015\r\t)b\u0015\u0005\u0006}*\u0001\ra\u001f\u0005\u0006Q*\u0001\r![\u0001\u000fo&$\b.Q;uQ\u000e{gNZ5h)\u0019\t)#!\u000b\u0002:Q\u0019q.a\n\t\u000bY\\\u0001\u0019A<\t\u000f\u0005-2\u00021\u0001\u0002.\u0005QA-Z:de&\u0004Ho\u001c:\u0011\t\u0005=\u0012QG\u0007\u0003\u0003cQ1!a\r\u001b\u0003\u0019iw\u000eZ3mg&!\u0011qGA\u0019\u0005E\u0019VM\u001d<jG\u0016$Um]2sSB$xN\u001d\u0005\u0006Q.\u0001\r![\u0001\u000bG>l\u0007/\u001e;f'\u0016\u001cG\u0003BA\u0004\u0003\u007fAq!!\u0011\r\u0001\u0004\t\u0019%\u0001\u0003vg\u0016\u0014\b\u0003BA\u0018\u0003\u000bJA!a\u0012\u00022\ty\u0001K]5wCR,\u0017\t\u001d9t+N,'/A\u0010d_:4\u0017\u000eZ3oi&\fG.\u00119q\u0019><\u0017N\u001c)bO\u0016|\u0005\u000f^5p]N$\"!!\u0014\u0011\u000b}\ty%a\u0015\n\u0007\u0005E\u0003E\u0001\u0004BGRLwN\u001c\t\u0004?\u0005U\u0013bAA,A\tQ\u0011I\\=D_:$XM\u001c;\u00021\r|gNZ5eK:$\u0018.\u00197BaBdunZ5o!\u0006<W-A\u000bd_:4\u0017\u000eZ3oi&\fG.\u00119q\u0019><w.\u001e;\u0002/\r|gNZ5eK:$\u0018.\u00197BaB\u001c\u0015\r\u001c7cC\u000e\\\u0017AC1vi\"\u0004TM\u001d:peR1\u0011QJA2\u0003[Bq!!\u001a\u0012\u0001\u0004\t9'A\u0003feJ|'\u000fE\u0003y\u0003S\n9!C\u0002\u0002lM\u0013aa\u00149uS>t\u0007bBA8#\u0001\u0007\u0011qM\u0001\u0012KJ\u0014xN]0eKN\u001c'/\u001b9uS>t\u0017a\u00042bG.|eMZ5dK2{w-\u001b8\u0002!\t\f7m[(gM&\u001cW\rT8h_V$\u0018A\u00052bG.|eMZ5dK\u000e\u000bG\u000e\u001c2bG.$b!!\u0014\u0002z\u0005m\u0004\"CA3)A\u0005\t\u0019AA4\u0011%\ty\u0007\u0006I\u0001\u0002\u0004\t9'\u0001\u000fcC\u000e\\wJ\u001a4jG\u0016\u001c\u0015\r\u001c7cC\u000e\\G\u0005Z3gCVdG\u000fJ\u0019\u0016\u0005\u0005\u0005%\u0006BA4\u0003\u0007[#!!\"\u0011\t\u0005\u001d\u0015\u0011S\u0007\u0003\u0003\u0013SA!a#\u0002\u000e\u0006IQO\\2iK\u000e\\W\r\u001a\u0006\u0004\u0003\u001f\u001b\u0016AC1o]>$\u0018\r^5p]&!\u00111SAE\u0005E)hn\u00195fG.,GMV1sS\u0006t7-Z\u0001\u001dE\u0006\u001c7n\u00144gS\u000e,7)\u00197mE\u0006\u001c7\u000e\n3fM\u0006,H\u000e\u001e\u00133\u0001")
/* loaded from: input_file:otoroshi/controllers/AuthController.class */
public class AuthController extends AbstractController {
    private ExecutionContext ec;
    private Logger logger;
    private final BackOfficeActionAuth BackOfficeActionAuth;
    private final PrivateAppsAction PrivateAppsAction;
    private final BackOfficeAction BackOfficeAction;
    public final Env otoroshi$controllers$AuthController$$env;
    private volatile byte bitmap$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [otoroshi.controllers.AuthController] */
    private ExecutionContext ec$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                this.ec = this.otoroshi$controllers$AuthController$$env.otoroshiExecutionContext();
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
        }
        return this.ec;
    }

    public ExecutionContext ec() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? ec$lzycompute() : this.ec;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [otoroshi.controllers.AuthController] */
    private Logger logger$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                this.logger = Logger$.MODULE$.apply("otoroshi-auth-controller");
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
        }
        return this.logger;
    }

    public Logger logger() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? logger$lzycompute() : this.logger;
    }

    public JsValue decryptState(RequestHeader requestHeader) {
        byte[] bytes = ((String) new StringOps(Predef$.MODULE$.augmentString(((TraversableOnce) new StringOps(Predef$.MODULE$.augmentString(this.otoroshi$controllers$AuthController$$env.otoroshiSecret())).padTo(16, "0", Predef$.MODULE$.fallbackStringCanBuildFrom())).mkString(""))).take(16)).getBytes();
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(2, new SecretKeySpec(bytes, "AES"));
        byte[] decode = Base64.getUrlDecoder().decode((String) requestHeader.getQueryString("state").getOrElse(() -> {
            return Json$.MODULE$.stringify(Json$.MODULE$.obj(Nil$.MODULE$));
        }));
        return (JsValue) Try$.MODULE$.apply(() -> {
            return Json$.MODULE$.parse(new String(cipher.doFinal(decode)));
        }).recover(new AuthController$$anonfun$decryptState$3(null)).get();
    }

    public Future<Result> verifyHash(String str, AuthModuleConfig authModuleConfig, RequestHeader requestHeader, Function1<AuthModuleConfig, Future<Result>> function1) {
        String str2;
        if ((authModuleConfig instanceof GenericOauth2ModuleConfig) && ((GenericOauth2ModuleConfig) authModuleConfig).noWildcardRedirectURI()) {
            JsValue decryptState = decryptState(requestHeader);
            if (logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                logger().debug(() -> {
                    return new StringBuilder(16).append("Decoded state : ").append(Json$.MODULE$.prettyPrint(decryptState)).toString();
                }, MarkerContext$.MODULE$.NoMarker());
            }
            str2 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(decryptState), "hash").asOpt(Reads$.MODULE$.StringReads()).getOrElse(() -> {
                return "--";
            });
        } else {
            str2 = (String) requestHeader.getQueryString("hash").orElse(() -> {
                return requestHeader.session().get("hash");
            }).getOrElse(() -> {
                return "--";
            });
        }
        String str3 = str2;
        String sign = this.otoroshi$controllers$AuthController$$env.sign(new StringBuilder(3).append(authModuleConfig.id()).append(":::").append(str).toString());
        if (str3 != null ? !str3.equals("--") : "--" != 0) {
            return str3 != null ? (Future) function1.apply(authModuleConfig) : (Future) function1.apply(authModuleConfig);
        }
        if (!(authModuleConfig instanceof SamlAuthModuleConfig) && !(authModuleConfig instanceof Oauth1ModuleConfig)) {
            return Errors$.MODULE$.craftResponseResult("Auth. config. bad signature", Results$.MODULE$.BadRequest(), requestHeader, None$.MODULE$, new Some<>("errors.auth.bad.signature"), Errors$.MODULE$.craftResponseResult$default$6(), Errors$.MODULE$.craftResponseResult$default$7(), Errors$.MODULE$.craftResponseResult$default$8(), Errors$.MODULE$.craftResponseResult$default$9(), Errors$.MODULE$.craftResponseResult$default$10(), Errors$.MODULE$.craftResponseResult$default$11(), TypedMap$.MODULE$.empty(), Errors$.MODULE$.craftResponseResult$default$13(), ec(), this.otoroshi$controllers$AuthController$$env);
        }
    }

