package org.restheart.mongodb.security;

import java.util.ArrayDeque;
import java.util.Optional;
import org.bson.BsonDocument;
import org.bson.BsonValue;
import org.restheart.exchange.MongoRequest;
import org.restheart.exchange.MongoResponse;
import org.restheart.plugins.Inject;
import org.restheart.plugins.InterceptPoint;
import org.restheart.plugins.MongoInterceptor;
import org.restheart.plugins.OnInit;
import org.restheart.plugins.PluginRecord;
import org.restheart.plugins.PluginsRegistry;
import org.restheart.plugins.RegisterPlugin;
import org.restheart.security.AclVarsInterpolator;
import org.restheart.security.MongoPermissions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RegisterPlugin(name = "mongoPermissionFilters", description = "enforces the filters according to the mongo.readFilter and mongo.writeFilter ACL permission", interceptPoint = InterceptPoint.REQUEST_AFTER_AUTH)
/* loaded from: input_file:org/restheart/mongodb/security/RequestFilters.class */
public class RequestFilters implements MongoInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(RequestFilters.class);
    private boolean enabled = false;

    @Inject("registry")
    private PluginsRegistry registry;

    @OnInit
    public void init() {
        Optional findFirst = this.registry.getAuthorizers().stream().filter(pluginRecord -> {
            return "mongoAclAuthorizer".equals(pluginRecord.getName()) || "fileAclAuthorizer".equals(pluginRecord.getName());
        }).findFirst();
        if (findFirst == null || !findFirst.isPresent()) {
            this.enabled = false;
        } else if (((PluginRecord) findFirst.get()).isEnabled()) {
            this.enabled = true;
        } else {
            this.enabled = false;
        }
    }

    public void handle(MongoRequest mongoRequest, MongoResponse mongoResponse) throws Exception {
        MongoPermissions of = MongoPermissions.of(mongoRequest);
        if (mongoRequest.isGet() && of.getReadFilter() != null) {
            LOGGER.debug("read filter: {}", of.getReadFilter());
            addFilter(mongoRequest, of.getReadFilter());
        } else if ((!mongoRequest.isPatch() && !mongoRequest.isPut() && !mongoRequest.isPost() && !mongoRequest.isDelete()) || of.getWriteFilter() == null) {
            LOGGER.trace("predicate specifies no filter");
        } else {
            LOGGER.debug("write filter to add: {}", of.getWriteFilter());
            addFilter(mongoRequest, of.getWriteFilter());
        }
    }

    public boolean resolve(MongoRequest mongoRequest, MongoResponse mongoResponse) {
        return this.enabled && mongoRequest.isHandledBy("mongo") && MongoPermissions.of(mongoRequest) != null;
    }

    private void addFilter(MongoRequest mongoRequest, BsonDocument bsonDocument) {
        if (bsonDocument == null) {
            return;
        }
        BsonValue interpolateBson = AclVarsInterpolator.interpolateBson(mongoRequest, bsonDocument);
        if (mongoRequest.getFilter() == null) {
            mongoRequest.setFilter(new ArrayDeque());
        }
        mongoRequest.getFilter().add(interpolateBson.toString());
    }
}
