package org.graylog2.rest.resources.datanodes;

import com.codahale.metrics.annotation.Timed;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.function.Predicate;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.graylog.plugins.views.search.rest.scriptingapi.request.SearchRequestSpec;
import org.graylog2.audit.AuditEventTypes;
import org.graylog2.audit.jersey.AuditEvent;
import org.graylog2.indexer.datanode.ProxyRequestAdapter;
import org.graylog2.rest.MoreMediaTypes;
import org.graylog2.shared.rest.resources.RestResource;

@RequiresAuthentication
@Api(value = "DataNodes/API", description = "Proxy direct access to Data Node's API")
@Path("/datanodes/request/{path: .*}")
@RequiresPermissions({SearchRequestSpec.DEFAULT_QUERY_STRING})
@Timed
@Produces({MoreMediaTypes.APPLICATION_JSON})
/* loaded from: input_file:org/graylog2/rest/resources/datanodes/DataNodeApiProxyResource.class */
public class DataNodeApiProxyResource extends RestResource {
    private static final List<Predicate<ProxyRequestAdapter.ProxyRequest>> allowList = List.of(proxyRequest -> {
        return proxyRequest.path().startsWith("_cat");
    }, proxyRequest2 -> {
        return proxyRequest2.path().startsWith("_mapping") && proxyRequest2.method().equals("GET");
    });
    private final ProxyRequestAdapter proxyRequestAdapter;
    private final boolean enableAllowlist;

    @Inject
    public DataNodeApiProxyResource(ProxyRequestAdapter proxyRequestAdapter, @Named("datanode_proxy_api_allowlist") boolean z) {
        this.proxyRequestAdapter = proxyRequestAdapter;
        this.enableAllowlist = z;
    }

    @GET
    @AuditEvent(type = AuditEventTypes.DATANODE_API_REQUEST)
    @ApiOperation("GET request to Data Node's API")
    public Response requestGet(@PathParam("path") @ApiParam(name = "path", required = true) String str, @Context ContainerRequestContext containerRequestContext) throws IOException {
        return request(containerRequestContext.getMethod(), str, containerRequestContext.getEntityStream());
    }

    @POST
    @AuditEvent(type = AuditEventTypes.DATANODE_API_REQUEST)
    @ApiOperation("POST request to Data Node's API")
    public Response requestPost(@PathParam("path") @ApiParam(name = "path", required = true) String str, @Context ContainerRequestContext containerRequestContext) throws IOException {
        return request(containerRequestContext.getMethod(), str, containerRequestContext.getEntityStream());
    }

    @PUT
    @AuditEvent(type = AuditEventTypes.DATANODE_API_REQUEST)
    @ApiOperation("PUT request to Data Node's API")
    public Response requestPut(@PathParam("path") @ApiParam(name = "path", required = true) String str, @Context ContainerRequestContext containerRequestContext) throws IOException {
        return request(containerRequestContext.getMethod(), str, containerRequestContext.getEntityStream());
    }

    @AuditEvent(type = AuditEventTypes.DATANODE_API_REQUEST)
    @DELETE
    @ApiOperation("DELETE request to Data Node's API")
    public Response requestDelete(@PathParam("path") @ApiParam(name = "path", required = true) String str, @Context ContainerRequestContext containerRequestContext) throws IOException {
        return request(containerRequestContext.getMethod(), str, containerRequestContext.getEntityStream());
    }

    private Response request(String str, String str2, InputStream inputStream) throws IOException {
        ProxyRequestAdapter.ProxyRequest proxyRequest = new ProxyRequestAdapter.ProxyRequest(str, str2, inputStream);
        if (this.enableAllowlist && allowList.stream().noneMatch(predicate -> {
            return predicate.test(proxyRequest);
        })) {
            return Response.status(Response.Status.BAD_REQUEST).entity("This request is not allowed.").build();
        }
        ProxyRequestAdapter.ProxyResponse request = this.proxyRequestAdapter.request(proxyRequest);
        return Response.status(request.status()).entity(request.response()).build();
    }
}
