package com.linecorp.centraldogma.server.internal.api;

import com.fasterxml.jackson.databind.JsonNode;
import com.linecorp.armeria.common.HttpHeaderNames;
import com.linecorp.armeria.common.HttpHeaders;
import com.linecorp.armeria.common.HttpStatus;
import com.linecorp.armeria.common.RequestContext;
import com.linecorp.armeria.server.ServiceRequestContext;
import com.linecorp.armeria.server.annotation.Consumes;
import com.linecorp.armeria.server.annotation.Delete;
import com.linecorp.armeria.server.annotation.ExceptionHandler;
import com.linecorp.armeria.server.annotation.Get;
import com.linecorp.armeria.server.annotation.HttpResult;
import com.linecorp.armeria.server.annotation.Param;
import com.linecorp.armeria.server.annotation.Patch;
import com.linecorp.armeria.server.annotation.Post;
import com.linecorp.armeria.server.annotation.ResponseConverter;
import com.linecorp.armeria.server.annotation.StatusCode;
import com.linecorp.centraldogma.common.Author;
import com.linecorp.centraldogma.internal.Jackson;
import com.linecorp.centraldogma.internal.shaded.guava.base.Preconditions;
import com.linecorp.centraldogma.internal.shaded.guava.collect.ImmutableList;
import com.linecorp.centraldogma.internal.shaded.guava.collect.ImmutableMap;
import com.linecorp.centraldogma.server.command.CommandExecutor;
import com.linecorp.centraldogma.server.internal.admin.auth.User;
import com.linecorp.centraldogma.server.internal.api.converter.CreateApiResponseConverter;
import com.linecorp.centraldogma.server.internal.metadata.MetadataService;
import com.linecorp.centraldogma.server.internal.metadata.Token;
import com.linecorp.centraldogma.server.storage.project.ProjectManager;
import java.util.Collection;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ExceptionHandler(HttpApiExceptionHandler.class)
/* loaded from: input_file:com/linecorp/centraldogma/server/internal/api/TokenService.class */
public class TokenService extends AbstractService {
    private static final Logger logger = LoggerFactory.getLogger(TokenService.class);
    private static final JsonNode activation = Jackson.valueToTree(ImmutableList.of(ImmutableMap.of("op", "replace", "path", "/status", "value", "active")));
    private static final JsonNode deactivation = Jackson.valueToTree(ImmutableList.of(ImmutableMap.of("op", "replace", "path", "/status", "value", "inactive")));
    private final MetadataService mds;

    public TokenService(ProjectManager projectManager, CommandExecutor commandExecutor, MetadataService metadataService) {
        super(projectManager, commandExecutor);
        this.mds = (MetadataService) Objects.requireNonNull(metadataService, "mds");
    }

    @Get("/tokens")
    public CompletableFuture<Collection<Token>> listTokens(User user) {
        return user.isAdmin() ? this.mds.getTokens().thenApply(tokens -> {
            return tokens.appIds().values();
        }) : this.mds.getTokens().thenApply((v0) -> {
            return v0.withoutSecret();
        }).thenApply((Function<? super U, ? extends U>) tokens2 -> {
            return tokens2.appIds().values();
        });
    }

    @Post("/tokens")
    @StatusCode(201)
    @ResponseConverter(CreateApiResponseConverter.class)
    public CompletableFuture<HttpResult<Token>> createToken(@Param("appId") String str, @Param("isAdmin") boolean z, Author author, User user) {
        Preconditions.checkArgument(!z || user.isAdmin(), "Only administrators are allowed to create an admin-level token.");
        return this.mds.createToken(author, str, z).thenCompose(revision -> {
            return this.mds.findTokenByAppId(str);
        }).thenApply((Function<? super U, ? extends U>) token -> {
            return HttpResult.of(HttpHeaders.of(HttpStatus.CREATED).add(HttpHeaderNames.LOCATION, "/tokens/" + str), token);
        });
    }

    @Delete("/tokens/{appId}")
    public CompletableFuture<Token> deleteToken(ServiceRequestContext serviceRequestContext, @Param("appId") String str, Author author, User user) {
        return getTokenOrRespondForbidden(serviceRequestContext, str, user).thenCompose(token -> {
            return this.mds.destroyToken(author, str).thenApply(revision -> {
                return token.withoutSecret();
            });
        });
    }

    @Patch("/tokens/{appId}")
    @Consumes("application/json-patch+json")
    public CompletableFuture<Token> updateToken(ServiceRequestContext serviceRequestContext, @Param("appId") String str, JsonNode jsonNode, Author author, User user) {
        if (jsonNode.equals(activation)) {
            return getTokenOrRespondForbidden(serviceRequestContext, str, user).thenCompose(token -> {
                return this.mds.activateToken(author, str).thenApply(revision -> {
                    return token.withoutSecret();
                });
            });
        }
        if (jsonNode.equals(deactivation)) {
            return getTokenOrRespondForbidden(serviceRequestContext, str, user).thenCompose(token2 -> {
                return this.mds.deactivateToken(author, str).thenApply(revision -> {
                    return token2.withoutSecret();
                });
            });
        }
        throw new IllegalArgumentException("Unsupported JSON patch: " + jsonNode + " (expected: " + activation + " or " + deactivation + ')');
    }

    private CompletableFuture<Token> getTokenOrRespondForbidden(ServiceRequestContext serviceRequestContext, String str, User user) {
        return this.mds.findTokenByAppId(str).thenApply(token -> {
            return (user.isAdmin() || token.creation().user().equals(user.id())) ? token : (Token) HttpApiUtil.throwResponse((RequestContext) serviceRequestContext, HttpStatus.FORBIDDEN, "Unauthorized token: %s", token);
        });
    }
}
