package org.restheart.security.authenticators;

import com.google.gson.JsonElement;
import com.jayway.jsonpath.DocumentContext;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.Predicate;
import org.restheart.ConfigurationException;
import org.restheart.exchange.MongoRequest;
import org.restheart.exchange.MongoResponse;
import org.restheart.plugins.InjectPluginsRegistry;
import org.restheart.plugins.InterceptPoint;
import org.restheart.plugins.MongoInterceptor;
import org.restheart.plugins.PluginRecord;
import org.restheart.plugins.PluginsRegistry;
import org.restheart.plugins.RegisterPlugin;
import org.restheart.utils.BsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RegisterPlugin(name = "userPwdRemover", description = "filters out the password from the response", interceptPoint = InterceptPoint.RESPONSE, requiresContent = true)
/* loaded from: input_file:org/restheart/security/authenticators/UserPwdRemover.class */
public class UserPwdRemover implements MongoInterceptor {
    static final Logger LOGGER = LoggerFactory.getLogger(UserPwdRemover.class);
    private String usersDb;
    private String usersCollection;
    private String propNamePassword;
    private boolean enabled = false;

    @InjectPluginsRegistry
    public void init(PluginsRegistry pluginsRegistry) {
        try {
            PluginRecord authenticator = pluginsRegistry.getAuthenticator("mongoRealmAuthenticator");
            if (authenticator == null || !authenticator.isEnabled()) {
                this.enabled = false;
                return;
            }
            MongoRealmAuthenticator pluginRecord = authenticator.getInstance();
            this.usersDb = pluginRecord.getUsersDb();
            this.usersCollection = pluginRecord.getUsersCollection();
            this.propNamePassword = pluginRecord.getPropPassword();
            if (this.usersDb != null && this.usersCollection != null && this.propNamePassword != null) {
                this.enabled = true;
            } else {
                LOGGER.error("Wrong configuration of mongoRealmAuthenticator! Password stored in users collection are not filtered out from the response");
                this.enabled = false;
            }
        } catch (ConfigurationException e) {
            this.enabled = false;
        }
    }

    public void handle(MongoRequest mongoRequest, MongoResponse mongoResponse) throws Exception {
        DocumentContext parse = JsonPath.parse(mongoResponse.readContent());
        JsonElement jsonElement = (JsonElement) parse.json();
        if (jsonElement == null || jsonElement.isJsonNull()) {
            return;
        }
        if (jsonElement.isJsonArray()) {
            parse.delete("$.[*].".concat(this.propNamePassword), new Predicate[0]);
        } else if (jsonElement.isJsonObject() && jsonElement.getAsJsonObject().keySet().contains("_embedded")) {
            if (jsonElement.getAsJsonObject().get("_embedded").isJsonArray()) {
                parse.delete("$._embedded.*.".concat(this.propNamePassword), new Predicate[0]);
            } else if (jsonElement.getAsJsonObject().get("_embedded").isJsonObject() && jsonElement.getAsJsonObject().get("_embedded").getAsJsonObject().keySet().contains("rh:doc") && jsonElement.getAsJsonObject().get("_embedded").getAsJsonObject().get("rh:doc").isJsonArray()) {
                parse.delete("$._embedded.['rh:doc'].*.".concat(this.propNamePassword), new Predicate[0]);
            }
        } else if (jsonElement.isJsonObject()) {
            parse.delete("$.".concat(this.propNamePassword), new Predicate[0]);
        }
        mongoResponse.setContent(BsonUtils.parse(jsonElement.toString()));
    }

    public boolean resolve(MongoRequest mongoRequest, MongoResponse mongoResponse) {
        return this.enabled && mongoRequest.isGet() && this.usersDb.equalsIgnoreCase(mongoRequest.getDBName()) && this.usersCollection.equalsIgnoreCase(mongoRequest.getCollectionName()) && mongoResponse.getContent() != null;
    }
}