    public Future<Result> withAuthConfig(ServiceDescriptor serviceDescriptor, RequestHeader requestHeader, Function1<AuthModuleConfig, Future<Result>> function1) {
        Some authConfigRef = serviceDescriptor.authConfigRef();
        if (!None$.MODULE$.equals(authConfigRef)) {
            if (!(authConfigRef instanceof Some)) {
                throw new MatchError(authConfigRef);
            }
            return this.otoroshi$controllers$AuthController$$env.proxyState().authModuleAsync((String) authConfigRef.value()).flatMap(option -> {
                if (!None$.MODULE$.equals(option)) {
                    if (option instanceof Some) {
                        return (Future) function1.apply((AuthModuleConfig) ((Some) option).value());
                    }
                    throw new MatchError(option);
                }
                Results.Status InternalServerError = Results$.MODULE$.InternalServerError();
                Option<ServiceDescriptor> some = new Some<>(serviceDescriptor);
                Option<String> some2 = new Some<>("errors.auth.config.not.found");
                TypedMap empty = TypedMap$.MODULE$.empty();
                return Errors$.MODULE$.craftResponseResult("Auth. config. not found on the descriptor", InternalServerError, requestHeader, some, some2, Errors$.MODULE$.craftResponseResult$default$6(), Errors$.MODULE$.craftResponseResult$default$7(), Errors$.MODULE$.craftResponseResult$default$8(), Errors$.MODULE$.craftResponseResult$default$9(), Errors$.MODULE$.craftResponseResult$default$10(), Errors$.MODULE$.craftResponseResult$default$11(), empty, Errors$.MODULE$.craftResponseResult$default$13(), this.ec(), this.otoroshi$controllers$AuthController$$env);
            }, ec());
        }
        Results.Status InternalServerError = Results$.MODULE$.InternalServerError();
        Option<ServiceDescriptor> some = new Some<>(serviceDescriptor);
        Option<String> some2 = new Some<>("errors.auth.config.ref.not.found");
        TypedMap empty = TypedMap$.MODULE$.empty();
        return Errors$.MODULE$.craftResponseResult("Auth. config. ref not found on the descriptor", InternalServerError, requestHeader, some, some2, Errors$.MODULE$.craftResponseResult$default$6(), Errors$.MODULE$.craftResponseResult$default$7(), Errors$.MODULE$.craftResponseResult$default$8(), Errors$.MODULE$.craftResponseResult$default$9(), Errors$.MODULE$.craftResponseResult$default$10(), Errors$.MODULE$.craftResponseResult$default$11(), empty, Errors$.MODULE$.craftResponseResult$default$13(), ec(), this.otoroshi$controllers$AuthController$$env);
    }

    public String computeSec(PrivateAppsUser privateAppsUser) {
        return this.otoroshi$controllers$AuthController$$env.aesEncrypt(implicits$BetterJsValue$.MODULE$.stringify$extension(implicits$.MODULE$.BetterJsValue(privateAppsUser.json())));
    }

    public Action<AnyContent> confidentialAppLoginPageOptions() {
        return this.PrivateAppsAction.async(privateAppsActionContext -> {
            CorsSettings corsSettings = new CorsSettings(true, new StringBuilder(0).append(this.otoroshi$controllers$AuthController$$env.rootScheme()).append(this.otoroshi$controllers$AuthController$$env.privateAppsHost()).toString(), Nil$.MODULE$, Nil$.MODULE$, new $colon.colon("GET", Nil$.MODULE$), CorsSettings$.MODULE$.apply$default$6(), CorsSettings$.MODULE$.apply$default$7(), CorsSettings$.MODULE$.apply$default$8());
            if (!corsSettings.shouldNotPass(privateAppsActionContext.request())) {
                return (Future) FastFuture$.MODULE$.successful().apply(Results$.MODULE$.Ok().apply(ByteString$.MODULE$.empty(), Writeable$.MODULE$.wBytes()).withHeaders(corsSettings.asHeaders(privateAppsActionContext.request())));
            }
            Results.Status BadRequest = Results$.MODULE$.BadRequest();
            RequestHeader request = privateAppsActionContext.request();
            Option<ServiceDescriptor> option = None$.MODULE$;
            Option<String> some = new Some<>("errors.cors.error");
            TypedMap empty = TypedMap$.MODULE$.empty();
            return Errors$.MODULE$.craftResponseResult("Cors error", BadRequest, request, option, some, Errors$.MODULE$.craftResponseResult$default$6(), Errors$.MODULE$.craftResponseResult$default$7(), Errors$.MODULE$.craftResponseResult$default$8(), Errors$.MODULE$.craftResponseResult$default$9(), Errors$.MODULE$.craftResponseResult$default$10(), Errors$.MODULE$.craftResponseResult$default$11(), empty, Errors$.MODULE$.craftResponseResult$default$13(), this.ec(), this.otoroshi$controllers$AuthController$$env);
        });
    }

