package io.graphence.security.event;

import com.password4j.Password;
import io.graphence.core.config.SecurityConfig;
import io.graphence.core.dto.CurrentUser;
import io.graphence.core.error.AuthenticationErrorType;
import io.graphence.core.error.AuthenticationException;
import io.graphence.core.jwt.GraphenceJsonWebToken;
import io.graphence.core.repository.LoginRepository;
import io.graphence.core.utils.JWTUtil;
import io.graphoenix.core.handler.DocumentManager;
import io.graphoenix.http.server.context.RequestScopeInstanceFactory;
import io.graphoenix.spi.graphql.operation.Operation;
import io.graphoenix.spi.graphql.type.ObjectType;
import io.nozdormu.spi.event.ScopeEvent;
import jakarta.annotation.Priority;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.context.Initialized;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import org.eclipse.microprofile.jwt.Claims;
import reactor.core.publisher.Mono;

@ApplicationScoped
@Initialized(RequestScoped.class)
@Priority(JWTFilter.JWT_FILTER_SCOPE_EVENT_PRIORITY)
/* loaded from: input_file:io/graphence/security/event/JWTFilter.class */
public class JWTFilter extends BaseRequestFilter implements ScopeEvent {
    public static final int JWT_FILTER_SCOPE_EVENT_PRIORITY = 0;
    private final DocumentManager documentManager;
    private final LoginRepository loginRepository;
    private final SecurityConfig securityConfig;
    private final JWTUtil jwtUtil;
    private final RequestScopeInstanceFactory requestScopeInstanceFactory;

    @Inject
    public JWTFilter(DocumentManager documentManager, LoginRepository loginRepository, SecurityConfig securityConfig, JWTUtil jWTUtil, RequestScopeInstanceFactory requestScopeInstanceFactory) {
        this.documentManager = documentManager;
        this.loginRepository = loginRepository;
        this.securityConfig = securityConfig;
        this.jwtUtil = jWTUtil;
        this.requestScopeInstanceFactory = requestScopeInstanceFactory;
    }

    public Mono<Void> fireAsync(Map<String, Object> map) {
        String str = getRequest(map).requestHeaders().get("Authorization");
        Operation operation = getOperation(map);
        ObjectType operationTypeOrError = this.documentManager.getOperationTypeOrError(operation);
        if (str != null && str.startsWith("Bearer")) {
            String substring = str.substring(7);
            try {
                GraphenceJsonWebToken parser = this.jwtUtil.parser(substring);
                CurrentUser roles = new CurrentUser().setId(parser.getSubject()).setName((String) parser.getClaim(Claims.full_name)).setLastName((String) parser.getClaim(Claims.family_name)).setRealmId((Integer) parser.getClaim(Claims.upn)).setGroups((List) parser.getClaim(Claims.groups)).setRoles((List) parser.getClaim("roles"));
                setCurrentUser(map, roles);
                setSessionId(map, substring);
                return this.requestScopeInstanceFactory.compute(CurrentUser.class, roles).then();
            } catch (Exception e) {
                if (operation.getFields().stream().anyMatch(field -> {
                    return operationTypeOrError.getField(field.getName()).isPermitAll();
                })) {
                    return Mono.empty();
                }
                throw new AuthenticationException(AuthenticationErrorType.UN_AUTHENTICATION);
            }
        }
        if (str == null || !this.securityConfig.getBasicAuthentication().booleanValue() || !str.startsWith("Basic")) {
            if (operation.getFields().stream().anyMatch(field2 -> {
                return operationTypeOrError.getField(field2.getName()).isPermitAll();
            })) {
                return Mono.empty();
            }
            throw new AuthenticationException(AuthenticationErrorType.UN_AUTHENTICATION);
        }
        String substring2 = str.substring(6);
        String[] split = new String(Base64.getDecoder().decode(substring2)).split(":");
        String str2 = split[0];
        String str3 = split[1];
        return this.loginRepository.getUserByLogin(str2).flatMap(user -> {
            return user.getDisable().booleanValue() ? Mono.error(new AuthenticationException(AuthenticationErrorType.AUTHENTICATION_DISABLE)) : Password.check(str3, new String(Base64.getDecoder().decode(user.getHash()))).addSalt(Base64.getDecoder().decode(user.getSalt())).withBcrypt() ? Mono.justOrEmpty(user) : Mono.error(new AuthenticationException(AuthenticationErrorType.AUTHENTICATION_FAILED));
        }).switchIfEmpty(Mono.error(new AuthenticationException(AuthenticationErrorType.AUTHENTICATION_FAILED))).map(CurrentUser::of).doOnSuccess(currentUser -> {
            setCurrentUser(map, currentUser);
            setSessionId(map, substring2);
        }).flatMap(currentUser2 -> {
            return this.requestScopeInstanceFactory.compute(CurrentUser.class, currentUser2);
        }).then();
    }
}
