package io.datarouter.auth.web;

import io.datarouter.auth.config.DatarouterAuthPaths;
import io.datarouter.auth.service.DatarouterUserEditService;
import io.datarouter.auth.service.DatarouterUserInfo;
import io.datarouter.auth.service.DatarouterUserService;
import io.datarouter.auth.service.PermissionRequestUserInfo;
import io.datarouter.auth.storage.permissionrequest.DatarouterPermissionRequest;
import io.datarouter.auth.storage.permissionrequest.DatarouterPermissionRequestDao;
import io.datarouter.email.type.DatarouterEmailTypes;
import io.datarouter.storage.config.DatarouterSubscribersSupplier;
import io.datarouter.storage.config.properties.AdminEmail;
import io.datarouter.storage.config.properties.ServiceName;
import io.datarouter.storage.config.setting.DatarouterEmailSubscriberSettings;
import io.datarouter.storage.servertype.ServerTypeDetector;
import io.datarouter.util.string.StringTool;
import io.datarouter.util.time.ZonedDateFormatterTool;
import io.datarouter.web.email.DatarouterHtmlEmailService;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.mav.Mav;
import io.datarouter.web.handler.mav.imp.GlobalRedirectMav;
import io.datarouter.web.handler.mav.imp.InContextRedirectMav;
import io.datarouter.web.handler.mav.imp.MessageMav;
import io.datarouter.web.html.form.HtmlForm;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4FormHtml;
import io.datarouter.web.html.j2html.bootstrap4.Bootstrap4PageFactory;
import io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig;
import io.datarouter.web.user.databean.DatarouterUser;
import io.datarouter.web.user.role.DatarouterUserRole;
import j2html.TagCreator;
import j2html.tags.DomContent;
import j2html.tags.specialized.DivTag;
import j2html.tags.specialized.TableTag;
import j2html.tags.specialized.TrTag;
import java.time.Instant;
import java.time.ZoneId;
import java.util.Comparator;
import java.util.Date;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/auth/web/DatarouterPermissionRequestHandler.class */
public class DatarouterPermissionRequestHandler extends BaseHandler {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterPermissionRequestHandler.class);
    private static final String P_REASON = "reason";
    private static final String EMAIL_TITLE = "Permission Request";

    @Inject
    private Bootstrap4PageFactory bootstrap4PageFactory;

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private DatarouterPermissionRequestDao datarouterPermissionRequestDao;

    @Inject
    private DatarouterUserService datarouterUserService;

    @Inject
    private DatarouterHtmlEmailService htmlEmailService;

    @Inject
    private DatarouterAuthPaths paths;

    @Inject
    private DatarouterUserEditService userEditService;

    @Inject
    private DatarouterUserInfo datarouterUserInfo;

    @Inject
    private DatarouterEmailTypes.PermissionRequestEmailType permissionRequestEmailType;

    @Inject
    private ServiceName serviceName;

    @Inject
    private ServerTypeDetector serverTypeDetector;

    @Inject
    private AdminEmail adminEmail;

    @Inject
    private DatarouterSubscribersSupplier subscibersEmail;

    @Inject
    private DatarouterEmailSubscriberSettings subscribersSettings;

    @Inject
    private PermissionRequestUserInfo.PermissionRequestUserInfoSupplier userInfoSupplier;

    /* loaded from: input_file:io/datarouter/auth/web/DatarouterPermissionRequestHandler$PermissionRequestDto.class */
    public static class PermissionRequestDto {
        public final String requestTime;
        public final Long requestTimeMs;
        public final String requestText;
        public final String resolutionTime;
        public final Long resolutionTimeMs;
        public final String resolution;
        public final String editor;

        public PermissionRequestDto(Instant instant, String str, Optional<Instant> optional, String str2, ZoneId zoneId, String str3) {
            this.requestTime = ZonedDateFormatterTool.formatInstantWithZone(instant, zoneId);
            this.requestTimeMs = Long.valueOf(instant.toEpochMilli());
            this.requestText = str;
            this.resolutionTime = (String) optional.map(instant2 -> {
                return ZonedDateFormatterTool.formatInstantWithZone(instant2, zoneId);
            }).orElse(null);
            this.resolutionTimeMs = (Long) optional.map((v0) -> {
                return v0.toEpochMilli();
            }).orElse(null);
            this.resolution = str2;
            this.editor = str3;
        }
    }

    /* loaded from: input_file:io/datarouter/auth/web/DatarouterPermissionRequestHandler$SuccessAndMessageDto.class */
    private static class SuccessAndMessageDto {
        public final Boolean success;
        public final String message;

        protected SuccessAndMessageDto() {
            this.success = true;
            this.message = "";
        }

        protected SuccessAndMessageDto(boolean z, String str) {
            this.success = Boolean.valueOf(z);
            this.message = (String) Objects.requireNonNull(str);
        }
    }