    public Action<AnyContent> confidentialAppLoginPage() {
        return this.PrivateAppsAction.async(privateAppsActionContext -> {
            Request request = privateAppsActionContext.request();
            Some queryString = privateAppsActionContext.request().getQueryString("desc");
            if (None$.MODULE$.equals(queryString)) {
                return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Service not found", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
            }
            if (!(queryString instanceof Some)) {
                throw new MatchError(queryString);
            }
            return this.otoroshi$controllers$AuthController$$env.datastores().serviceDescriptorDataStore().findOrRouteById((String) queryString.value(), this.ec(), this.otoroshi$controllers$AuthController$$env).flatMap(option -> {
                boolean z = false;
                Some some = null;
                if (None$.MODULE$.equals(option)) {
                    return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Service not found", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
                }
                if (option instanceof Some) {
                    z = true;
                    some = (Some) option;
                    if (!((ServiceDescriptor) some.value()).privateApp()) {
                        return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Private apps are not configured", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
                    }
                }
                if (z) {
                    ServiceDescriptor serviceDescriptor = (ServiceDescriptor) some.value();
                    if (serviceDescriptor.privateApp()) {
                        String id = serviceDescriptor.id();
                        String id2 = this.otoroshi$controllers$AuthController$$env.backOfficeDescriptor().id();
                        if (id != null ? !id.equals(id2) : id2 != null) {
                            return this.withAuthConfig(serviceDescriptor, privateAppsActionContext.request(), authModuleConfig -> {
                                String sb = new StringBuilder(10).append("oto-papps-").append(authModuleConfig.cookieSuffix(serviceDescriptor)).toString();
                                Some find = privateAppsActionContext.request().cookies().find(cookie -> {
                                    return BoxesRunTime.boxToBoolean($anonfun$confidentialAppLoginPage$4(sb, cookie));
                                });
                                if (!(find instanceof Some)) {
                                    if (None$.MODULE$.equals(find)) {
                                        return authModuleConfig.authModule(privateAppsActionContext.globalConfig()).paLoginPage(privateAppsActionContext.request(), privateAppsActionContext.globalConfig(), serviceDescriptor, this.ec(), this.otoroshi$controllers$AuthController$$env);
                                    }
                                    throw new MatchError(find);
                                }
                                Some extractPrivateSessionId = this.otoroshi$controllers$AuthController$$env.extractPrivateSessionId((Cookie) find.value());
                                if (None$.MODULE$.equals(extractPrivateSessionId)) {
                                    return authModuleConfig.authModule(privateAppsActionContext.globalConfig()).paLoginPage(privateAppsActionContext.request(), privateAppsActionContext.globalConfig(), serviceDescriptor, this.ec(), this.otoroshi$controllers$AuthController$$env);
                                }
                                if (!(extractPrivateSessionId instanceof Some)) {
                                    throw new MatchError(extractPrivateSessionId);
                                }
                                return this.otoroshi$controllers$AuthController$$env.datastores().privateAppsUserDataStore().findById((String) extractPrivateSessionId.value(), this.ec(), this.otoroshi$controllers$AuthController$$env).flatMap(option -> {
                                    String sb2;
                                    if (None$.MODULE$.equals(option)) {
                                        return authModuleConfig.authModule(privateAppsActionContext.globalConfig()).paLoginPage(privateAppsActionContext.request(), privateAppsActionContext.globalConfig(), serviceDescriptor, this.ec(), this.otoroshi$controllers$AuthController$$env);
                                    }
                                    if (!(option instanceof Some)) {
                                        throw new MatchError(option);
                                    }
                                    PrivateAppsUser privateAppsUser = (PrivateAppsUser) ((Some) option).value();
                                    String sb3 = authModuleConfig.clientSideSessionEnabled() ? new StringBuilder(5).append("&sec=").append(this.computeSec(privateAppsUser)).toString() : "";
                                    String str = (String) privateAppsActionContext.request().getQueryString("redirect").getOrElse(() -> {
                                        return new StringBuilder(3).append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theProtocol$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(request), this.otoroshi$controllers$AuthController$$env)).append("://").append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theHost$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(request), this.otoroshi$controllers$AuthController$$env)).append(RequestImplicits$EnhancedRequestHeader$.MODULE$.relativeUri$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(request))).toString();
                                    });
                                    if ("urn:ietf:wg:oauth:2.0:oob".equals(str)) {
                                        String sb4 = new StringBuilder(110).append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theProtocol$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(request), this.otoroshi$controllers$AuthController$$env)).append("://").append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theHost$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(request), this.otoroshi$controllers$AuthController$$env)).append("/.well-known/otoroshi/login?sessionId=").append(privateAppsUser.randomId()).append("&redirectTo=urn:ietf:wg:oauth:2.0:oob&host=").append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theHost$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(request), this.otoroshi$controllers$AuthController$$env)).append("&cp=").append(authModuleConfig.cookieSuffix(serviceDescriptor)).append("&ma=").append(authModuleConfig.sessionMaxAge()).append("&httpOnly=").append(authModuleConfig.sessionCookieValues().httpOnly()).append("&secure=").append(authModuleConfig.sessionCookieValues().secure()).append(sb3).toString();
                                        return (Future) FastFuture$.MODULE$.successful().apply(this.Redirect(new StringBuilder(6).append(sb4).append("&hash=").append(this.otoroshi$controllers$AuthController$$env.sign(sb4)).toString(), this.Redirect$default$2(), this.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{new StringBuilder(24).append("pa-redirect-after-login-").append(authModuleConfig.cookieSuffix(serviceDescriptor)).toString(), "desc"}), request).withCookies(this.otoroshi$controllers$AuthController$$env.createPrivateSessionCookies(RequestImplicits$EnhancedRequestHeader$.MODULE$.theHost$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(request), this.otoroshi$controllers$AuthController$$env), privateAppsUser.randomId(), serviceDescriptor, authModuleConfig, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(privateAppsUser)))));
                                    }
                                    URL url = new URL(str);
                                    String host = url.getHost();
                                    String protocol = url.getProtocol();
                                    int port = url.getPort();
                                    switch (port) {
                                        case -1:
                                            String sb5 = new StringBuilder(85).append(protocol).append("://").append(host).append("/.well-known/otoroshi/login?sessionId=").append(privateAppsUser.randomId()).append("&redirectTo=").append(str).append("&host=").append(host).append("&cp=").append(authModuleConfig.cookieSuffix(serviceDescriptor)).append("&ma=").append(authModuleConfig.sessionMaxAge()).append("&httpOnly=").append(authModuleConfig.sessionCookieValues().httpOnly()).append("&secure=").append(authModuleConfig.sessionCookieValues().secure()).append(sb3).toString();
                                            sb2 = new StringBuilder(6).append(sb5).append("&hash=").append(this.otoroshi$controllers$AuthController$$env.sign(sb5)).toString();
                                            break;
                                        default:
                                            String sb6 = new StringBuilder(86).append(protocol).append("://").append(host).append(":").append(port).append("/.well-known/otoroshi/login?sessionId=").append(privateAppsUser.randomId()).append("&redirectTo=").append(str).append("&host=").append(host).append("&cp=").append(authModuleConfig.cookieSuffix(serviceDescriptor)).append("&ma=").append(authModuleConfig.sessionMaxAge()).append("&httpOnly=").append(authModuleConfig.sessionCookieValues().httpOnly()).append("&secure=").append(authModuleConfig.sessionCookieValues().secure()).append(sb3).toString();
                                            sb2 = new StringBuilder(6).append(sb6).append("&hash=").append(this.otoroshi$controllers$AuthController$$env.sign(sb6)).toString();
                                            break;
                                    }
                                    return (Future) FastFuture$.MODULE$.successful().apply(this.Redirect(sb2, this.Redirect$default$2(), this.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{new StringBuilder(24).append("pa-redirect-after-login-").append(authModuleConfig.cookieSuffix(serviceDescriptor)).toString(), "desc"}), request).withCookies(this.otoroshi$controllers$AuthController$$env.createPrivateSessionCookies(host, privateAppsUser.randomId(), serviceDescriptor, authModuleConfig, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(privateAppsUser)))));
                                }, this.ec());
                            });
                        }
                    }
                }
                return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Private apps are not configured", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
            }, this.ec());
        });
    }

    public Action<AnyContent> confidentialAppLogout() {
        return this.PrivateAppsAction.async(privateAppsActionContext -> {
            RequestHeader request = privateAppsActionContext.request();
            Tuple3 tuple3 = new Tuple3(request.queryString().get("redirectTo").map(seq -> {
                return (String) seq.last();
            }), request.queryString().get("host").map(seq2 -> {
                return (String) seq2.last();
            }), request.queryString().get("cp").map(seq3 -> {
                return (String) seq3.last();
            }));
            if (tuple3 != null) {
                Some some = (Option) tuple3._1();
                Some some2 = (Option) tuple3._2();
                Some some3 = (Option) tuple3._3();
                if (some instanceof Some) {
                    String str = (String) some.value();
                    if (some2 instanceof Some) {
                        String str2 = (String) some2.value();
                        if (some3 instanceof Some) {
                            return (Future) FastFuture$.MODULE$.successful().apply(this.Redirect(str, this.Redirect$default$2(), this.Redirect$default$3()).discardingCookies(this.otoroshi$controllers$AuthController$$env.removePrivateSessionCookiesWithSuffix(str2, (String) some3.value())));
                        }
                    }
                }
            }
            Results.Status BadRequest = Results$.MODULE$.BadRequest();
            Option<ServiceDescriptor> option = None$.MODULE$;
            Option<String> some4 = new Some<>("errors.missing.parameters");
            TypedMap empty = TypedMap$.MODULE$.empty();
            return Errors$.MODULE$.craftResponseResult("Missing parameters", BadRequest, request, option, some4, Errors$.MODULE$.craftResponseResult$default$6(), Errors$.MODULE$.craftResponseResult$default$7(), Errors$.MODULE$.craftResponseResult$default$8(), Errors$.MODULE$.craftResponseResult$default$9(), Errors$.MODULE$.craftResponseResult$default$10(), Errors$.MODULE$.craftResponseResult$default$11(), empty, Errors$.MODULE$.craftResponseResult$default$13(), this.ec(), this.otoroshi$controllers$AuthController$$env);
        });
    }

