package de.kosmos_lab.web.server.example;

import de.kosmos_lab.web.data.User;
import de.kosmos_lab.web.exceptions.LoginFailedException;
import de.kosmos_lab.web.persistence.ISesssionPersistence;
import de.kosmos_lab.web.persistence.IUserPersistence;
import de.kosmos_lab.web.persistence.exceptions.NoPersistenceException;
import de.kosmos_lab.web.persistence.exceptions.NotFoundInPersistenceException;
import de.kosmos_lab.web.server.WebServer;
import de.kosmos_lab.web.server.servlets.BaseServlet;
import de.kosmos_lab.web.server.servlets.MyHttpServletRequest;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.json.JSONObject;

/* loaded from: input_file:de/kosmos_lab/web/server/example/ExampleAuthedServlet.class */
public abstract class ExampleAuthedServlet extends BaseServlet {
    protected final int level;

    public ExampleAuthedServlet(ExampleWebServer exampleWebServer) {
        this(exampleWebServer, 1);
    }

    public ExampleAuthedServlet(ExampleWebServer exampleWebServer, int i) {
        super(exampleWebServer);
        this.level = i;
        logger.info("created servlet {}", getClass());
    }

    @Override // de.kosmos_lab.web.server.servlets.BaseServlet
    protected boolean isAllowed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        User login;
        String header = httpServletRequest.getHeader("Authorization");
        ExampleWebServer exampleWebServer = (ExampleWebServer) this.server;
        if (header != null) {
            String trim = header.trim();
            if (trim.startsWith("Bearer")) {
                trim = trim.substring(6).trim();
            }
            try {
                JSONObject verifyJWT = ((ISesssionPersistence) exampleWebServer.getPersistence(ISesssionPersistence.class)).verifyJWT(trim);
                if (verifyJWT != null) {
                    try {
                        User user = ((IUserPersistence) exampleWebServer.getPersistence(IUserPersistence.class)).getUser(verifyJWT.getString("name"));
                        httpServletRequest.setAttribute("user", user);
                        if (user.canAccess(this.level)) {
                            return true;
                        }
                        httpServletResponse.setStatus(WebServer.STATUS_FORBIDDEN);
                        return false;
                    } catch (NotFoundInPersistenceException e) {
                        e.printStackTrace();
                        httpServletResponse.setHeader("WWW-Authenticate", "Bearer realm=\"example\",\n                   error=\"invalid_token\",\n                   error_description=\"The access token expired\"");
                        httpServletResponse.setStatus(WebServer.STATUS_NO_AUTH);
                        return false;
                    }
                }
            } catch (NoPersistenceException e2) {
            }
            httpServletResponse.setHeader("WWW-Authenticate", "Bearer realm=\"example\",\n                   error=\"invalid_token\",\n                   error_description=\"The access token expired\"");
            httpServletResponse.setStatus(WebServer.STATUS_NO_AUTH);
            return false;
        }
        String header2 = httpServletRequest.getHeader("username");
        String header3 = httpServletRequest.getHeader("password");
        if (header2 == null || header3 == null) {
            header2 = httpServletRequest.getParameter("username");
            header3 = httpServletRequest.getParameter("password");
        }
        if (header2 != null && header3 != null) {
            try {
                try {
                    login = ((IUserPersistence) exampleWebServer.getPersistence(IUserPersistence.class)).login(header2, header3);
                } catch (NoPersistenceException e3) {
                    e3.printStackTrace();
                }
                if (login != null) {
                    httpServletRequest.setAttribute("user", login);
                    if (login.canAccess(this.level)) {
                        return true;
                    }
                    httpServletResponse.setStatus(WebServer.STATUS_FORBIDDEN);
                    return false;
                }
            } catch (LoginFailedException e4) {
                e4.printStackTrace();
            }
        }
        httpServletResponse.setStatus(WebServer.STATUS_NO_AUTH);
        return false;
    }

    protected boolean isMeOrAmAdmin(MyHttpServletRequest myHttpServletRequest, User user) {
        User user2 = myHttpServletRequest.getUser();
        return user2.isAdmin() && user2.getLevel() >= user.getLevel();
    }
}
