package com.iheart.thomas.http4s.auth;

import cats.MonadError;
import cats.effect.Concurrent;
import cats.implicits$;
import cats.syntax.ApplicativeIdOps$;
import cats.syntax.MonadErrorOps$;
import cats.syntax.OptionOps$;
import com.iheart.thomas.admin.Role;
import com.iheart.thomas.admin.Role$;
import com.iheart.thomas.admin.User;
import com.iheart.thomas.admin.UserDAO;
import com.iheart.thomas.dynamo.AdminDAOs$;
import com.iheart.thomas.http4s.auth.AuthError;
import scala.Function1;
import scala.MatchError;
import scala.Option;
import scala.Predef$;
import scala.Tuple2;
import scala.collection.immutable.Vector;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import software.amazon.awssdk.services.dynamodb.DynamoDbAsyncClient;
import tsec.authentication.AugmentedJWT;
import tsec.authentication.Authenticator;
import tsec.common.VerificationStatus;
import tsec.common.Verified$;
import tsec.jws.mac.JWSMacCV$;
import tsec.jws.mac.JWSMacHeader$;
import tsec.jwt.algorithms.JWA$HS256$;
import tsec.mac.jca.HMACSHA256$;
import tsec.passwordhashers.PasswordHasher;
import tsec.passwordhashers.jca.BCrypt$;
import tsec.passwordhashers.package$PasswordHash$;

/* compiled from: AuthenticationAlg.scala */
/* loaded from: input_file:com/iheart/thomas/http4s/auth/AuthenticationAlg$.class */
public final class AuthenticationAlg$ {
    public static AuthenticationAlg$ MODULE$;

    static {
        new AuthenticationAlg$();
    }

    public <F, C, Auth> AuthenticationAlg<F, Auth> apply(final MonadError<F, Throwable> monadError, final UserDAO<F> userDAO, final PasswordHasher<F, C> passwordHasher, final Authenticator<F, String, User, AugmentedJWT<Auth, String>> authenticator) {
        return new AuthenticationAlg<F, Auth>(authenticator, monadError, userDAO, passwordHasher) { // from class: com.iheart.thomas.http4s.auth.AuthenticationAlg$$anon$1
            private final Authenticator auth$1;
            private final MonadError evidence$1$1;
            private final UserDAO userDAO$1;
            private final PasswordHasher cryptService$1;

            @Override // com.iheart.thomas.http4s.auth.AuthenticationAlg
            public F logout(AugmentedJWT<Auth, String> augmentedJWT) {
                return (F) implicits$.MODULE$.toFunctorOps(this.auth$1.discard(augmentedJWT), this.evidence$1$1).void();
            }

            @Override // com.iheart.thomas.http4s.auth.AuthenticationAlg
            public F login(String str, String str2, Function1<User, F> function1) {
                return (F) implicits$.MODULE$.toFlatMapOps(this.userDAO$1.find(str), this.evidence$1$1).flatMap(option -> {
                    return implicits$.MODULE$.toFlatMapOps(OptionOps$.MODULE$.liftTo$extension(implicits$.MODULE$.catsSyntaxOption(option)).apply(() -> {
                        return new AuthError.UserNotFound(str);
                    }, this.evidence$1$1), this.evidence$1$1).flatMap(user -> {
                        return implicits$.MODULE$.toFlatMapOps(MonadErrorOps$.MODULE$.ensure$extension(implicits$.MODULE$.catsSyntaxMonadError(this.cryptService$1.checkpw(str2, package$PasswordHash$.MODULE$.apply(user.hash()), this.evidence$1$1), this.evidence$1$1), () -> {
                            return AuthError$IncorrectPassword$.MODULE$;
                        }, verificationStatus -> {
                            return BoxesRunTime.boxToBoolean($anonfun$login$5(verificationStatus));
                        }, this.evidence$1$1), this.evidence$1$1).flatMap(verificationStatus2 -> {
                            return implicits$.MODULE$.toFlatMapOps(this.auth$1.create(user.username()), this.evidence$1$1).flatMap(augmentedJWT -> {
                                return implicits$.MODULE$.toFunctorOps(function1.apply(user), this.evidence$1$1).map(response -> {
                                    return this.auth$1.embed(response, augmentedJWT);
                                });
                            });
                        });
                    });
                });
            }