    public Action<AnyContent> confidentialAppCallback() {
        return this.PrivateAppsAction.async(privateAppsActionContext -> {
            Future vfuture$extension;
            Request request = privateAppsActionContext.request();
            Option orElse = privateAppsActionContext.request().getQueryString("desc").orElse(() -> {
                return privateAppsActionContext.request().session().get("desc");
            });
            Some asFormUrlEncoded = ((AnyContent) privateAppsActionContext.request().body()).asFormUrlEncoded();
            if (asFormUrlEncoded instanceof Some) {
                Map map = (Map) asFormUrlEncoded.value();
                if (map.get("RelayState").exists(seq -> {
                    return BoxesRunTime.boxToBoolean(seq.nonEmpty());
                })) {
                    Map mapValues = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps((Tuple2[]) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(((String) ((IterableLike) map.apply("RelayState")).head()).split("&"))).map(str -> {
                        return new Tuple2(str.split("=")[0], str.split("=")[1]);
                    }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(Tuple2.class))))).groupBy(tuple2 -> {
                        return (String) tuple2._1();
                    }).mapValues(tuple2Arr -> {
                        return (String) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps((Object[]) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(tuple2Arr)).map(tuple22 -> {
                            return (String) tuple22._2();
                        }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(String.class))))).head();
                    });
                    if (mapValues.contains("hash") && mapValues.contains("redirect_uri") && mapValues.contains("desc")) {
                        orElse = implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(mapValues.apply("desc")));
                        BoxedUnit boxedUnit = BoxedUnit.UNIT;
                    } else {
                        implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Service not found", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
                    }
                } else {
                    BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                }
            } else {
                if (!None$.MODULE$.equals(asFormUrlEncoded)) {
                    throw new MatchError(asFormUrlEncoded);
                }
                BoxedUnit boxedUnit3 = BoxedUnit.UNIT;
            }
            Tuple2 tuple22 = new Tuple2(orElse, privateAppsActionContext.request().getQueryString("state"));
            if (tuple22 != null) {
                Some some = (Option) tuple22._1();
                if (some instanceof Some) {
                    vfuture$extension = this.process$1((String) some.value(), privateAppsActionContext, request);
                    return vfuture$extension.recover(new AuthController$$anonfun$$nestedInanonfun$confidentialAppCallback$1$1(this), this.ec());
                }
            }
            if (tuple22 != null) {
                Some some2 = (Option) tuple22._2();
                if (some2 instanceof Some) {
                    String str2 = (String) some2.value();
                    if (this.logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                        this.logger().debug(() -> {
                            return new StringBuilder(17).append("Received state : ").append(str2).toString();
                        }, MarkerContext$.MODULE$.NoMarker());
                    }
                    Some asOpt = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(this.decryptState(RequestImplicits$.MODULE$.EnhancedRequestHeader(privateAppsActionContext.request()))), "descriptor").asOpt(Reads$.MODULE$.StringReads());
                    vfuture$extension = asOpt instanceof Some ? this.process$1((String) asOpt.value(), privateAppsActionContext, request) : implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Service not found", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
                    return vfuture$extension.recover(new AuthController$$anonfun$$nestedInanonfun$confidentialAppCallback$1$1(this), this.ec());
                }
            }
            if (tuple22 == null) {
                throw new MatchError(tuple22);
            }
            vfuture$extension = implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Service not found", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
            return vfuture$extension.recover(new AuthController$$anonfun$$nestedInanonfun$confidentialAppCallback$1$1(this), this.ec());
        });
    }

    public Action<AnyContent> auth0error(Option<String> option, Option<String> option2) {
        return this.BackOfficeAction.apply(backOfficeActionContext -> {
            String str = IdGenerator$.MODULE$.token(16);
            this.logger().error(() -> {
                return new StringBuilder(31).append("[AUTH0 ERROR] error_id: ").append(str).append(" => ").append(option.getOrElse(() -> {
                    return "--";
                })).append(" : ").append(option2.getOrElse(() -> {
                    return "--";
                })).toString();
            }, MarkerContext$.MODULE$.NoMarker());
            return this.Redirect(routes.BackOfficeController.error(new Some(new StringBuilder(30).append("Auth0 error - logged with id: ").append(str).toString())));
        });
    }

    public Action<AnyContent> backOfficeLogin() {
        return this.BackOfficeAction.async(backOfficeActionContext -> {
            backOfficeActionContext.request();
            return this.otoroshi$controllers$AuthController$$env.datastores().globalConfigDataStore().singleton(this.ec(), this.otoroshi$controllers$AuthController$$env).flatMap(globalConfig -> {
                if (globalConfig.u2fLoginOnly() || globalConfig.backOfficeAuthRef().isEmpty()) {
                    if (globalConfig.u2fLoginOnly() || globalConfig.backOfficeAuthRef().isEmpty()) {
                        return (Future) FastFuture$.MODULE$.successful().apply(this.Redirect(routes.BackOfficeController.index()));
                    }
                    throw new MatchError(globalConfig);
                }
                Some backOfficeAuthRef = globalConfig.backOfficeAuthRef();
                if (None$.MODULE$.equals(backOfficeAuthRef)) {
                    return (Future) FastFuture$.MODULE$.successful().apply(this.Redirect(routes.BackOfficeController.index()));
                }
                if (!(backOfficeAuthRef instanceof Some)) {
                    throw new MatchError(backOfficeAuthRef);
                }
                return this.otoroshi$controllers$AuthController$$env.proxyState().authModuleAsync((String) backOfficeAuthRef.value()).flatMap(option -> {
                    if (None$.MODULE$.equals(option)) {
                        return (Future) FastFuture$.MODULE$.successful().apply(this.NotFound().apply(error$.MODULE$.apply("BackOffice Oauth is not configured", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8()))));
                    }
                    if (option instanceof Some) {
                        return ((AuthModuleConfig) ((Some) option).value()).authModule(globalConfig).boLoginPage(backOfficeActionContext.request(), globalConfig, this.ec(), this.otoroshi$controllers$AuthController$$env);
                    }
                    throw new MatchError(option);
                }, this.ec());
            }, this.ec());
        });
    }

