package io.stargate.graphql.web.resources;

import graphql.schema.idl.SchemaPrinter;
import io.stargate.auth.AuthenticationSubject;
import io.stargate.auth.AuthorizationService;
import io.stargate.auth.SourceAPI;
import io.stargate.auth.UnauthorizedException;
import io.stargate.auth.entity.ResourceKind;
import io.stargate.db.datastore.DataStore;
import io.stargate.graphql.persistence.graphqlfirst.SchemaSource;
import io.stargate.graphql.persistence.graphqlfirst.SchemaSourceDao;
import io.stargate.graphql.schema.graphqlfirst.processor.CqlDirectives;
import io.stargate.graphql.schema.scalars.CqlScalar;
import java.util.Collections;
import java.util.Optional;
import java.util.UUID;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Authenticated
@Path(ResourcePaths.FILES)
/* loaded from: input_file:io/stargate/graphql/web/resources/FilesResource.class */
public class FilesResource {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) FilesResource.class);
    private static final String DIRECTIVES_RESPONSE = buildDirectivesResponse();
    private final AuthorizationService authorizationService;

    @Inject
    public FilesResource(AuthorizationService authorizationService) {
        this.authorizationService = authorizationService;
    }

    @GET
    @Produces({MediaType.TEXT_PLAIN})
    @Path("/cql_directives.graphql")
    public Response getCqlDirectives() {
        return Response.ok(DIRECTIVES_RESPONSE).header("Content-Disposition", "inline; filename=\"cql_directives.graphql\"").build();
    }

    @GET
    @Produces({MediaType.TEXT_PLAIN})
    @Path("/keyspace/{keyspaceName}.graphql")
    public Response getSchema(@HeaderParam("X-Cassandra-Token") String str, @PathParam("keyspaceName") String str2, @QueryParam("version") String str3, @Context HttpServletRequest httpServletRequest) throws Exception {
        if (!DmlResource.KEYSPACE_NAME_PATTERN.matcher(str2).matches()) {
            LOG.warn("Malformed keyspace in URI, this could be an XSS attack: {}", str2);
            return Response.status(Response.Status.BAD_REQUEST).entity("Malformed keyspace name").build();
        }
        UUID uuid = null;
        if (str3 != null) {
            try {
                uuid = UUID.fromString(str3);
            } catch (IllegalArgumentException e) {
                LOG.warn("Malformed version in URI, this could be an XSS attack: {}", str3);
                return Response.status(Response.Status.BAD_REQUEST).entity("Malformed version").build();
            }
        }
        try {
            this.authorizationService.authorizeSchemaRead((AuthenticationSubject) httpServletRequest.getAttribute(AuthenticationFilter.SUBJECT_KEY), Collections.singletonList(SchemaSourceDao.KEYSPACE_NAME), Collections.singletonList(SchemaSourceDao.TABLE_NAME), SourceAPI.GRAPHQL, ResourceKind.TABLE);
            SchemaSource singleVersion = new SchemaSourceDao((DataStore) httpServletRequest.getAttribute(AuthenticationFilter.DATA_STORE_KEY)).getSingleVersion(str2, Optional.ofNullable(uuid));
            return singleVersion == null ? notFound(str2, str3) : Response.ok(singleVersion.getContents()).header("Content-Disposition", "inline; filename=" + createFileName(singleVersion)).build();
        } catch (UnauthorizedException e2) {
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
    }

    private Response notFound(String str, String str2) {
        return Response.status(Response.Status.NOT_FOUND.getStatusCode(), String.format("The schema for keyspace %s and version %s does not exist.", str, str2)).build();
    }

    private String createFileName(SchemaSource schemaSource) {
        return String.format("\"%s-%s.graphql\"", schemaSource.getKeyspace(), schemaSource.getVersion());
    }

    private static String buildDirectivesResponse() {
        StringBuilder sb = new StringBuilder(CqlDirectives.ALL_AS_STRING);
        sb.append('\n');
        SchemaPrinter schemaPrinter = new SchemaPrinter();
        for (CqlScalar cqlScalar : CqlScalar.values()) {
            sb.append(schemaPrinter.print(cqlScalar.getGraphqlType()));
        }
        return sb.toString();
    }
}