            @Override // com.iheart.thomas.http4s.auth.AuthenticationAlg
            public F register(String str, String str2, Role role) {
                return (F) implicits$.MODULE$.catsSyntaxApply(implicits$.MODULE$.catsSyntaxApply(MonadErrorOps$.MODULE$.ensure$extension(implicits$.MODULE$.catsSyntaxMonadError(this.userDAO$1.find(str), this.evidence$1$1), () -> {
                    return new AuthError.UserAlreadyExist(str);
                }, option -> {
                    return BoxesRunTime.boxToBoolean(option.isEmpty());
                }, this.evidence$1$1), this.evidence$1$1).$times$greater(MonadErrorOps$.MODULE$.ensure$extension(implicits$.MODULE$.catsSyntaxMonadError(ApplicativeIdOps$.MODULE$.pure$extension(implicits$.MODULE$.catsSyntaxApplicativeId(str2), this.evidence$1$1), this.evidence$1$1), () -> {
                    return new AuthError.PasswordTooWeak(str);
                }, str3 -> {
                    return BoxesRunTime.boxToBoolean($anonfun$register$4(str3));
                }, this.evidence$1$1)), this.evidence$1$1).$times$greater(implicits$.MODULE$.toFlatMapOps(this.cryptService$1.hashpw(str2), this.evidence$1$1).flatMap(str4 -> {
                    return this.userDAO$1.insert(new User(str, str4, role));
                }));
            }

            @Override // com.iheart.thomas.http4s.auth.AuthenticationAlg
            public F update(String str, Option<String> option, Option<Role> option2) {
                return (F) implicits$.MODULE$.toFlatMapOps(this.userDAO$1.get(str), this.evidence$1$1).flatMap(user -> {
                    return implicits$.MODULE$.toFlatMapOps(option2.fold(() -> {
                        return ApplicativeIdOps$.MODULE$.pure$extension(implicits$.MODULE$.catsSyntaxApplicativeId(BoxedUnit.UNIT), this.evidence$1$1);
                    }, role -> {
                        boolean z;
                        Role role = user.role();
                        Role Admin = Role$.MODULE$.Admin();
                        if (role != null ? role.equals(Admin) : Admin == null) {
                            Role Admin2 = Role$.MODULE$.Admin();
                            if (role != null ? !role.equals(Admin2) : Admin2 != null) {
                                z = true;
                                return !z ? implicits$.MODULE$.toFunctorOps(MonadErrorOps$.MODULE$.ensure$extension(implicits$.MODULE$.catsSyntaxMonadError(this.userDAO$1.all(), this.evidence$1$1), () -> {
                                    return AuthError$MustHaveAtLeastOneAdmin$.MODULE$;
                                }, vector -> {
                                    return BoxesRunTime.boxToBoolean($anonfun$update$5(vector));
                                }, this.evidence$1$1), this.evidence$1$1).void() : ApplicativeIdOps$.MODULE$.pure$extension(implicits$.MODULE$.catsSyntaxApplicativeId(BoxedUnit.UNIT), this.evidence$1$1);
                            }
                        }
                        z = false;
                        if (!z) {
                        }
                    }), this.evidence$1$1).flatMap(boxedUnit -> {
                        return implicits$.MODULE$.toFlatMapOps(implicits$.MODULE$.toFunctorOps(implicits$.MODULE$.toTraverseOps(option, implicits$.MODULE$.catsStdInstancesForOption()).traverse(str2 -> {
                            return this.cryptService$1.hashpw(str2);
                        }, this.evidence$1$1), this.evidence$1$1).map(option3 -> {
                            return new Tuple2(option3, user.copy(user.copy$default$1(), (String) option3.getOrElse(() -> {
                                return user.hash();
                            }), (Role) option2.getOrElse(() -> {
                                return user.role();
                            })));
                        }), this.evidence$1$1).flatMap(tuple2 -> {
                            if (tuple2 == null) {
                                throw new MatchError(tuple2);
                            }
                            return implicits$.MODULE$.toFunctorOps(this.userDAO$1.update((User) tuple2._2()), this.evidence$1$1).map(user -> {
                                return user;
                            });
                        });
                    });
                });
            }

