package org.graylog2.rest.resources.datanodes;

import com.codahale.metrics.annotation.Timed;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.List;
import java.util.function.Predicate;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.graylog2.audit.AuditEventTypes;
import org.graylog2.audit.jersey.AuditEvent;
import org.graylog2.indexer.datanode.ProxyRequestAdapter;
import org.graylog2.inputs.transports.HttpPollTransport;
import org.graylog2.rest.MoreMediaTypes;
import org.graylog2.shared.rest.resources.RestResource;
import org.graylog2.shared.security.RestPermissions;

@RequiresAuthentication
@Api(value = "DataNodes/REST/API", description = "Proxy direct access to Data Node's API")
@Produces({MoreMediaTypes.APPLICATION_JSON})
@RequiresPermissions({RestPermissions.DATANODE_REST_PROXY})
@Timed
@Path("/datanodes/{hostname}/rest/{path: .*}")
/* loaded from: input_file:org/graylog2/rest/resources/datanodes/DataNodeRestApiProxyResource.class */
public class DataNodeRestApiProxyResource extends RestResource {
    private static final List<Predicate<ProxyRequestAdapter.ProxyRequest>> allowList = List.of(proxyRequest -> {
        return proxyRequest.path().startsWith("indices-directory") && HttpPollTransport.GET.equals(proxyRequest.method());
    });
    private final DatanodeRestApiProxy proxyRequestAdapter;
    private final boolean enableAllowlist;

    @Inject
    public DataNodeRestApiProxyResource(DatanodeRestApiProxy datanodeRestApiProxy, @Named("datanode_proxy_api_allowlist") boolean z) {
        this.proxyRequestAdapter = datanodeRestApiProxy;
        this.enableAllowlist = z;
    }

    @GET
    @AuditEvent(type = AuditEventTypes.DATANODE_API_REQUEST, captureRequestEntity = false, captureResponseEntity = false)
    @ApiOperation("GET request to Data Node's API")
    public Response requestGet(@ApiParam(name = "path", required = true) @PathParam("path") String str, @ApiParam(name = "hostname", required = true) @PathParam("hostname") String str2, @Context ContainerRequestContext containerRequestContext) throws IOException {
        return request(containerRequestContext, str, str2);
    }

    @POST
    @AuditEvent(type = AuditEventTypes.DATANODE_API_REQUEST, captureRequestEntity = false, captureResponseEntity = false)
    @ApiOperation("POST request to Data Node's API")
    public Response requestPost(@ApiParam(name = "path", required = true) @PathParam("path") String str, @ApiParam(name = "hostname", required = true) @PathParam("hostname") String str2, @Context ContainerRequestContext containerRequestContext) throws IOException {
        return request(containerRequestContext, str, str2);
    }

    @PUT
    @AuditEvent(type = AuditEventTypes.DATANODE_API_REQUEST, captureRequestEntity = false, captureResponseEntity = false)
    @ApiOperation("PUT request to Data Node's API")
    public Response requestPut(@ApiParam(name = "path", required = true) @PathParam("path") String str, @ApiParam(name = "hostname", required = true) @PathParam("hostname") String str2, @Context ContainerRequestContext containerRequestContext) throws IOException {
        return request(containerRequestContext, str, str2);
    }

    @DELETE
    @AuditEvent(type = AuditEventTypes.DATANODE_API_REQUEST, captureRequestEntity = false, captureResponseEntity = false)
    @ApiOperation("DELETE request to Data Node's API")
    public Response requestDelete(@ApiParam(name = "path", required = true) @PathParam("path") String str, @ApiParam(name = "hostname", required = true) @PathParam("hostname") String str2, @Context ContainerRequestContext containerRequestContext) throws IOException {
        return request(containerRequestContext, str, str2);
    }

    private Response request(ContainerRequestContext containerRequestContext, String str, String str2) throws IOException {
        ProxyRequestAdapter.ProxyRequest proxyRequest = new ProxyRequestAdapter.ProxyRequest(containerRequestContext.getMethod(), str, containerRequestContext.getEntityStream(), str2, containerRequestContext.getUriInfo().getQueryParameters());
        if (this.enableAllowlist && allowList.stream().noneMatch(predicate -> {
            return predicate.test(proxyRequest);
        })) {
            return Response.status(Response.Status.BAD_REQUEST).entity("This request is not allowed.").build();
        }
        ProxyRequestAdapter.ProxyResponse request = this.proxyRequestAdapter.request(proxyRequest);
        return Response.status(request.status()).entity(request.response()).type(request.contentType()).build();
    }
}
