package dev.hilla;

import com.fasterxml.jackson.databind.node.ObjectNode;
import com.vaadin.flow.component.dependency.NpmPackage;
import dev.hilla.auth.CsrfChecker;
import dev.hilla.auth.EndpointAccessChecker;
import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
@NpmPackage.Container({@NpmPackage(value = "@hilla/frontend", version = "0.0.19"), @NpmPackage(value = "@hilla/form", version = "0.0.19")})
@ConditionalOnBean(annotation = {Endpoint.class})
@Import({EndpointControllerConfiguration.class, EndpointProperties.class})
/* loaded from: input_file:dev/hilla/EndpointController.class */
public class EndpointController {
    static final String ENDPOINT_METHODS = "/{endpoint}/{method}";
    public static final String VAADIN_ENDPOINT_MAPPER_BEAN_QUALIFIER = "vaadinEndpointMapper";
    EndpointRegistry endpointRegistry;
    private CsrfChecker csrfChecker;
    private EndpointInvoker endpointInvoker;

    public EndpointController(ApplicationContext applicationContext, EndpointRegistry endpointRegistry, EndpointInvoker endpointInvoker, CsrfChecker csrfChecker) {
        this.endpointInvoker = endpointInvoker;
        this.csrfChecker = csrfChecker;
        this.endpointRegistry = endpointRegistry;
        applicationContext.getBeansWithAnnotation(Endpoint.class).forEach((str, obj) -> {
            endpointRegistry.registerEndpoint(obj);
        });
    }

    private static Logger getLogger() {
        return LoggerFactory.getLogger(EndpointController.class);
    }

    @PostMapping(path = {ENDPOINT_METHODS}, produces = {"application/json;charset=UTF-8"})
    public ResponseEntity<String> serveEndpoint(@PathVariable("endpoint") String str, @PathVariable("method") String str2, @RequestBody(required = false) ObjectNode objectNode, HttpServletRequest httpServletRequest) {
        getLogger().debug("Endpoint: {}, method: {}, request body: {}", new Object[]{str, str2, objectNode});
        return !this.csrfChecker.validateCsrfTokenInRequest(httpServletRequest) ? ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(this.endpointInvoker.createResponseErrorObject(EndpointAccessChecker.ACCESS_DENIED_MSG)) : this.endpointInvoker.invoke(str, str2, objectNode, httpServletRequest);
    }
}
