package io.vertigo.vega.plugins.rest.handler;

import io.vertigo.lang.Activeable;
import io.vertigo.lang.Assertion;
import io.vertigo.lang.Option;
import io.vertigo.persona.security.UserSession;
import io.vertigo.persona.security.VSecurityManager;
import io.vertigo.vega.impl.rest.RestHandlerPlugin;
import io.vertigo.vega.rest.exception.SessionException;
import io.vertigo.vega.rest.exception.TooManyRequestException;
import io.vertigo.vega.rest.exception.VSecurityException;
import io.vertigo.vega.rest.metamodel.EndPointDefinition;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicLong;
import javax.inject.Inject;
import javax.inject.Named;
import spark.Request;
import spark.Response;

/* loaded from: input_file:io/vertigo/vega/plugins/rest/handler/RateLimitingRestHandlerPlugin.class */
public final class RateLimitingRestHandlerPlugin implements Activeable, RestHandlerPlugin {
    private static final long DEFAULT_LIMIT_VALUE = 150;
    private static final long DEFAULT_WINDOW_SECONDS = 300;
    private static final String RATE_LIMIT_LIMIT = "X-Rate-Limit-Limit";
    private static final String RATE_LIMIT_REMAINING = "X-Rate-Limit-Remaining";
    private static final String RATE_LIMIT_RESET = "X-Rate-Limit-Reset";
    private final VSecurityManager securityManager;
    private final long windowSeconds;
    private final long limitValue;
    final ConcurrentMap<String, AtomicLong> hitsCounter = new ConcurrentHashMap();
    long lastRateLimitResetTime = System.currentTimeMillis();
    private Timer purgeTimer;

    @Inject
    public RateLimitingRestHandlerPlugin(VSecurityManager vSecurityManager, @Named("windowSeconds") Option<Long> option, @Named("limitValue") Option<Long> option2) {
        Assertion.checkNotNull(vSecurityManager);
        Assertion.checkNotNull(option2);
        Assertion.checkNotNull(option);
        this.securityManager = vSecurityManager;
        this.limitValue = option2.getOrElse(Long.valueOf(DEFAULT_LIMIT_VALUE)).longValue();
        this.windowSeconds = option.getOrElse(Long.valueOf(DEFAULT_WINDOW_SECONDS)).longValue();
    }

    @Override // io.vertigo.lang.Activeable
    public void start() {
        this.purgeTimer = new Timer("RateLimitWindowReset", true);
        this.purgeTimer.schedule(new TimerTask() { // from class: io.vertigo.vega.plugins.rest.handler.RateLimitingRestHandlerPlugin.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                RateLimitingRestHandlerPlugin.this.hitsCounter.clear();
                RateLimitingRestHandlerPlugin.this.lastRateLimitResetTime = System.currentTimeMillis();
            }
        }, this.windowSeconds * 1000, this.windowSeconds * 1000);
    }

    @Override // io.vertigo.lang.Activeable
    public void stop() {
        this.purgeTimer.cancel();
    }

    @Override // io.vertigo.vega.impl.rest.RestHandlerPlugin
    public boolean accept(EndPointDefinition endPointDefinition) {
        return true;
    }

    @Override // io.vertigo.vega.impl.rest.RestHandlerPlugin
    public Object handle(Request request, Response response, RouteContext routeContext, HandlerChain handlerChain) throws VSecurityException, SessionException {
        Assertion.checkNotNull(request);
        Assertion.checkNotNull(response);
        Assertion.checkNotNull(routeContext);
        Assertion.checkNotNull(handlerChain);
        String obtainUserKey = obtainUserKey(request, this.securityManager.getCurrentUserSession());
        response.header(RATE_LIMIT_LIMIT, String.valueOf(this.limitValue));
        response.header(RATE_LIMIT_RESET, String.valueOf(this.windowSeconds - ((System.currentTimeMillis() - this.lastRateLimitResetTime) / 1000)));
        long j = touch(obtainUserKey);
        if (j > this.limitValue) {
            throw new TooManyRequestException("Rate limit exceeded");
        }
        response.header(RATE_LIMIT_REMAINING, String.valueOf(this.limitValue - j));
        return handlerChain.handle(request, response, routeContext);
    }

    private static String obtainUserKey(Request request, Option<UserSession> option) {
        return option.isDefined() ? option.get().getSessionUUID().toString() : request.ip() + ":" + request.headers("user-agent");
    }

    private long touch(String str) {
        AtomicLong atomicLong = new AtomicLong(0L);
        AtomicLong putIfAbsent = this.hitsCounter.putIfAbsent(str, atomicLong);
        return (putIfAbsent != null ? putIfAbsent : atomicLong).incrementAndGet();
    }
}
