package dev.hilla;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.vaadin.flow.component.dependency.NpmPackage;
import com.vaadin.flow.internal.CurrentInstance;
import com.vaadin.flow.server.VaadinRequest;
import com.vaadin.flow.server.VaadinService;
import com.vaadin.flow.server.VaadinServletRequest;
import dev.hilla.EndpointInvocationException;
import dev.hilla.auth.CsrfChecker;
import dev.hilla.auth.EndpointAccessChecker;
import dev.hilla.exception.EndpointException;
import jakarta.annotation.PostConstruct;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.Principal;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.TreeMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@NpmPackage(value = "@hilla/frontend", version = "2.4.0-beta2")
@RestController
@Import({EndpointControllerConfiguration.class, EndpointProperties.class})
/* loaded from: input_file:dev/hilla/EndpointController.class */
public class EndpointController {
    private static final Logger LOGGER = LoggerFactory.getLogger(EndpointController.class);
    static final String ENDPOINT_METHODS = "/{endpoint}/{method}";
    public static final String ENDPOINT_MAPPER_FACTORY_BEAN_QUALIFIER = "endpointMapperFactory";
    private final ApplicationContext context;
    EndpointRegistry endpointRegistry;
    private final CsrfChecker csrfChecker;
    private final EndpointInvoker endpointInvoker;
    private String openApiResourceName = "/dev/hilla/openapi.json";

    public EndpointController(ApplicationContext applicationContext, EndpointRegistry endpointRegistry, EndpointInvoker endpointInvoker, CsrfChecker csrfChecker) {
        this.context = applicationContext;
        this.endpointInvoker = endpointInvoker;
        this.csrfChecker = csrfChecker;
        this.endpointRegistry = endpointRegistry;
    }

    void setOpenApiResourceName(String str) {
        this.openApiResourceName = str;
    }

    @PostConstruct
    public void registerEndpoints() {
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        treeMap.putAll(this.context.getBeansWithAnnotation(Endpoint.class));
        treeMap.putAll(this.context.getBeansWithAnnotation(BrowserCallable.class));
        registerEndpointsFromApiDefinition(treeMap);
        if (this.endpointRegistry.isEmpty() && !treeMap.isEmpty()) {
            LOGGER.debug("No endpoints found in openapi.json: registering all endpoints found using the Spring context");
            treeMap.forEach((str, obj) -> {
                this.endpointRegistry.registerEndpoint(obj);
            });
        }
        HillaStats.report();
    }

