package io.stargate.auth.api.resources;

import io.stargate.auth.AuthenticationService;
import io.stargate.auth.UnauthorizedException;
import io.stargate.auth.model.AuthTokenResponse;
import io.stargate.auth.model.Credentials;
import io.stargate.auth.model.Error;
import io.stargate.auth.model.Secret;
import io.stargate.auth.model.UsernameCredentials;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.CacheControl;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Api(produces = MediaType.APPLICATION_JSON, consumes = MediaType.APPLICATION_JSON, tags = {"auth"})
@Path("/v1")
@Consumes({MediaType.APPLICATION_JSON})
@Produces({MediaType.APPLICATION_JSON})
@Singleton
/* loaded from: input_file:io/stargate/auth/api/resources/AuthResource.class */
public class AuthResource {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AuthResource.class);
    private static final int tokenMaxAge = Integer.parseInt(System.getProperty("stargate.auth_tokenttl", "1800"));
    private final AuthenticationService authService;
    private final boolean shouldEnableUsernameToken;
    private final CacheControl cacheControlNoStore;
    private final CacheControl cacheControlWithMaxAge;

    @Inject
    public AuthResource(AuthenticationService authenticationService) {
        this(authenticationService, Boolean.getBoolean("stargate.auth_api_enable_username_token"));
    }

    public AuthResource(AuthenticationService authenticationService, boolean z) {
        this.cacheControlNoStore = cacheControlNoStore();
        this.cacheControlWithMaxAge = cacheControlWithAge();
        this.authService = authenticationService;
        this.shouldEnableUsernameToken = z;
    }

    @ApiResponses({@ApiResponse(code = 201, message = "resource created", response = AuthTokenResponse.class), @ApiResponse(code = 400, message = "Bad Request", response = Error.class), @ApiResponse(code = 401, message = "Unauthorized", response = Error.class), @ApiResponse(code = 500, message = "Internal server error", response = Error.class)})
    @Path("/auth/token/generate")
    @ApiOperation(value = "Generate Token", notes = "Generate an authorization token to authenticate and perform requests.", response = AuthTokenResponse.class, code = 201)
    @POST
    public Response createToken(@ApiParam(value = "", required = true) Secret secret, @Context HttpServletRequest httpServletRequest) {
        if (secret == null) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new Error("Must provide a body to the request")).cacheControl(this.cacheControlNoStore).build();
        }
        if (secret.getKey() == null || secret.getKey().equals("")) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new Error("Must provide key in request")).cacheControl(this.cacheControlNoStore).build();
        }
        if (secret.getSecret() == null || secret.getSecret().equals("")) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new Error("Must provide secret in request")).cacheControl(this.cacheControlNoStore).build();
        }
        try {
            return Response.status(Response.Status.CREATED).entity(new AuthTokenResponse().authToken(this.authService.createToken(secret.getKey(), secret.getSecret(), RequestToHeadersMapper.getAllHeaders(httpServletRequest)))).cacheControl(this.cacheControlWithMaxAge).build();
        } catch (Exception e) {
            logger.error("Failed to create token", (Throwable) e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(new Error("Failed to create token: " + e.getMessage())).cacheControl(this.cacheControlNoStore).build();
        } catch (UnauthorizedException e2) {
            return Response.status(Response.Status.UNAUTHORIZED).entity(new Error("Failed to create token: " + e2.getMessage())).cacheControl(this.cacheControlNoStore).build();
        }
    }

