package org.graylog.security.authservice.rest;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.PUT;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.graylog2.audit.AuditEventTypes;
import org.graylog2.audit.jersey.AuditEvent;
import org.graylog2.plugin.cluster.ClusterConfigService;
import org.graylog2.rest.MoreMediaTypes;
import org.graylog2.security.headerauth.HTTPHeaderAuthConfig;
import org.graylog2.shared.security.RestPermissions;

@Api(value = "System/Authentication/HTTPHeaderAuthConfig", description = "Manage the HTTP header authentication configuration")
@RequiresAuthentication
@Produces({MoreMediaTypes.APPLICATION_JSON})
@Path("/system/authentication/http-header-auth-config")
@Consumes({MoreMediaTypes.APPLICATION_JSON})
/* loaded from: input_file:org/graylog/security/authservice/rest/HTTPHeaderAuthenticationConfigResource.class */
public class HTTPHeaderAuthenticationConfigResource {
    private final ClusterConfigService clusterConfigService;

    @Inject
    public HTTPHeaderAuthenticationConfigResource(ClusterConfigService clusterConfigService) {
        this.clusterConfigService = clusterConfigService;
    }

    @RequiresPermissions({RestPermissions.AUTH_HTTP_HEADER_CONFIG_READ})
    @GET
    @ApiOperation("Get HTTP header authentication config")
    public HTTPHeaderAuthConfig getConfig() {
        return loadConfig();
    }

    @RequiresPermissions({RestPermissions.AUTH_HTTP_HEADER_CONFIG_EDIT})
    @AuditEvent(type = AuditEventTypes.AUTHENTICATION_HTTP_HEADER_CONFIG_UPDATE)
    @ApiOperation("Update HTTP header authentication config")
    @PUT
    public HTTPHeaderAuthConfig updateConfig(@Valid HTTPHeaderAuthConfig hTTPHeaderAuthConfig) {
        this.clusterConfigService.write(hTTPHeaderAuthConfig);
        return loadConfig();
    }

    private HTTPHeaderAuthConfig loadConfig() {
        return (HTTPHeaderAuthConfig) this.clusterConfigService.getOrDefault(HTTPHeaderAuthConfig.class, HTTPHeaderAuthConfig.createDisabled());
    }
}