    @BaseHandler.Handler(defaultHandler = true)
    public Mav showForm(Optional<String> optional, Optional<String> optional2) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        DatarouterPermissionRequest datarouterPermissionRequest = (DatarouterPermissionRequest) this.datarouterPermissionRequestDao.scanOpenPermissionRequestsForUser(getCurrentUser().getId()).findMax(Comparator.comparing(datarouterPermissionRequest2 -> {
            return datarouterPermissionRequest2.getKey().getRequestTime();
        })).orElse(null);
        Optional<U> map = optional.map(str -> {
            StringBuilder append = new StringBuilder("I tried to go to this URL: ").append(str).append(".");
            String str = " These are its allowed roles at the time of this request: ";
            " These are its allowed roles at the time of this request: ".getClass();
            return append.append((String) optional2.map(str::concat).orElse("")).toString();
        });
        HashSet hashSet = new HashSet();
        if (this.serverTypeDetector.mightBeProduction()) {
            hashSet.addAll(this.permissionRequestEmailType.tos);
        }
        hashSet.add(this.adminEmail.get());
        if (((Boolean) this.subscribersSettings.includeSubscribers.get()).booleanValue()) {
            hashSet.addAll(this.subscibersEmail.get());
        }
        String join = this.paths.permissionRequest.declineAll.join("/");
        DivTag divTag = new DivTag();
        if (datarouterPermissionRequest != null) {
            divTag = TagCreator.div(new DomContent[]{TagCreator.p("You already have an open permission request for " + this.serviceName.get() + ". You may submit another request to replace it."), TagCreator.p("Time Requested: " + datarouterPermissionRequest.getKey().getRequestTime()), TagCreator.p("Request Text: " + datarouterPermissionRequest.getRequestText()), TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"Click ", TagCreator.a("here").withHref(join), " to decline it."})})});
        }
        DivTag with = TagCreator.div().with(TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"Welcome to ", this.serviceName.get(), ". ", TagCreator.a("Sign out.").withHref(String.valueOf(this.request.getContextPath()) + "/" + this.paths.signout.getValue())})})).with(divTag).condWith(datarouterPermissionRequest == null, TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"If you need (additional) permissions to use ", this.serviceName.get(), ", submit the form below, and the administrator will follow up."})})).with(TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"You will need to ", TagCreator.a("Sign out").withHref(String.valueOf(this.request.getContextPath()) + "/" + this.paths.signout.getValue()), " and sign back in to refresh your permissions"})})).with(TagCreator.p(new DomContent[]{TagCreator.join(new Object[]{"If you have any questions, you may email the administrator(s) at ", TagCreator.a(String.join(",", hashSet)).withHref("mailto: " + String.join(",", hashSet))})}));
        HtmlForm withMethod = new HtmlForm().withAction("?submitAction=submit").withMethod("post");
        withMethod.addTextAreaField().withDisplay(String.format("Why you want to access %s:", this.serviceName.get())).withName(P_REASON).withPlaceholder("explain reason here").required();
        withMethod.addTextField().withDisplay("Additional information we have detected: ").withName("specifics").withValue((String) map.orElse(null)).readOnly();
        withMethod.addButton().withDisplay("Submit");
        return this.bootstrap4PageFactory.startBuilder(this.request).withTitle("Datarouter - Permission Request").withContent(TagCreator.div().with(with).with(TagCreator.div().with(TagCreator.div(new DomContent[]{Bootstrap4FormHtml.render(withMethod)})).withClasses(new String[]{"card card-body bg-light control-group"})).withClass("container-fluid")).buildMav();
    }

    @BaseHandler.Handler
    private Mav submit(Optional<String> optional) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        String required = this.params.required(P_REASON);
        if (StringTool.isEmpty(required)) {
            throw new IllegalArgumentException("Reason is required.");
        }
        String orElse = optional.orElse("");
        DatarouterUser currentUser = getCurrentUser();
        this.datarouterPermissionRequestDao.createPermissionRequest(new DatarouterPermissionRequest(currentUser.getId(), new Date(), "reason: " + required + ", specifics: " + orElse, null, null));
        sendRequestEmail(currentUser, required, orElse);
        return currentUser.getRoles().size() > 1 ? new InContextRedirectMav(this.request, this.paths.home) : showForm(Optional.empty(), Optional.empty());
    }

    @BaseHandler.Handler
    private Mav declineAll(Optional<Long> optional, Optional<String> optional2) {
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new MessageMav(noDatarouterAuthentication());
        }
        DatarouterUser currentUser = getCurrentUser();
        if (!optional.orElse(currentUser.getId()).equals(currentUser.getId()) && !currentUser.getRoles().contains(DatarouterUserRole.DATAROUTER_ADMIN.getRole())) {
            return new MessageMav("You do not have permission to decline this request.");
        }
        this.datarouterPermissionRequestDao.declineAll(optional.orElse(currentUser.getId()));
        DatarouterUser datarouterUser = currentUser;
        if (!optional.orElse(currentUser.getId()).equals(getCurrentUser().getId())) {
            datarouterUser = this.datarouterUserInfo.getUserById(optional.get(), true).get();
        }
        sendDeclineEmail(datarouterUser, currentUser);
        return optional2.isEmpty() ? currentUser.getRoles().size() > 1 ? new InContextRedirectMav(this.request, this.paths.home) : showForm(Optional.empty(), Optional.empty()) : new GlobalRedirectMav(optional2.get());
    }

