package io.graphence.core.api;

import com.password4j.Hash;
import com.password4j.Password;
import io.graphence.core.config.SecurityConfig;
import io.graphence.core.dto.inputObjectType.UserMutationArguments;
import io.graphence.core.error.AuthenticationErrorType;
import io.graphence.core.error.AuthenticationException;
import io.graphence.core.repository.LoginRepository;
import io.graphence.core.repository.RBACPolicyRepository;
import io.graphence.core.utils.JWTUtil;
import io.graphoenix.http.server.context.RequestScopeInstanceFactory;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.nozdormu.spi.async.Asyncable;
import jakarta.annotation.security.PermitAll;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.Base64;
import java.util.Collections;
import java.util.Set;
import java.util.stream.Collectors;
import org.eclipse.microprofile.graphql.GraphQLApi;
import org.eclipse.microprofile.graphql.Mutation;
import org.eclipse.microprofile.graphql.NonNull;
import org.eclipse.microprofile.graphql.Source;
import reactor.core.publisher.Mono;
import reactor.netty.http.server.HttpServerResponse;

@GraphQLApi
@ApplicationScoped
/* loaded from: input_file:io/graphence/core/api/LoginApi.class */
public class LoginApi implements Asyncable {
    private final SecurityConfig config;
    private final LoginRepository loginRepository;
    private final JWTUtil jwtUtil;
    private final RBACPolicyRepository rbacPolicyRepository;
    private final RequestScopeInstanceFactory requestScopeInstanceFactory;

    @Inject
    public LoginApi(SecurityConfig securityConfig, LoginRepository loginRepository, JWTUtil jWTUtil, RequestScopeInstanceFactory requestScopeInstanceFactory, RBACPolicyRepository rBACPolicyRepository) {
        this.config = securityConfig;
        this.loginRepository = loginRepository;
        this.jwtUtil = jWTUtil;
        this.rbacPolicyRepository = rBACPolicyRepository;
        this.requestScopeInstanceFactory = requestScopeInstanceFactory;
    }

    @PermitAll
    @Mutation
    public Mono<String> login(@NonNull String str, @NonNull String str2) {
        return this.loginRepository.getUserByLogin(str).flatMap(user -> {
            return user.getDisable().booleanValue() ? Mono.error(new AuthenticationException(AuthenticationErrorType.AUTHENTICATION_DISABLE)) : Password.check(str2, new String(Base64.getDecoder().decode(user.getHash()))).addSalt(Base64.getDecoder().decode(user.getSalt())).withBcrypt() ? Mono.justOrEmpty(user) : Mono.error(new AuthenticationException(AuthenticationErrorType.AUTHENTICATION_FAILED));
        }).switchIfEmpty(Mono.error(new AuthenticationException(AuthenticationErrorType.AUTHENTICATION_FAILED))).flatMap(user2 -> {
            Set set = (Set) this.jwtUtil.getRoles(user2).map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
            return this.rbacPolicyRepository.queryPermissionTypeList(set).map(list -> {
                return this.jwtUtil.build(user2, set, (Set) list.stream().map((v0) -> {
                    return v0.getType();
                }).collect(Collectors.toSet()));
            }).switchIfEmpty(Mono.defer(() -> {
                return Mono.just(this.jwtUtil.build(user2, set, Collections.emptySet()));
            }));
        }).flatMap(str3 -> {
            return this.requestScopeInstanceFactory.get(HttpServerResponse.class).map(httpServerResponse -> {
                return httpServerResponse.addHeader(HttpHeaderNames.SET_COOKIE, "Authorization=Bearer " + str3);
            }).thenReturn(str3);
        });
    }

    public UserMutationArguments hashPassword(@Source UserMutationArguments userMutationArguments) {
        if (this.config.getInitialPassword() != null && userMutationArguments.getId() == null && userMutationArguments.getWhere() == null) {
            Hash withBcrypt = Password.hash(this.config.getInitialPassword()).withBcrypt();
            userMutationArguments.setSalt(Base64.getEncoder().encodeToString(withBcrypt.getSaltBytes()));
            userMutationArguments.setHash(Base64.getEncoder().encodeToString(withBcrypt.getResultAsBytes()));
        }
        return userMutationArguments;
    }
}