    @ApiResponses({@ApiResponse(code = 201, message = "resource created", response = AuthTokenResponse.class), @ApiResponse(code = 400, message = "Bad Request", response = Error.class), @ApiResponse(code = 401, message = "Unauthorized", response = Error.class), @ApiResponse(code = 500, message = "Internal server error", response = Error.class)})
    @Path("/auth")
    @ApiOperation(value = "Create Token", notes = "Create an authorization token to authenticate and perform requests.", response = AuthTokenResponse.class, code = 201)
    @POST
    public Response createToken(@ApiParam(value = "", required = true) Credentials credentials, @Context HttpServletRequest httpServletRequest) {
        if (credentials == null) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new Error("Must provide a body to the request")).cacheControl(this.cacheControlNoStore).build();
        }
        if (credentials.getUsername() == null || credentials.getUsername().equals("")) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new Error("Must provide username in request")).cacheControl(this.cacheControlNoStore).build();
        }
        if (credentials.getPassword() == null || credentials.getPassword().equals("")) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new Error("Must provide password in request")).cacheControl(this.cacheControlNoStore).build();
        }
        try {
            return Response.status(Response.Status.CREATED).entity(new AuthTokenResponse().authToken(this.authService.createToken(credentials.getUsername(), credentials.getPassword(), RequestToHeadersMapper.getAllHeaders(httpServletRequest)))).cacheControl(this.cacheControlWithMaxAge).build();
        } catch (Exception e) {
            logger.error("Failed to create token", (Throwable) e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(new Error("Failed to create token: " + e.getMessage())).cacheControl(this.cacheControlNoStore).build();
        } catch (UnauthorizedException e2) {
            return Response.status(Response.Status.UNAUTHORIZED).entity(new Error("Failed to create token: " + e2.getMessage())).cacheControl(this.cacheControlNoStore).build();
        }
    }

    @ApiResponses({@ApiResponse(code = 201, message = "resource created", response = AuthTokenResponse.class), @ApiResponse(code = 400, message = "Bad Request", response = Error.class), @ApiResponse(code = 401, message = "Unauthorized", response = Error.class), @ApiResponse(code = 500, message = "Internal server error", response = Error.class)})
    @Path("/admin/auth/usernametoken")
    @ApiOperation(value = "Create Token from Username", notes = "Generate an authorization token to authenticate and perform requests. \n NOTE: This method is intended to be used in conjunction with another authentication service. For example, the request has already been authenticated through a proxy but a token is still needed to make requests to Stargate.", response = AuthTokenResponse.class, code = 201)
    @POST
    public Response createTokenFromUsername(@ApiParam(value = "", required = true) UsernameCredentials usernameCredentials, @Context HttpServletRequest httpServletRequest) {
        if (!this.shouldEnableUsernameToken) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new Error("Generating a token for a username is not allowed")).cacheControl(this.cacheControlNoStore).build();
        }
        if (usernameCredentials == null) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new Error("Must provide a body to the request")).cacheControl(this.cacheControlNoStore).build();
        }
        if (usernameCredentials.getUsername() == null || usernameCredentials.getUsername().equals("")) {
            return Response.status(Response.Status.BAD_REQUEST).entity(new Error("Must provide username in request")).cacheControl(this.cacheControlNoStore).build();
        }
        try {
            return Response.status(Response.Status.CREATED).entity(new AuthTokenResponse().authToken(this.authService.createToken(usernameCredentials.getUsername(), RequestToHeadersMapper.getAllHeaders(httpServletRequest)))).cacheControl(this.cacheControlWithMaxAge).build();
        } catch (Exception e) {
            logger.error("Failed to create token", (Throwable) e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(new Error("Failed to create token: " + e.getMessage())).cacheControl(this.cacheControlNoStore).build();
        } catch (UnauthorizedException e2) {
            return Response.status(Response.Status.UNAUTHORIZED).entity(new Error("Failed to create token: " + e2.getMessage())).cacheControl(this.cacheControlNoStore).build();
        }
    }

    private CacheControl cacheControlWithAge() {
        int i = tokenMaxAge <= 100 ? tokenMaxAge - 1 : tokenMaxAge - 10;
        CacheControl cacheControl = new CacheControl();
        cacheControl.setMaxAge(i);
        cacheControl.setSMaxAge(i);
        return cacheControl;
    }

    private CacheControl cacheControlNoStore() {
        CacheControl cacheControl = new CacheControl();
        cacheControl.setMaxAge(0);
        cacheControl.setSMaxAge(0);
        cacheControl.setNoStore(true);
        return cacheControl;
    }
}
