package com.vaadin.hilla;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.vaadin.flow.internal.CurrentInstance;
import com.vaadin.flow.server.VaadinRequest;
import com.vaadin.flow.server.VaadinService;
import com.vaadin.flow.server.dau.DAUUtils;
import com.vaadin.flow.server.dau.EnforcementNotificationMessages;
import com.vaadin.hilla.EndpointInvocationException;
import com.vaadin.hilla.auth.CsrfChecker;
import com.vaadin.hilla.auth.EndpointAccessChecker;
import com.vaadin.hilla.exception.EndpointException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.net.URL;
import java.security.Principal;
import java.util.Objects;
import java.util.TreeMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
@Import({EndpointControllerConfiguration.class, EndpointProperties.class})
/* loaded from: input_file:com/vaadin/hilla/EndpointController.class */
public class EndpointController {
    private static final Logger LOGGER = LoggerFactory.getLogger(EndpointController.class);
    static final String ENDPOINT_METHODS = "/{endpoint}/{method}";
    public static final String ENDPOINT_MAPPER_FACTORY_BEAN_QUALIFIER = "endpointMapperFactory";
    private static final String SIGNALS_HANDLER_BEAN_NAME = "signalsHandler";
    private final ApplicationContext context;
    EndpointRegistry endpointRegistry;
    private final CsrfChecker csrfChecker;
    private final EndpointInvoker endpointInvoker;
    VaadinService vaadinService;

    public EndpointController(ApplicationContext applicationContext, EndpointRegistry endpointRegistry, EndpointInvoker endpointInvoker, CsrfChecker csrfChecker) {
        this.context = applicationContext;
        this.endpointInvoker = endpointInvoker;
        this.csrfChecker = csrfChecker;
        this.endpointRegistry = endpointRegistry;
    }

    public void registerEndpoints(URL url) {
        Object obj;
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        treeMap.putAll(this.context.getBeansWithAnnotation(Endpoint.class));
        treeMap.putAll(this.context.getBeansWithAnnotation(BrowserCallable.class));
        if (this.endpointRegistry.isEmpty() && !treeMap.isEmpty()) {
            LOGGER.debug("No endpoints found in openapi.json: registering all endpoints found using the Spring context");
            treeMap.forEach((str, obj2) -> {
                this.endpointRegistry.registerEndpoint(obj2);
            });
        }
        if (!this.endpointRegistry.isEmpty()) {
            HillaStats.reportHasEndpoint();
        }
        if (this.endpointRegistry.get(SIGNALS_HANDLER_BEAN_NAME) == null && (obj = treeMap.get(SIGNALS_HANDLER_BEAN_NAME)) != null) {
            this.endpointRegistry.registerEndpoint(obj);
        }
        VaadinService current = VaadinService.getCurrent();
        if (current != null) {
            this.vaadinService = current;
        }
    }

    @PostMapping(path = {ENDPOINT_METHODS}, produces = {"application/json;charset=UTF-8"})
    public ResponseEntity<String> serveEndpoint(@PathVariable("endpoint") String str, @PathVariable("method") String str2, @RequestBody(required = false) ObjectNode objectNode, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return doServeEndpoint(str, str2, objectNode, httpServletRequest, httpServletResponse);
    }

    public ResponseEntity<String> serveEndpoint(String str, String str2, ObjectNode objectNode, HttpServletRequest httpServletRequest) {
        return doServeEndpoint(str, str2, objectNode, httpServletRequest, null);
    }