    @BaseHandler.Handler
    private SuccessAndMessageDto declinePermissionRequests(String str) {
        long parseLong = Long.parseLong(str);
        if (!this.authenticationConfig.useDatarouterAuthentication()) {
            return new SuccessAndMessageDto(false, noDatarouterAuthentication());
        }
        DatarouterUser currentUser = getCurrentUser();
        if (parseLong != currentUser.getId().longValue() && !currentUser.getRoles().contains(DatarouterUserRole.DATAROUTER_ADMIN.getRole())) {
            return new SuccessAndMessageDto(false, "You do not have permission to decline this request.");
        }
        this.datarouterPermissionRequestDao.declineAll(Long.valueOf(parseLong));
        DatarouterUser datarouterUser = currentUser;
        if (parseLong != getCurrentUser().getId().longValue()) {
            datarouterUser = this.datarouterUserInfo.getUserById(Long.valueOf(parseLong), true).get();
        }
        sendDeclineEmail(datarouterUser, currentUser);
        return new SuccessAndMessageDto();
    }

    private DatarouterUser getCurrentUser() {
        return this.datarouterUserService.getAndValidateCurrentUser(getSessionInfo().getRequiredSession());
    }

    private void sendRequestEmail(DatarouterUser datarouterUser, String str, String str2) {
        String username = datarouterUser.getUsername();
        String build = this.htmlEmailService.startLinkBuilder().withLocalPath(this.paths.admin.editUser.toSlashedString()).withParam("userId", new StringBuilder().append(datarouterUser.getId()).toString()).build();
        this.htmlEmailService.trySendJ2Html(this.htmlEmailService.startEmailBuilder().withSubject(this.userEditService.getPermissionRequestEmailSubject(datarouterUser)).withTitle(EMAIL_TITLE).withTitleHref(build).withContent(TagCreator.div(new DomContent[]{(TableTag) TagCreator.table(new DomContent[]{TagCreator.tbody().with(createLabelValueTr("Service", TagCreator.text(this.serviceName.get())).with(this.userInfoSupplier.get().getUserInformation(datarouterUser))).with(createLabelValueTr("Reason", TagCreator.text(str))).condWith(StringTool.notEmpty(str2), createLabelValueTr("Specifics", TagCreator.text(str2)))}).withStyle("border-spacing: 0"), TagCreator.p(new DomContent[]{TagCreator.a("Edit user profile").withHref(build)})})).from(username).to(username).to(this.permissionRequestEmailType, this.serverTypeDetector.mightBeProduction()).toSubscribers(this.serverTypeDetector.mightBeProduction()).toAdmin(this.serverTypeDetector.mightBeDevelopment()));
    }

    private void sendDeclineEmail(DatarouterUser datarouterUser, DatarouterUser datarouterUser2) {
        this.htmlEmailService.trySendJ2Html(this.htmlEmailService.startEmailBuilder().withSubject(this.userEditService.getPermissionRequestEmailSubject(datarouterUser)).withTitle(EMAIL_TITLE).withTitleHref(this.htmlEmailService.startLinkBuilder().withLocalPath(this.paths.admin.editUser.toSlashedString()).withParam("userId", new StringBuilder().append(datarouterUser.getId()).toString()).build()).withContent(TagCreator.p(String.format("Permission requests declined for user %s by user %s", datarouterUser.getUsername(), datarouterUser2.getUsername()))).from(datarouterUser.getUsername()).to(datarouterUser.getUsername()).to(this.permissionRequestEmailType, this.serverTypeDetector.mightBeProduction()).toSubscribers(this.serverTypeDetector.mightBeProduction()).toAdmin(this.serverTypeDetector.mightBeDevelopment()));
    }

    public static TrTag createLabelValueTr(String str, DomContent... domContentArr) {
        return TagCreator.tr(new DomContent[]{TagCreator.td(new DomContent[]{TagCreator.b(String.valueOf(str) + ' ')}).withStyle("text-align: right"), TagCreator.td().with(domContentArr).withStyle("padding-left: 8px")}).withStyle("vertical-align: top");
    }

    private String noDatarouterAuthentication() {
        logger.warn("{} went to non-DR permission request page.", getSessionInfo().getRequiredSession().getUsername());
        return "This is only available when using datarouter authentication. Please email " + this.adminEmail.get() + " for assistance.";
    }
}
