package org.graylog2.rest.resources.system;

import com.codahale.metrics.annotation.Timed;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.graylog2.audit.AuditEventTypes;
import org.graylog2.audit.jersey.AuditEvent;
import org.graylog2.audit.jersey.NoAuditEvent;
import org.graylog2.rest.MoreMediaTypes;
import org.graylog2.rest.models.system.urlwhitelist.WhitelistCheckRequest;
import org.graylog2.rest.models.system.urlwhitelist.WhitelistCheckResponse;
import org.graylog2.rest.models.system.urlwhitelist.WhitelistRegexGenerationRequest;
import org.graylog2.rest.models.system.urlwhitelist.WhitelistRegexGenerationResponse;
import org.graylog2.shared.rest.documentation.generator.Generator;
import org.graylog2.shared.rest.resources.RestResource;
import org.graylog2.shared.security.RestPermissions;
import org.graylog2.system.urlwhitelist.RegexHelper;
import org.graylog2.system.urlwhitelist.UrlWhitelist;
import org.graylog2.system.urlwhitelist.UrlWhitelistService;

@RequiresAuthentication
@Api(value = "System/UrlWhitelist", tags = {Generator.CLOUD_VISIBLE})
@Path("/system/urlwhitelist")
@Produces({MoreMediaTypes.APPLICATION_JSON})
/* loaded from: input_file:org/graylog2/rest/resources/system/UrlWhitelistResource.class */
public class UrlWhitelistResource extends RestResource {
    private final UrlWhitelistService urlWhitelistService;
    private final RegexHelper regexHelper;

    @Inject
    public UrlWhitelistResource(UrlWhitelistService urlWhitelistService, RegexHelper regexHelper) {
        this.urlWhitelistService = urlWhitelistService;
        this.regexHelper = regexHelper;
    }

    @GET
    @RequiresPermissions({RestPermissions.URL_WHITELIST_READ})
    @Timed
    @ApiOperation("Get url whitelist.")
    public UrlWhitelist get() {
        checkPermission(RestPermissions.URL_WHITELIST_READ);
        return this.urlWhitelistService.getWhitelist();
    }

    @RequiresPermissions({RestPermissions.URL_WHITELIST_WRITE})
    @Timed
    @AuditEvent(type = AuditEventTypes.URL_WHITELIST_UPDATE)
    @Consumes({MoreMediaTypes.APPLICATION_JSON})
    @ApiOperation("Update url whitelist.")
    @PUT
    public Response put(@NotNull @ApiParam(name = "whitelist", required = true) UrlWhitelist urlWhitelist) {
        this.urlWhitelistService.saveWhitelist(urlWhitelist);
        return Response.noContent().build();
    }

    @Path("/check")
    @Timed
    @Consumes({MoreMediaTypes.APPLICATION_JSON})
    @ApiOperation("Check if a url is whitelisted.")
    @POST
    @NoAuditEvent("Validation only")
    public WhitelistCheckResponse check(@NotNull @Valid @ApiParam(name = "JSON body", required = true) WhitelistCheckRequest whitelistCheckRequest) {
        return WhitelistCheckResponse.create(whitelistCheckRequest.url(), this.urlWhitelistService.isWhitelisted(whitelistCheckRequest.url()));
    }

    @Path("/generate_regex")
    @Timed
    @Consumes({MoreMediaTypes.APPLICATION_JSON})
    @ApiOperation("Generates a regex that can be used as a value for a whitelist entry.")
    @POST
    @NoAuditEvent("Utility function only.")
    public WhitelistRegexGenerationResponse generateRegex(@NotNull @Valid @ApiParam(name = "JSON body", required = true) WhitelistRegexGenerationRequest whitelistRegexGenerationRequest) {
        return WhitelistRegexGenerationResponse.create(whitelistRegexGenerationRequest.placeholder() == null ? this.regexHelper.createRegexForUrl(whitelistRegexGenerationRequest.urlTemplate()) : this.regexHelper.createRegexForUrlTemplate(whitelistRegexGenerationRequest.urlTemplate(), whitelistRegexGenerationRequest.placeholder()));
    }
}
