package com.linecorp.centraldogma.server.internal.api.auth;

import com.linecorp.armeria.common.HttpRequest;
import com.linecorp.armeria.common.util.Exceptions;
import com.linecorp.armeria.common.util.Functions;
import com.linecorp.armeria.server.ServiceRequestContext;
import com.linecorp.armeria.server.auth.AuthTokenExtractors;
import com.linecorp.armeria.server.auth.Authorizer;
import com.linecorp.armeria.server.auth.OAuth2Token;
import com.linecorp.centraldogma.server.internal.admin.authentication.AuthenticationUtil;
import com.linecorp.centraldogma.server.internal.admin.authentication.UserWithToken;
import com.linecorp.centraldogma.server.internal.metadata.Token;
import com.linecorp.centraldogma.server.internal.metadata.Tokens;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/linecorp/centraldogma/server/internal/api/auth/ApplicationTokenAuthorizer.class */
public class ApplicationTokenAuthorizer implements Authorizer<HttpRequest> {
    private static final Logger logger = LoggerFactory.getLogger(ApplicationTokenAuthorizer.class);
    private final Function<String, CompletionStage<Token>> tokenLookupFunc;

    public ApplicationTokenAuthorizer(Function<String, CompletionStage<Token>> function) {
        this.tokenLookupFunc = (Function) Objects.requireNonNull(function, "tokenLookupFunc");
    }

    public CompletionStage<Boolean> authorize(ServiceRequestContext serviceRequestContext, HttpRequest httpRequest) {
        OAuth2Token oAuth2Token = (OAuth2Token) AuthTokenExtractors.OAUTH2.apply(httpRequest.headers());
        if (oAuth2Token == null || !Tokens.isValidSecret(oAuth2Token.accessToken())) {
            return CompletableFuture.completedFuture(false);
        }
        CompletableFuture completableFuture = new CompletableFuture();
        this.tokenLookupFunc.apply(oAuth2Token.accessToken()).thenAccept(token -> {
            if (token == null || !token.isActive()) {
                completableFuture.complete(false);
                return;
            }
            StringBuilder sb = new StringBuilder(token.appId());
            SocketAddress remoteAddress = serviceRequestContext.remoteAddress();
            if (remoteAddress instanceof InetSocketAddress) {
                sb.append('@').append(((InetSocketAddress) remoteAddress).getHostString());
            }
            AuthenticationUtil.setCurrentUser(serviceRequestContext, new UserWithToken(sb.toString(), token));
            completableFuture.complete(true);
        }).exceptionally(Functions.voidFunction(th -> {
            Throwable peel = Exceptions.peel(th);
            if (!(peel instanceof IllegalArgumentException)) {
                logger.warn("Application token authorization failed: {}", oAuth2Token.accessToken(), peel);
            }
            completableFuture.complete(false);
        }));
        return completableFuture;
    }
}
