package com.linecorp.centraldogma.server.internal.api.auth;

import com.linecorp.armeria.common.HttpRequest;
import com.linecorp.armeria.common.HttpResponse;
import com.linecorp.armeria.common.HttpStatus;
import com.linecorp.armeria.common.RequestContext;
import com.linecorp.armeria.common.util.Exceptions;
import com.linecorp.armeria.server.HttpService;
import com.linecorp.armeria.server.ServiceRequestContext;
import com.linecorp.armeria.server.SimpleDecoratingHttpService;
import com.linecorp.armeria.server.annotation.DecoratorFactoryFunction;
import com.linecorp.centraldogma.common.ProjectNotFoundException;
import com.linecorp.centraldogma.common.RepositoryNotFoundException;
import com.linecorp.centraldogma.internal.shaded.guava.base.Preconditions;
import com.linecorp.centraldogma.internal.shaded.guava.base.Strings;
import com.linecorp.centraldogma.internal.shaded.guava.collect.ImmutableList;
import com.linecorp.centraldogma.internal.shaded.guava.collect.ImmutableSet;
import com.linecorp.centraldogma.server.internal.admin.auth.AuthUtil;
import com.linecorp.centraldogma.server.internal.api.HttpApiUtil;
import com.linecorp.centraldogma.server.metadata.MetadataService;
import com.linecorp.centraldogma.server.metadata.MetadataServiceInjector;
import com.linecorp.centraldogma.server.metadata.ProjectRole;
import com.linecorp.centraldogma.server.metadata.User;
import java.util.Collection;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;

/* loaded from: input_file:com/linecorp/centraldogma/server/internal/api/auth/RequiresRoleDecorator.class */
public final class RequiresRoleDecorator extends SimpleDecoratingHttpService {
    private final Set<ProjectRole> accessibleRoles;
    private final String roleNames;

    /* loaded from: input_file:com/linecorp/centraldogma/server/internal/api/auth/RequiresRoleDecorator$RequiresRoleDecoratorFactory.class */
    public static final class RequiresRoleDecoratorFactory implements DecoratorFactoryFunction<RequiresRole> {
        public Function<? super HttpService, ? extends HttpService> newDecorator(RequiresRole requiresRole) {
            return httpService -> {
                return new RequiresRoleDecorator(httpService, ImmutableSet.copyOf(requiresRole.roles()));
            };
        }
    }

    RequiresRoleDecorator(HttpService httpService, Set<ProjectRole> set) {
        super(httpService);
        this.accessibleRoles = ImmutableSet.copyOf((Collection) Objects.requireNonNull(set, "accessibleRoles"));
        this.roleNames = String.join(",", (Iterable<? extends CharSequence>) set.stream().map((v0) -> {
            return v0.name();
        }).collect(ImmutableList.toImmutableList()));
    }

    public HttpResponse serve(ServiceRequestContext serviceRequestContext, HttpRequest httpRequest) throws Exception {
        MetadataService metadataService = MetadataServiceInjector.getMetadataService(serviceRequestContext);
        User currentUser = AuthUtil.currentUser(serviceRequestContext);
        String pathParam = serviceRequestContext.pathParam("projectName");
        Preconditions.checkArgument(!Strings.isNullOrEmpty(pathParam), "no project name is specified");
        try {
            return HttpResponse.from(metadataService.findRole(pathParam, currentUser).handle((projectRole, th) -> {
                if (th != null) {
                    return handleException(serviceRequestContext, th);
                }
                if (!currentUser.isAdmin() && !this.accessibleRoles.contains(projectRole)) {
                    return (HttpResponse) HttpApiUtil.throwResponse((RequestContext) serviceRequestContext, HttpStatus.FORBIDDEN, "You must have one of the following roles to access the project '%s': %s", pathParam, this.roleNames);
                }
                try {
                    return delegate().serve(serviceRequestContext, httpRequest);
                } catch (Exception e) {
                    return (HttpResponse) Exceptions.throwUnsafely(e);
                }
            }));
        } catch (Throwable th2) {
            return handleException(serviceRequestContext, th2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HttpResponse handleException(ServiceRequestContext serviceRequestContext, Throwable th) {
        Throwable peel = Exceptions.peel(th);
        return ((peel instanceof RepositoryNotFoundException) || (peel instanceof ProjectNotFoundException)) ? HttpApiUtil.newResponse((RequestContext) serviceRequestContext, HttpStatus.NOT_FOUND, peel) : (HttpResponse) Exceptions.throwUnsafely(peel);
    }
}