            @Override // com.iheart.thomas.http4s.auth.AuthenticationAlg
            public F remove(String str) {
                return (F) this.userDAO$1.remove(str);
            }

            @Override // com.iheart.thomas.http4s.auth.AuthenticationAlg
            public F allUsers() {
                return (F) this.userDAO$1.all();
            }

            public static final /* synthetic */ boolean $anonfun$login$5(VerificationStatus verificationStatus) {
                Verified$ verified$ = Verified$.MODULE$;
                return verificationStatus != null ? verificationStatus.equals(verified$) : verified$ == null;
            }

            public static final /* synthetic */ boolean $anonfun$register$4(String str) {
                return str.length() > 5;
            }

            public static final /* synthetic */ boolean $anonfun$update$6(User user) {
                Role role = user.role();
                Role Admin = Role$.MODULE$.Admin();
                return role != null ? role.equals(Admin) : Admin == null;
            }

            public static final /* synthetic */ boolean $anonfun$update$5(Vector vector) {
                return vector.count(user -> {
                    return BoxesRunTime.boxToBoolean($anonfun$update$6(user));
                }) > 1;
            }

            {
                this.auth$1 = authenticator;
                this.evidence$1$1 = monadError;
                this.userDAO$1 = userDAO;
                this.cryptService$1 = passwordHasher;
            }
        };
    }

    /* renamed from: default, reason: not valid java name */
    public <F> F m69default(String str, Concurrent<F> concurrent, DynamoDbAsyncClient dynamoDbAsyncClient) {
        return (F) implicits$.MODULE$.toFunctorOps(AuthDependencies$.MODULE$.apply(str, concurrent), concurrent).map(authDependencies -> {
            return (AuthenticationAlg) Predef$.MODULE$.implicitly(MODULE$.apply(concurrent, AdminDAOs$.MODULE$.userDAO(concurrent, dynamoDbAsyncClient), BCrypt$.MODULE$.syncPasswordHasher(concurrent), authDependencies.jwtAuthenticator(concurrent, authDependencies.backingStore(concurrent, AdminDAOs$.MODULE$.authRecordDAO(concurrent, dynamoDbAsyncClient), JWSMacHeader$.MODULE$.genSerializer(JWA$HS256$.MODULE$, JWSMacHeader$.MODULE$.decoder(JWA$HS256$.MODULE$), JWSMacHeader$.MODULE$.encoder(JWA$HS256$.MODULE$)), JWSMacCV$.MODULE$.eitherSigner(JWSMacHeader$.MODULE$.genSerializer(JWA$HS256$.MODULE$, JWSMacHeader$.MODULE$.decoder(JWA$HS256$.MODULE$), JWSMacHeader$.MODULE$.encoder(JWA$HS256$.MODULE$)), HMACSHA256$.MODULE$.macInstanceEither())), authDependencies.identityStore(AdminDAOs$.MODULE$.userDAO(concurrent, dynamoDbAsyncClient)), JWSMacCV$.MODULE$.genSigner(concurrent, JWSMacHeader$.MODULE$.genSerializer(JWA$HS256$.MODULE$, JWSMacHeader$.MODULE$.decoder(JWA$HS256$.MODULE$), JWSMacHeader$.MODULE$.encoder(JWA$HS256$.MODULE$)), HMACSHA256$.MODULE$.syncMac(concurrent)), JWA$HS256$.MODULE$)));
        });
    }

    private AuthenticationAlg$() {
        MODULE$ = this;
    }
}
