package io.datarouter.auth.service;

import io.datarouter.auth.storage.accountpermission.DatarouterAccountPermissionKey;
import io.datarouter.web.dispatcher.ApiKeyPredicate;
import io.datarouter.web.dispatcher.DispatchRule;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;

@Singleton
/* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountApiKeyPredicate.class */
public class DatarouterAccountApiKeyPredicate extends ApiKeyPredicate {
    private final DatarouterAccountCredentialService datarouterAccountCredentialService;
    private final DatarouterAccountCounters datarouterAccountCounters;

    @Singleton
    /* loaded from: input_file:io/datarouter/auth/service/DatarouterAccountApiKeyPredicate$DatarouterAccountApiKeyPredicateFactory.class */
    public static class DatarouterAccountApiKeyPredicateFactory {

        @Inject
        private DatarouterAccountCredentialService datarouterAccountCredentialService;

        @Inject
        private DatarouterAccountCounters datarouterAccountCounters;

        public DatarouterAccountApiKeyPredicate create(String str) {
            return new DatarouterAccountApiKeyPredicate(str, this.datarouterAccountCredentialService, this.datarouterAccountCounters);
        }
    }

    @Inject
    public DatarouterAccountApiKeyPredicate(DatarouterAccountCredentialService datarouterAccountCredentialService, DatarouterAccountCounters datarouterAccountCounters) {
        this("apiKey", datarouterAccountCredentialService, datarouterAccountCounters);
    }

    private DatarouterAccountApiKeyPredicate(String str, DatarouterAccountCredentialService datarouterAccountCredentialService, DatarouterAccountCounters datarouterAccountCounters) {
        super(str);
        this.datarouterAccountCredentialService = datarouterAccountCredentialService;
        this.datarouterAccountCounters = datarouterAccountCounters;
    }

    public ApiKeyPredicate.ApiKeyPredicateCheck innerCheck(DispatchRule dispatchRule, HttpServletRequest httpServletRequest, String str) {
        return (ApiKeyPredicate.ApiKeyPredicateCheck) check(dispatchRule.getPersistentString(), str).map(str2 -> {
            return new ApiKeyPredicate.ApiKeyPredicateCheck(true, str2);
        }).orElseGet(() -> {
            return new ApiKeyPredicate.ApiKeyPredicateCheck(false, "no account for " + obfuscate(str));
        });
    }

    public Optional<String> check(Optional<String> optional, String str) {
        Optional findFirst = this.datarouterAccountCredentialService.scanPermissionsForApiKeyAuth(str).include(datarouterAccountPermissionKey -> {
            return isValidEndpoint(datarouterAccountPermissionKey, optional);
        }).findFirst();
        DatarouterAccountCounters datarouterAccountCounters = this.datarouterAccountCounters;
        datarouterAccountCounters.getClass();
        findFirst.ifPresent(datarouterAccountCounters::incPermissionUsage);
        return findFirst.map((v0) -> {
            return v0.getAccountName();
        });
    }

    private boolean isValidEndpoint(DatarouterAccountPermissionKey datarouterAccountPermissionKey, Optional<String> optional) {
        boolean equals = datarouterAccountPermissionKey.getEndpoint().equals(DatarouterAccountPermissionKey.ALL_ENDPOINTS);
        String endpoint = datarouterAccountPermissionKey.getEndpoint();
        endpoint.getClass();
        return equals || ((Boolean) optional.map((v1) -> {
            return r1.equals(v1);
        }).orElse(false)).booleanValue();
    }
}