    public Action<AnyContent> backOfficeLogout() {
        return this.BackOfficeActionAuth.async(backOfficeActionContextAuth -> {
            Request request = backOfficeActionContextAuth.request();
            Option queryString = request.getQueryString("redirect");
            boolean simpleLogin = backOfficeActionContextAuth.user().simpleLogin();
            if (true == simpleLogin) {
                return backOfficeActionContextAuth.user().delete(this.ec(), this.otoroshi$controllers$AuthController$$env).map(obj -> {
                    return $anonfun$backOfficeLogout$2(this, backOfficeActionContextAuth, queryString, request, BoxesRunTime.unboxToBoolean(obj));
                }, this.ec());
            }
            if (false == simpleLogin) {
                return this.otoroshi$controllers$AuthController$$env.datastores().globalConfigDataStore().singleton(this.ec(), this.otoroshi$controllers$AuthController$$env).flatMap(globalConfig -> {
                    Some backOfficeAuthRef = globalConfig.backOfficeAuthRef();
                    if (None$.MODULE$.equals(backOfficeAuthRef)) {
                        return backOfficeActionContextAuth.user().delete(this.ec(), this.otoroshi$controllers$AuthController$$env).map(obj2 -> {
                            return $anonfun$backOfficeLogout$5(this, backOfficeActionContextAuth, queryString, request, BoxesRunTime.unboxToBoolean(obj2));
                        }, this.ec());
                    }
                    if (!(backOfficeAuthRef instanceof Some)) {
                        throw new MatchError(backOfficeAuthRef);
                    }
                    return this.otoroshi$controllers$AuthController$$env.proxyState().authModuleAsync((String) backOfficeAuthRef.value()).flatMap(option -> {
                        if (None$.MODULE$.equals(option)) {
                            return (Future) FastFuture$.MODULE$.successful().apply(this.NotFound().apply(error$.MODULE$.apply("BackOffice auth is not configured", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8()))).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{"bousr", "bo-redirect-after-login"}), request));
                        }
                        if (option instanceof Some) {
                            return ((AuthModuleConfig) ((Some) option).value()).authModule(globalConfig).boLogout(backOfficeActionContextAuth.request(), backOfficeActionContextAuth.user(), globalConfig, this.ec(), this.otoroshi$controllers$AuthController$$env).flatMap(either -> {
                                if (either instanceof Left) {
                                    Result result = (Result) ((Left) either).value();
                                    return backOfficeActionContextAuth.user().delete(this.ec(), this.otoroshi$controllers$AuthController$$env).map(obj3 -> {
                                        return $anonfun$backOfficeLogout$9(this, backOfficeActionContextAuth, result, request, BoxesRunTime.unboxToBoolean(obj3));
                                    }, this.ec());
                                }
                                if (!(either instanceof Right)) {
                                    throw new MatchError(either);
                                }
                                Some some = (Option) ((Right) either).value();
                                if (None$.MODULE$.equals(some)) {
                                    return backOfficeActionContextAuth.user().delete(this.ec(), this.otoroshi$controllers$AuthController$$env).map(obj4 -> {
                                        return $anonfun$backOfficeLogout$10(this, backOfficeActionContextAuth, queryString, request, BoxesRunTime.unboxToBoolean(obj4));
                                    }, this.ec());
                                }
                                if (!(some instanceof Some)) {
                                    throw new MatchError(some);
                                }
                                String replace = ((String) some.value()).replace("${redirect}", URLEncoder.encode((String) queryString.getOrElse(() -> {
                                    return new StringBuilder(4).append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theProtocol$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(request), this.otoroshi$controllers$AuthController$$env)).append("://").append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theHost$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(request), this.otoroshi$controllers$AuthController$$env)).append("/").toString();
                                }), "UTF-8"));
                                return backOfficeActionContextAuth.user().delete(this.ec(), this.otoroshi$controllers$AuthController$$env).map(obj5 -> {
                                    return $anonfun$backOfficeLogout$13(this, backOfficeActionContextAuth, replace, request, BoxesRunTime.unboxToBoolean(obj5));
                                }, this.ec());
                            }, this.ec());
                        }
                        throw new MatchError(option);
                    }, this.ec());
                }, this.ec());
            }
            throw new MatchError(BoxesRunTime.boxToBoolean(simpleLogin));
        });
    }

    public Action<AnyContent> backOfficeCallback(Option<String> option, Option<String> option2) {
        return this.BackOfficeAction.async(backOfficeActionContext -> {
            Request request = backOfficeActionContext.request();
            if (option instanceof Some) {
                return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(unauthorized$.MODULE$.apply(this.otoroshi$controllers$AuthController$$env), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8()))));
            }
            if (None$.MODULE$.equals(option)) {
                return this.otoroshi$controllers$AuthController$$env.datastores().globalConfigDataStore().singleton(this.ec(), this.otoroshi$controllers$AuthController$$env).flatMap(globalConfig -> {
                    if (globalConfig.u2fLoginOnly() || globalConfig.backOfficeAuthRef().isEmpty()) {
                        return (Future) FastFuture$.MODULE$.successful().apply(this.Redirect(routes.BackOfficeController.index()));
                    }
                    if (globalConfig.u2fLoginOnly() || globalConfig.backOfficeAuthRef().isEmpty()) {
                        throw new MatchError(globalConfig);
                    }
                    Some backOfficeAuthRef = globalConfig.backOfficeAuthRef();
                    if (None$.MODULE$.equals(backOfficeAuthRef)) {
                        return (Future) FastFuture$.MODULE$.successful().apply(this.NotFound().apply(error$.MODULE$.apply("BackOffice OAuth is not configured", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8()))));
                    }
                    if (!(backOfficeAuthRef instanceof Some)) {
                        throw new MatchError(backOfficeAuthRef);
                    }
                    return this.otoroshi$controllers$AuthController$$env.proxyState().authModuleAsync((String) backOfficeAuthRef.value()).flatMap(option3 -> {
                        if (None$.MODULE$.equals(option3)) {
                            return (Future) FastFuture$.MODULE$.successful().apply(this.NotFound().apply(error$.MODULE$.apply("BackOffice OAuth is not found", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8()))));
                        }
                        if (!(option3 instanceof Some)) {
                            throw new MatchError(option3);
                        }
                        AuthModuleConfig authModuleConfig = (AuthModuleConfig) ((Some) option3).value();
                        return this.verifyHash("backoffice", authModuleConfig, backOfficeActionContext.request(), authModuleConfig2 -> {
                            String type = authModuleConfig2.type();
                            if (type != null ? type.equals("basic") : "basic" == 0) {
                                if (((BasicAuthModuleConfig) authModuleConfig2).webauthn()) {
                                    BasicAuthModule basicAuthModule = (BasicAuthModule) authModuleConfig2.authModule(globalConfig);
                                    boolean z = false;
                                    Some some = null;
                                    Option option3 = request.headers().get("WebAuthn-Login-Step");
                                    if (option3 instanceof Some) {
                                        z = true;
                                        some = (Some) option3;
                                        if ("start".equals((String) some.value())) {
                                            return basicAuthModule.webAuthnAdminLoginStart((JsValue) ((AnyContent) backOfficeActionContext.request().body()).asJson().get(), this.otoroshi$controllers$AuthController$$env, this.ec()).map(either -> {
                                                if (either instanceof Left) {
                                                    return this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper((String) ((Left) either).value(), Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
                                                }
                                                if (either instanceof Right) {
                                                    return this.Ok().apply((JsValue) ((Right) either).value(), Writeable$.MODULE$.writeableOf_JsValue());
                                                }
                                                throw new MatchError(either);
                                            }, this.ec());
                                        }
                                    }
                                    return (z && "finish".equals((String) some.value())) ? basicAuthModule.webAuthnAdminLoginFinish((JsValue) ((AnyContent) backOfficeActionContext.request().body()).asJson().get(), this.otoroshi$controllers$AuthController$$env, this.ec()).flatMap(either2 -> {
                                        if (either2 instanceof Left) {
                                            return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper((String) ((Left) either2).value(), Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                                        }
                                        if (either2 instanceof Right) {
                                            return this.saveUser$2((BackOfficeUser) ((Right) either2).value(), authModuleConfig2, true, backOfficeActionContext.request(), backOfficeActionContext, request);
                                        }
                                        throw new MatchError(either2);
                                    }, this.ec()) : implicits$BetterSyntax$.MODULE$.asFuture$extension(implicits$.MODULE$.BetterSyntax(this.BadRequest().apply(error$.MODULE$.apply("Missing step", this.otoroshi$controllers$AuthController$$env, "Authorization error", error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
                                }
                            }
                            return authModuleConfig.authModule(globalConfig).boCallback(backOfficeActionContext.request(), globalConfig, this.ec(), this.otoroshi$controllers$AuthController$$env).flatMap(either3 -> {
                                if (either3 instanceof Left) {
                                    return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(error$.MODULE$.apply(new StringBuilder(28).append("You're not authorized here: ").append((String) ((Left) either3).value()).toString(), this.otoroshi$controllers$AuthController$$env, "Authorization error", error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8()))));
                                }
                                if (!(either3 instanceof Right)) {
                                    throw new MatchError(either3);
                                }
                                BackOfficeUser backOfficeUser = (BackOfficeUser) ((Right) either3).value();
                                if (this.logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                                    this.logger().debug(() -> {
                                        return new StringBuilder(28).append("Login successful for user '").append(backOfficeUser.email()).append("'").toString();
                                    }, MarkerContext$.MODULE$.NoMarker());
                                }
                                return this.saveUser$2(backOfficeUser, authModuleConfig2, false, backOfficeActionContext.request(), backOfficeActionContext, request);
                            }, this.ec());
                        });
                    }, this.ec());
                }, this.ec());
            }
            throw new MatchError(option);
        });
    }