    @PostMapping(path = {ENDPOINT_METHODS}, produces = {"application/json;charset=UTF-8"})
    public ResponseEntity<String> serveEndpoint(@PathVariable("endpoint") String str, @PathVariable("method") String str2, @RequestBody(required = false) ObjectNode objectNode, HttpServletRequest httpServletRequest) {
        LOGGER.debug("Endpoint: {}, method: {}, request body: {}", new Object[]{str, str2, objectNode});
        try {
            if (!this.csrfChecker.validateCsrfTokenInRequest(httpServletRequest)) {
                return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(this.endpointInvoker.createResponseErrorObject(EndpointAccessChecker.ACCESS_DENIED_MSG));
            }
            try {
                try {
                    try {
                        try {
                            CurrentInstance.set(VaadinRequest.class, new VaadinServletRequest(httpServletRequest, VaadinService.getCurrent()));
                            EndpointInvoker endpointInvoker = this.endpointInvoker;
                            Principal userPrincipal = httpServletRequest.getUserPrincipal();
                            Objects.requireNonNull(httpServletRequest);
                            try {
                                ResponseEntity<String> ok = ResponseEntity.ok(this.endpointInvoker.writeValueAsString(endpointInvoker.invoke(str, str2, objectNode, userPrincipal, httpServletRequest::isUserInRole)));
                                CurrentInstance.set(VaadinRequest.class, (Object) null);
                                return ok;
                            } catch (JsonProcessingException e) {
                                String format = String.format("Failed to serialize endpoint '%s' method '%s' response. Double check method's return type or specify a custom mapper bean with qualifier '%s'", str, str2, ENDPOINT_MAPPER_FACTORY_BEAN_QUALIFIER);
                                LOGGER.error(format, e);
                                throw new EndpointInvocationException.EndpointInternalException(format);
                            }
                        } catch (EndpointInvocationException.EndpointInternalException e2) {
                            ResponseEntity<String> body = ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(this.endpointInvoker.createResponseErrorObject(e2.getMessage()));
                            CurrentInstance.set(VaadinRequest.class, (Object) null);
                            return body;
                        }
                    } catch (EndpointException e3) {
                        try {
                            ResponseEntity<String> body2 = ResponseEntity.badRequest().body(this.endpointInvoker.createResponseErrorObject(e3.getSerializationData()));
                            CurrentInstance.set(VaadinRequest.class, (Object) null);
                            return body2;
                        } catch (JsonProcessingException e4) {
                            String format2 = String.format("Failed to serialize error object for endpoint exception. ", new Object[0]);
                            LOGGER.error(format2, e3);
                            ResponseEntity<String> body3 = ResponseEntity.internalServerError().body(format2);
                            CurrentInstance.set(VaadinRequest.class, (Object) null);
                            return body3;
                        }
                    }
                } catch (EndpointInvocationException.EndpointNotFoundException e5) {
                    ResponseEntity<String> build = ResponseEntity.notFound().build();
                    CurrentInstance.set(VaadinRequest.class, (Object) null);
                    return build;
                }
            } catch (EndpointInvocationException.EndpointAccessDeniedException e6) {
                ResponseEntity<String> body4 = ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(this.endpointInvoker.createResponseErrorObject(e6.getMessage()));
                CurrentInstance.set(VaadinRequest.class, (Object) null);
                return body4;
            } catch (EndpointInvocationException.EndpointBadRequestException e7) {
                ResponseEntity<String> body5 = ResponseEntity.badRequest().body(this.endpointInvoker.createResponseErrorObject(e7.getMessage()));
                CurrentInstance.set(VaadinRequest.class, (Object) null);
                return body5;
            }
        } catch (Throwable th) {
            CurrentInstance.set(VaadinRequest.class, (Object) null);
            throw th;
        }
    }

    private void registerEndpointsFromApiDefinition(Map<String, Object> map) {
        URL resource = getClass().getResource(this.openApiResourceName);
        if (resource == null) {
            LOGGER.debug("Resource '{}' is not available: endpoints cannot be registered yet", this.openApiResourceName);
            return;
        }
        try {
            InputStream openStream = resource.openStream();
            try {
                ArrayNode arrayNode = new ObjectMapper().readTree(openStream).get("tags");
                if (arrayNode != null) {
                    arrayNode.forEach(jsonNode -> {
                        Optional map2 = Optional.ofNullable(jsonNode.get("name")).map((v0) -> {
                            return v0.asText();
                        });
                        Objects.requireNonNull(map);
                        Optional or = map2.map((v1) -> {
                            return r1.get(v1);
                        }).or(() -> {
                            return Optional.ofNullable(jsonNode.get("x-class-name")).map((v0) -> {
                                return v0.asText();
                            }).map(this::instantiateEndpointByClassName);
                        });
                        EndpointRegistry endpointRegistry = this.endpointRegistry;
                        Objects.requireNonNull(endpointRegistry);
                        or.ifPresent(endpointRegistry::registerEndpoint);
                    });
                }
                if (openStream != null) {
                    openStream.close();
                }
            } finally {
            }
        } catch (IOException e) {
            LOGGER.warn("Failed to read openapi.json", e);
        }
    }

    private Object instantiateEndpointByClassName(String str) {
        try {
            try {
                Object newInstance = Class.forName(str).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
                LOGGER.warn("Endpoint '{}' is not a Spring bean and has been instantiated using default constructor. This is not guaranteed to be supported in future releases.", str);
                return newInstance;
            } catch (ReflectiveOperationException e) {
                LOGGER.error("Endpoint '{}' is not a Spring bean and cannot be instantiated.", str);
                return null;
            }
        } catch (ClassNotFoundException e2) {
            LOGGER.warn("Endpoint class {} is not available", str, e2);
            return null;
        }
    }
}
