package com.vaadin.hilla.auth;

import com.vaadin.flow.server.VaadinService;
import com.vaadin.flow.server.auth.AccessAnnotationChecker;
import jakarta.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Objects;
import java.util.function.Function;

/* loaded from: input_file:com/vaadin/hilla/auth/EndpointAccessChecker.class */
public class EndpointAccessChecker {
    public static final String ACCESS_DENIED_MSG = "Access denied";
    public static final String ACCESS_DENIED_MSG_DEV_MODE = "Unauthorized access to Vaadin endpoint; to enable endpoint access use one of the following annotations: @AnonymousAllowed, @PermitAll, @RolesAllowed";
    private final AccessAnnotationChecker accessAnnotationChecker;

    public EndpointAccessChecker(AccessAnnotationChecker accessAnnotationChecker) {
        this.accessAnnotationChecker = accessAnnotationChecker;
    }

    public String check(Method method, HttpServletRequest httpServletRequest) {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        Objects.requireNonNull(httpServletRequest);
        return check(method, userPrincipal, httpServletRequest::isUserInRole);
    }

    public String check(Class<?> cls, HttpServletRequest httpServletRequest) {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        Objects.requireNonNull(httpServletRequest);
        return check(cls, userPrincipal, httpServletRequest::isUserInRole);
    }

    public String check(Method method, Principal principal, Function<String, Boolean> function) {
        if (this.accessAnnotationChecker.hasAccess(method, principal, function)) {
            return null;
        }
        return isDevMode() ? ACCESS_DENIED_MSG_DEV_MODE : ACCESS_DENIED_MSG;
    }

    public String check(Class<?> cls, Principal principal, Function<String, Boolean> function) {
        if (this.accessAnnotationChecker.hasAccess(cls, principal, function)) {
            return null;
        }
        return isDevMode() ? ACCESS_DENIED_MSG_DEV_MODE : ACCESS_DENIED_MSG;
    }

    private boolean isDevMode() {
        VaadinService current = VaadinService.getCurrent();
        return (current == null || current.getDeploymentConfiguration().isProductionMode()) ? false : true;
    }

    public AccessAnnotationChecker getAccessAnnotationChecker() {
        return this.accessAnnotationChecker;
    }
}