    public Option<String> backOfficeCallback$default$1() {
        return None$.MODULE$;
    }

    public Option<String> backOfficeCallback$default$2() {
        return None$.MODULE$;
    }

    public static final /* synthetic */ boolean $anonfun$confidentialAppLoginPage$4(String str, Cookie cookie) {
        String name = cookie.name();
        return name != null ? name.equals(str) : str == null;
    }

    private final Future saveUser$1(PrivateAppsUser privateAppsUser, AuthModuleConfig authModuleConfig, ServiceDescriptor serviceDescriptor, boolean z, RequestHeader requestHeader, PrivateAppsActionContext privateAppsActionContext) {
        return privateAppsUser.save(Duration$.MODULE$.apply(authModuleConfig.sessionMaxAge(), TimeUnit.SECONDS), ec(), this.otoroshi$controllers$AuthController$$env).map(privateAppsUser2 -> {
            String sb;
            String sb2 = authModuleConfig.clientSideSessionEnabled() ? new StringBuilder(5).append("&sec=").append(this.computeSec(privateAppsUser2)).toString() : "";
            if (this.logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                this.logger().debug(() -> {
                    return new StringBuilder(46).append("Auth callback, creating session on the leader ").append(privateAppsUser2.email()).toString();
                }, MarkerContext$.MODULE$.NoMarker());
            }
            this.otoroshi$controllers$AuthController$$env.clusterAgent().createSession(privateAppsUser2);
            Alerts$.MODULE$.send(new UserLoggedInAlert(this.otoroshi$controllers$AuthController$$env.snowflakeGenerator().nextIdStr(), this.otoroshi$controllers$AuthController$$env.env(), privateAppsUser2, privateAppsActionContext.from(this.otoroshi$controllers$AuthController$$env), privateAppsActionContext.ua(), authModuleConfig.id(), UserLoggedInAlert$.MODULE$.apply$default$7()), this.otoroshi$controllers$AuthController$$env);
            Some asFormUrlEncoded = ((AnyContent) privateAppsActionContext.request().body()).asFormUrlEncoded();
            if (asFormUrlEncoded instanceof Some) {
                Map map = (Map) asFormUrlEncoded.value();
                if (map.get("RelayState").exists(seq -> {
                    return BoxesRunTime.boxToBoolean(seq.nonEmpty());
                })) {
                    String str = (String) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps((Tuple2[]) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(((String) ((IterableLike) map.apply("RelayState")).head()).split("&"))).map(str2 -> {
                        return new Tuple2(str2.split("=")[0], str2.split("=")[1]);
                    }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(Tuple2.class))))).groupBy(tuple2 -> {
                        return (String) tuple2._1();
                    }).mapValues(tuple2Arr -> {
                        return (String) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps((Object[]) new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(tuple2Arr)).map(tuple22 -> {
                            return (String) tuple22._2();
                        }, Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(String.class))))).head();
                    }).getOrElse("redirect_uri", () -> {
                        return routes.PrivateAppsController.home().absoluteURL(this.otoroshi$controllers$AuthController$$env.exposedRootSchemeIsHttps(), requestHeader);
                    });
                    return this.Redirect(str, this.Redirect$default$2(), this.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{new StringBuilder(24).append("pa-redirect-after-login-").append(authModuleConfig.cookieSuffix(serviceDescriptor)).toString(), "desc"}), requestHeader).withCookies(this.otoroshi$controllers$AuthController$$env.createPrivateSessionCookies(new URL(str).getHost(), privateAppsUser2.randomId(), serviceDescriptor, authModuleConfig, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(privateAppsUser2))));
                }
            }
            String str3 = (String) privateAppsActionContext.request().session().get(new StringBuilder(24).append("pa-redirect-after-login-").append(authModuleConfig.cookieSuffix(serviceDescriptor)).toString()).getOrElse(() -> {
                return routes.PrivateAppsController.home().absoluteURL(this.otoroshi$controllers$AuthController$$env.exposedRootSchemeIsHttps(), requestHeader);
            });
            if ("urn:ietf:wg:oauth:2.0:oob".equals(str3)) {
                String sb3 = new StringBuilder(110).append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theProtocol$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(requestHeader), this.otoroshi$controllers$AuthController$$env)).append("://").append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theHost$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(requestHeader), this.otoroshi$controllers$AuthController$$env)).append("/.well-known/otoroshi/login?sessionId=").append(privateAppsUser2.randomId()).append("&redirectTo=urn:ietf:wg:oauth:2.0:oob&host=").append(RequestImplicits$EnhancedRequestHeader$.MODULE$.theHost$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(requestHeader), this.otoroshi$controllers$AuthController$$env)).append("&cp=").append(authModuleConfig.cookieSuffix(serviceDescriptor)).append("&ma=").append(authModuleConfig.sessionMaxAge()).append("&httpOnly=").append(authModuleConfig.sessionCookieValues().httpOnly()).append("&secure=").append(authModuleConfig.sessionCookieValues().secure()).append(sb2).toString();
                return this.Redirect(new StringBuilder(6).append(sb3).append("&hash=").append(this.otoroshi$controllers$AuthController$$env.sign(sb3)).toString(), this.Redirect$default$2(), this.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{new StringBuilder(24).append("pa-redirect-after-login-").append(authModuleConfig.cookieSuffix(serviceDescriptor)).toString(), "desc"}), requestHeader).withCookies(this.otoroshi$controllers$AuthController$$env.createPrivateSessionCookies(RequestImplicits$EnhancedRequestHeader$.MODULE$.theHost$extension(RequestImplicits$.MODULE$.EnhancedRequestHeader(requestHeader), this.otoroshi$controllers$AuthController$$env), privateAppsUser.randomId(), serviceDescriptor, authModuleConfig, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(privateAppsUser))));
            }
            URL url = new URL(str3);
            String host = url.getHost();
            String protocol = url.getProtocol();
            int port = url.getPort();
            switch (port) {
                case -1:
                    String sb4 = new StringBuilder(85).append(protocol).append("://").append(host).append("/.well-known/otoroshi/login?sessionId=").append(privateAppsUser2.randomId()).append("&redirectTo=").append(str3).append("&host=").append(host).append("&cp=").append(authModuleConfig.cookieSuffix(serviceDescriptor)).append("&ma=").append(authModuleConfig.sessionMaxAge()).append("&httpOnly=").append(authModuleConfig.sessionCookieValues().httpOnly()).append("&secure=").append(authModuleConfig.sessionCookieValues().secure()).append(sb2).toString();
                    sb = new StringBuilder(6).append(sb4).append("&hash=").append(this.otoroshi$controllers$AuthController$$env.sign(sb4)).toString();
                    break;
                default:
                    String sb5 = new StringBuilder(86).append(protocol).append("://").append(host).append(":").append(port).append("/.well-known/otoroshi/login?sessionId=").append(privateAppsUser2.randomId()).append("&redirectTo=").append(str3).append("&host=").append(host).append("&cp=").append(authModuleConfig.cookieSuffix(serviceDescriptor)).append("&ma=").append(authModuleConfig.sessionMaxAge()).append("&httpOnly=").append(authModuleConfig.sessionCookieValues().httpOnly()).append("&secure=").append(authModuleConfig.sessionCookieValues().secure()).append(sb2).toString();
                    sb = new StringBuilder(6).append(sb5).append("&hash=").append(this.otoroshi$controllers$AuthController$$env.sign(sb5)).toString();
                    break;
            }
            String str4 = sb;
            return z ? this.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("location"), Json$.MODULE$.toJsFieldJsValueWrapper(str4, Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{new StringBuilder(24).append("pa-redirect-after-login-").append(authModuleConfig.cookieSuffix(serviceDescriptor)).toString(), "desc"}), requestHeader).withCookies(this.otoroshi$controllers$AuthController$$env.createPrivateSessionCookies(host, privateAppsUser2.randomId(), serviceDescriptor, authModuleConfig, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(privateAppsUser2)))) : this.Redirect(str4, this.Redirect$default$2(), this.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{new StringBuilder(24).append("pa-redirect-after-login-").append(authModuleConfig.cookieSuffix(serviceDescriptor)).toString(), "desc"}), requestHeader).withCookies(this.otoroshi$controllers$AuthController$$env.createPrivateSessionCookies(host, privateAppsUser2.randomId(), serviceDescriptor, authModuleConfig, implicits$BetterSyntax$.MODULE$.some$extension(implicits$.MODULE$.BetterSyntax(privateAppsUser2))));
        }, ec());
    }

