package io.datarouter.auth.service;

import io.datarouter.auth.storage.user.DatarouterUserDao;
import io.datarouter.util.array.ArrayTool;
import io.datarouter.web.user.databean.DatarouterUser;
import io.datarouter.web.user.databean.DatarouterUserKey;
import io.datarouter.web.user.role.DatarouterUserRole;
import io.datarouter.web.user.session.DatarouterSession;
import io.datarouter.web.user.session.service.Role;
import io.datarouter.web.user.session.service.RoleManager;
import io.datarouter.web.util.PasswordTool;
import java.util.Objects;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:io/datarouter/auth/service/DatarouterUserService.class */
public class DatarouterUserService {

    @Inject
    private DatarouterUserDao nodes;

    @Inject
    private RoleManager roleManager;

    public DatarouterUser getAndValidateCurrentUser(DatarouterSession datarouterSession) {
        DatarouterUser userBySession = getUserBySession(datarouterSession);
        if (userBySession == null || !userBySession.getEnabled().booleanValue()) {
            throw new RuntimeException("Current user does not exist or is not enabled.");
        }
        return userBySession;
    }

    public DatarouterUser getUserBySession(DatarouterSession datarouterSession) {
        if (datarouterSession == null || datarouterSession.getUserId() == null) {
            return null;
        }
        return this.nodes.get(new DatarouterUserKey(datarouterSession.getUserId()));
    }

    public DatarouterUser getUserById(Long l) {
        return this.nodes.get(new DatarouterUserKey(l));
    }

    public boolean canEditUser(DatarouterUser datarouterUser, DatarouterUser datarouterUser2) {
        if (datarouterUser.equals(datarouterUser2)) {
            return true;
        }
        return !isAdmin(datarouterUser) && this.roleManager.isAdmin(datarouterUser2.getRoles()).booleanValue() && datarouterUser2.getEnabled().booleanValue();
    }

    public boolean canHavePassword(DatarouterUser datarouterUser) {
        return datarouterUser.getPasswordDigest() != null || isAdmin(datarouterUser);
    }

    public boolean isPasswordCorrect(DatarouterUser datarouterUser, String str) {
        if (datarouterUser == null || str == null) {
            return false;
        }
        return Objects.equals(datarouterUser.getPasswordDigest(), PasswordTool.digest(datarouterUser.getPasswordSalt(), str));
    }

    public boolean isPasswordCorrect(String str, String str2) {
        return isPasswordCorrect(this.nodes.getByUsername(new DatarouterUser.DatarouterUserByUsernameLookup(str)), str2);
    }

    public Set<Role> getAllowedUserRoles(DatarouterUser datarouterUser, String[] strArr) {
        RoleManager roleManager = this.roleManager;
        roleManager.getClass();
        Set<Role> mapToSet = ArrayTool.mapToSet(roleManager::getRoleFromPersistentString, strArr);
        mapToSet.retainAll(this.roleManager.getConferrableRoles(datarouterUser.getRoles()));
        mapToSet.add(DatarouterUserRole.REQUESTOR.getRole());
        return mapToSet;
    }

    public void assertUserDoesNotExist(Long l, String str, String str2) {
        if (getUserById(l) != null) {
            throw new IllegalArgumentException("DatarouterUser already exists with id=" + l);
        }
        if (this.nodes.getByUserToken(new DatarouterUser.DatarouterUserByUserTokenLookup(str)) != null) {
            throw new IllegalArgumentException("DatarouterUser already exists with userToken=" + str);
        }
        if (this.nodes.getByUsername(new DatarouterUser.DatarouterUserByUsernameLookup(str2)) != null) {
            throw new IllegalArgumentException("DatarouterUser already exists with username=" + str2);
        }
    }

    public boolean isAdmin(DatarouterUser datarouterUser) {
        return datarouterUser.getRoles().contains(DatarouterUserRole.DATAROUTER_ADMIN.getRole());
    }
}