    private ResponseEntity<String> doServeEndpoint(String str, String str2, ObjectNode objectNode, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        LOGGER.debug("Endpoint: {}, method: {}, request body: {}", new Object[]{str, str2, objectNode});
        if (!this.csrfChecker.validateCsrfTokenInRequest(httpServletRequest)) {
            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(this.endpointInvoker.createResponseErrorObject(EndpointAccessChecker.ACCESS_DENIED_MSG));
        }
        DAUUtils.EnforcementResult enforcementResult = null;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                DAUUtils.EnforcementResult trackDAU = DAUUtils.trackDAU(this.vaadinService, httpServletRequest, httpServletResponse);
                                if (trackDAU.isEnforcementNeeded()) {
                                    ResponseEntity<String> buildEnforcementResponseEntity = buildEnforcementResponseEntity(trackDAU);
                                    if (trackDAU == null || trackDAU.endRequestAction() == null) {
                                        CurrentInstance.set(VaadinRequest.class, (Object) null);
                                    } else {
                                        trackDAU.endRequestAction().run();
                                    }
                                    return buildEnforcementResponseEntity;
                                }
                                EndpointInvoker endpointInvoker = this.endpointInvoker;
                                Principal userPrincipal = httpServletRequest.getUserPrincipal();
                                Objects.requireNonNull(httpServletRequest);
                                try {
                                    ResponseEntity<String> ok = ResponseEntity.ok(this.endpointInvoker.writeValueAsString(endpointInvoker.invoke(str, str2, objectNode, userPrincipal, httpServletRequest::isUserInRole)));
                                    if (trackDAU == null || trackDAU.endRequestAction() == null) {
                                        CurrentInstance.set(VaadinRequest.class, (Object) null);
                                    } else {
                                        trackDAU.endRequestAction().run();
                                    }
                                    return ok;
                                } catch (JsonProcessingException e) {
                                    String format = String.format("Failed to serialize endpoint '%s' method '%s' response. Double check method's return type or specify a custom mapper bean with qualifier '%s'", str, str2, ENDPOINT_MAPPER_FACTORY_BEAN_QUALIFIER);
                                    LOGGER.error(format, e);
                                    throw new EndpointInvocationException.EndpointInternalException(format);
                                }
                            } catch (EndpointInvocationException.EndpointNotFoundException e2) {
                                ResponseEntity<String> build = ResponseEntity.notFound().build();
                                if (0 == 0 || enforcementResult.endRequestAction() == null) {
                                    CurrentInstance.set(VaadinRequest.class, (Object) null);
                                } else {
                                    enforcementResult.endRequestAction().run();
                                }
                                return build;
                            }
                        } catch (EndpointInvocationException.EndpointAccessDeniedException e3) {
                            ResponseEntity<String> body = ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(this.endpointInvoker.createResponseErrorObject(e3.getMessage()));
                            if (0 == 0 || enforcementResult.endRequestAction() == null) {
                                CurrentInstance.set(VaadinRequest.class, (Object) null);
                            } else {
                                enforcementResult.endRequestAction().run();
                            }
                            return body;
                        }
                    } catch (EndpointInvocationException.EndpointBadRequestException e4) {
                        ResponseEntity<String> body2 = ResponseEntity.badRequest().body(this.endpointInvoker.createResponseErrorObject(e4.getMessage()));
                        if (0 == 0 || enforcementResult.endRequestAction() == null) {
                            CurrentInstance.set(VaadinRequest.class, (Object) null);
                        } else {
                            enforcementResult.endRequestAction().run();
                        }
                        return body2;
                    }
                } catch (EndpointInvocationException.EndpointInternalException e5) {
                    ResponseEntity<String> body3 = ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(this.endpointInvoker.createResponseErrorObject(e5.getMessage()));
                    if (0 == 0 || enforcementResult.endRequestAction() == null) {
                        CurrentInstance.set(VaadinRequest.class, (Object) null);
                    } else {
                        enforcementResult.endRequestAction().run();
                    }
                    return body3;
                }
            } catch (EndpointException e6) {
                try {
                    ResponseEntity<String> body4 = ResponseEntity.badRequest().body(this.endpointInvoker.createResponseErrorObject(e6.getSerializationData()));
                    if (0 == 0 || enforcementResult.endRequestAction() == null) {
                        CurrentInstance.set(VaadinRequest.class, (Object) null);
                    } else {
                        enforcementResult.endRequestAction().run();
                    }
                    return body4;
                } catch (JsonProcessingException e7) {
                    LOGGER.error("Failed to serialize error object for endpoint exception. ", e6);
                    ResponseEntity<String> body5 = ResponseEntity.internalServerError().body("Failed to serialize error object for endpoint exception. ");
                    if (0 == 0 || enforcementResult.endRequestAction() == null) {
                        CurrentInstance.set(VaadinRequest.class, (Object) null);
                    } else {
                        enforcementResult.endRequestAction().run();
                    }
                    return body5;
                }
            }
        } catch (Throwable th) {
            if (0 == 0 || enforcementResult.endRequestAction() == null) {
                CurrentInstance.set(VaadinRequest.class, (Object) null);
            } else {
                enforcementResult.endRequestAction().run();
            }
            throw th;
        }
    }

    private ResponseEntity<String> buildEnforcementResponseEntity(DAUUtils.EnforcementResult enforcementResult) {
        EnforcementNotificationMessages messages = enforcementResult.messages();
        try {
            return ResponseEntity.status(HttpStatus.SERVICE_UNAVAILABLE).body(this.endpointInvoker.createResponseErrorObject(new EndpointException(messages.caption(), enforcementResult.origin(), messages).getSerializationData()));
        } catch (JsonProcessingException e) {
            return ResponseEntity.status(HttpStatus.SERVICE_UNAVAILABLE).body(this.endpointInvoker.createResponseErrorObject(messages.caption() + ". " + messages.message()));
        }
    }

    private Object instantiateEndpointByClassName(String str) {
        try {
            try {
                Object newInstance = Class.forName(str).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
                LOGGER.warn("Endpoint '{}' is not a Spring bean and has been instantiated using default constructor. This is not guaranteed to be supported in future releases.", str);
                return newInstance;
            } catch (ReflectiveOperationException e) {
                LOGGER.error("Endpoint '{}' is not a Spring bean and cannot be instantiated.", str);
                return null;
            }
        } catch (ClassNotFoundException e2) {
            LOGGER.warn("Endpoint class {} is not available", str, e2);
            return null;
        }
    }
}