    private final Future process$1(String str, PrivateAppsActionContext privateAppsActionContext, Request request) {
        if (logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
            logger().debug(() -> {
                return new StringBuilder(33).append("redirect to service descriptor : ").append(str).toString();
            }, MarkerContext$.MODULE$.NoMarker());
        }
        return this.otoroshi$controllers$AuthController$$env.datastores().serviceDescriptorDataStore().findOrRouteById(str, ec(), this.otoroshi$controllers$AuthController$$env).flatMap(option -> {
            boolean z = false;
            Some some = null;
            if (None$.MODULE$.equals(option)) {
                return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Service not found", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
            }
            if (option instanceof Some) {
                z = true;
                some = (Some) option;
                if (!((ServiceDescriptor) some.value()).privateApp()) {
                    return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Private apps are not configured", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
                }
            }
            if (z) {
                ServiceDescriptor serviceDescriptor = (ServiceDescriptor) some.value();
                if (serviceDescriptor.privateApp()) {
                    String id = serviceDescriptor.id();
                    String id2 = this.otoroshi$controllers$AuthController$$env.backOfficeDescriptor().id();
                    if (id != null ? !id.equals(id2) : id2 != null) {
                        return this.withAuthConfig(serviceDescriptor, privateAppsActionContext.request(), authModuleConfig -> {
                            return this.verifyHash(serviceDescriptor.id(), authModuleConfig, privateAppsActionContext.request(), authModuleConfig -> {
                                String type = authModuleConfig.type();
                                if (type != null ? type.equals("basic") : "basic" == 0) {
                                    if (((BasicAuthModuleConfig) authModuleConfig).webauthn()) {
                                        BasicAuthModule basicAuthModule = (BasicAuthModule) authModuleConfig.authModule(privateAppsActionContext.globalConfig());
                                        boolean z2 = false;
                                        Some some2 = null;
                                        Option option = request.headers().get("WebAuthn-Login-Step");
                                        if (option instanceof Some) {
                                            z2 = true;
                                            some2 = (Some) option;
                                            if ("start".equals((String) some2.value())) {
                                                return basicAuthModule.webAuthnLoginStart((JsValue) ((AnyContent) privateAppsActionContext.request().body()).asJson().get(), serviceDescriptor, this.otoroshi$controllers$AuthController$$env, this.ec()).map(either -> {
                                                    if (either instanceof Left) {
                                                        return this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper((String) ((Left) either).value(), Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
                                                    }
                                                    if (either instanceof Right) {
                                                        return this.Ok().apply((JsValue) ((Right) either).value(), Writeable$.MODULE$.writeableOf_JsValue());
                                                    }
                                                    throw new MatchError(either);
                                                }, this.ec());
                                            }
                                        }
                                        return (z2 && "finish".equals((String) some2.value())) ? basicAuthModule.webAuthnLoginFinish((JsValue) ((AnyContent) privateAppsActionContext.request().body()).asJson().get(), serviceDescriptor, this.otoroshi$controllers$AuthController$$env, this.ec()).flatMap(either2 -> {
                                            if (either2 instanceof Left) {
                                                return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper((String) ((Left) either2).value(), Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                                            }
                                            if (either2 instanceof Right) {
                                                return this.saveUser$1((PrivateAppsUser) ((Right) either2).value(), authModuleConfig, serviceDescriptor, true, privateAppsActionContext.request(), privateAppsActionContext);
                                            }
                                            throw new MatchError(either2);
                                        }, this.ec()) : implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.BadRequest().apply(error$.MODULE$.apply("Missing step", this.otoroshi$controllers$AuthController$$env, "Authorization error", error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
                                    }
                                }
                                return authModuleConfig.authModule(privateAppsActionContext.globalConfig()).paCallback(privateAppsActionContext.request(), privateAppsActionContext.globalConfig(), serviceDescriptor, this.ec(), this.otoroshi$controllers$AuthController$$env).flatMap(either3 -> {
                                    if (either3 instanceof Left) {
                                        return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.BadRequest().apply(error$.MODULE$.apply(new StringBuilder(28).append("You're not authorized here: ").append((String) ((Left) either3).value()).toString(), this.otoroshi$controllers$AuthController$$env, "Authorization error", error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
                                    }
                                    if (either3 instanceof Right) {
                                        return this.saveUser$1((PrivateAppsUser) ((Right) either3).value(), authModuleConfig, serviceDescriptor, false, privateAppsActionContext.request(), privateAppsActionContext);
                                    }
                                    throw new MatchError(either3);
                                }, this.ec());
                            });
                        });
                    }
                }
            }
            return implicits$BetterSyntax$.MODULE$.vfuture$extension(implicits$.MODULE$.BetterSyntax(this.NotFound().apply(error$.MODULE$.apply("Private apps are not configured", this.otoroshi$controllers$AuthController$$env, error$.MODULE$.apply$default$3(), error$.MODULE$.apply$default$4()), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())))));
        }, ec());
    }

    public static final /* synthetic */ Result $anonfun$backOfficeLogout$2(AuthController authController, BackOfficeActionContextAuth backOfficeActionContextAuth, Option option, Request request, boolean z) {
        Alerts$.MODULE$.send(new AdminLoggedOutAlert(authController.otoroshi$controllers$AuthController$$env.snowflakeGenerator().nextIdStr(), authController.otoroshi$controllers$AuthController$$env.env(), backOfficeActionContextAuth.user(), backOfficeActionContextAuth.from(authController.otoroshi$controllers$AuthController$$env), backOfficeActionContextAuth.ua(), AdminLoggedOutAlert$.MODULE$.apply$default$6()), authController.otoroshi$controllers$AuthController$$env);
        return authController.Redirect((String) option.getOrElse(() -> {
            return routes.BackOfficeController.index().url();
        }), authController.Redirect$default$2(), authController.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{"bousr", "bo-redirect-after-login"}), request);
    }

    public static final /* synthetic */ Result $anonfun$backOfficeLogout$5(AuthController authController, BackOfficeActionContextAuth backOfficeActionContextAuth, Option option, Request request, boolean z) {
        Alerts$.MODULE$.send(new AdminLoggedOutAlert(authController.otoroshi$controllers$AuthController$$env.snowflakeGenerator().nextIdStr(), authController.otoroshi$controllers$AuthController$$env.env(), backOfficeActionContextAuth.user(), backOfficeActionContextAuth.from(authController.otoroshi$controllers$AuthController$$env), backOfficeActionContextAuth.ua(), AdminLoggedOutAlert$.MODULE$.apply$default$6()), authController.otoroshi$controllers$AuthController$$env);
        return authController.Redirect((String) option.getOrElse(() -> {
            return routes.BackOfficeController.index().url();
        }), authController.Redirect$default$2(), authController.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{"bousr", "bo-redirect-after-login"}), request);
    }

    public static final /* synthetic */ Result $anonfun$backOfficeLogout$9(AuthController authController, BackOfficeActionContextAuth backOfficeActionContextAuth, Result result, Request request, boolean z) {
        Alerts$.MODULE$.send(new AdminLoggedOutAlert(authController.otoroshi$controllers$AuthController$$env.snowflakeGenerator().nextIdStr(), authController.otoroshi$controllers$AuthController$$env.env(), backOfficeActionContextAuth.user(), backOfficeActionContextAuth.from(authController.otoroshi$controllers$AuthController$$env), backOfficeActionContextAuth.ua(), AdminLoggedOutAlert$.MODULE$.apply$default$6()), authController.otoroshi$controllers$AuthController$$env);
        return result.removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{"bousr", "bo-redirect-after-login"}), request);
    }

    public static final /* synthetic */ Result $anonfun$backOfficeLogout$10(AuthController authController, BackOfficeActionContextAuth backOfficeActionContextAuth, Option option, Request request, boolean z) {
        Alerts$.MODULE$.send(new AdminLoggedOutAlert(authController.otoroshi$controllers$AuthController$$env.snowflakeGenerator().nextIdStr(), authController.otoroshi$controllers$AuthController$$env.env(), backOfficeActionContextAuth.user(), backOfficeActionContextAuth.from(authController.otoroshi$controllers$AuthController$$env), backOfficeActionContextAuth.ua(), AdminLoggedOutAlert$.MODULE$.apply$default$6()), authController.otoroshi$controllers$AuthController$$env);
        return authController.Redirect((String) option.getOrElse(() -> {
            return routes.BackOfficeController.index().url();
        }), authController.Redirect$default$2(), authController.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{"bousr", "bo-redirect-after-login"}), request);
    }

    public static final /* synthetic */ Result $anonfun$backOfficeLogout$13(AuthController authController, BackOfficeActionContextAuth backOfficeActionContextAuth, String str, Request request, boolean z) {
        Alerts$.MODULE$.send(new AdminLoggedOutAlert(authController.otoroshi$controllers$AuthController$$env.snowflakeGenerator().nextIdStr(), authController.otoroshi$controllers$AuthController$$env.env(), backOfficeActionContextAuth.user(), backOfficeActionContextAuth.from(authController.otoroshi$controllers$AuthController$$env), backOfficeActionContextAuth.ua(), AdminLoggedOutAlert$.MODULE$.apply$default$6()), authController.otoroshi$controllers$AuthController$$env);
        return authController.Redirect(str, authController.Redirect$default$2(), authController.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{"bousr", "bo-redirect-after-login"}), request);
    }

    public static final /* synthetic */ void $anonfun$backOfficeCallback$3(AuthController authController, BackOfficeUser backOfficeUser, BackOfficeUser backOfficeUser2, BackOfficeActionContext backOfficeActionContext, AuthModuleConfig authModuleConfig, boolean z) {
        if (false == z) {
            authController.otoroshi$controllers$AuthController$$env.datastores().backOfficeUserDataStore().alreadyLoggedIn(backOfficeUser.email(), authController.ec(), authController.otoroshi$controllers$AuthController$$env);
            Alerts$.MODULE$.send(new AdminFirstLogin(authController.otoroshi$controllers$AuthController$$env.snowflakeGenerator().nextIdStr(), authController.otoroshi$controllers$AuthController$$env.env(), backOfficeUser2, backOfficeActionContext.from(authController.otoroshi$controllers$AuthController$$env), backOfficeActionContext.ua(), AdminFirstLogin$.MODULE$.apply$default$6()), authController.otoroshi$controllers$AuthController$$env);
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (true != z) {
                throw new MatchError(BoxesRunTime.boxToBoolean(z));
            }
            Alerts$.MODULE$.send(new AdminLoggedInAlert(authController.otoroshi$controllers$AuthController$$env.snowflakeGenerator().nextIdStr(), authController.otoroshi$controllers$AuthController$$env.env(), backOfficeUser2, backOfficeActionContext.from(authController.otoroshi$controllers$AuthController$$env), backOfficeActionContext.ua(), authModuleConfig.id(), AdminLoggedInAlert$.MODULE$.apply$default$7()), authController.otoroshi$controllers$AuthController$$env);
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
    }

    private final Future saveUser$2(BackOfficeUser backOfficeUser, AuthModuleConfig authModuleConfig, boolean z, RequestHeader requestHeader, BackOfficeActionContext backOfficeActionContext, Request request) {
        return backOfficeUser.save(Duration$.MODULE$.apply(this.otoroshi$controllers$AuthController$$env.backOfficeSessionExp(), TimeUnit.MILLISECONDS), ec(), this.otoroshi$controllers$AuthController$$env).map(backOfficeUser2 -> {
            this.otoroshi$controllers$AuthController$$env.datastores().backOfficeUserDataStore().hasAlreadyLoggedIn(backOfficeUser.email(), this.ec(), this.otoroshi$controllers$AuthController$$env).map(obj -> {
                $anonfun$backOfficeCallback$3(this, backOfficeUser, backOfficeUser2, backOfficeActionContext, authModuleConfig, BoxesRunTime.unboxToBoolean(obj));
                return BoxedUnit.UNIT;
            }, this.ec());
            return this.Redirect((String) request.session().get("bo-redirect-after-login").getOrElse(() -> {
                return routes.BackOfficeController.index().absoluteURL(this.otoroshi$controllers$AuthController$$env.exposedRootSchemeIsHttps(), request);
            }), this.Redirect$default$2(), this.Redirect$default$3()).removingFromSession(Predef$.MODULE$.wrapRefArray(new String[]{"bo-redirect-after-login"}), request).addingToSession(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("bousr"), backOfficeUser2.randomId())}), request);
        }, ec());
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public AuthController(BackOfficeActionAuth backOfficeActionAuth, PrivateAppsAction privateAppsAction, BackOfficeAction backOfficeAction, ControllerComponents controllerComponents, Env env) {
        super(controllerComponents);
        this.BackOfficeActionAuth = backOfficeActionAuth;
        this.PrivateAppsAction = privateAppsAction;
        this.BackOfficeAction = backOfficeAction;
        this.otoroshi$controllers$AuthController$$env = env;
    }
}
