package de.frachtwerk.essencium.backend.controller;

import de.frachtwerk.essencium.backend.configuration.properties.AppConfigProperties;
import de.frachtwerk.essencium.backend.configuration.properties.JwtConfigProperties;
import de.frachtwerk.essencium.backend.configuration.properties.oauth.OAuth2ClientRegistrationProperties;
import de.frachtwerk.essencium.backend.model.AbstractBaseUser;
import de.frachtwerk.essencium.backend.model.dto.LoginRequest;
import de.frachtwerk.essencium.backend.model.dto.TokenResponse;
import de.frachtwerk.essencium.backend.security.event.CustomAuthenticationSuccessEvent;
import de.frachtwerk.essencium.backend.service.JwtTokenService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ResponseStatusException;

@RequestMapping({"/auth"})
@RestController
@ConditionalOnProperty(value = {"essencium-backend.overrides.auth-controller"}, havingValue = "false", matchIfMissing = true)
@Tag(name = "AuthenticationController", description = "Set of endpoints used for authentication")
/* loaded from: input_file:de/frachtwerk/essencium/backend/controller/AuthenticationController.class */
public class AuthenticationController {
    private final AppConfigProperties appConfigProperties;
    private final JwtConfigProperties jwtConfigProperties;
    private final JwtTokenService jwtTokenService;
    private final AuthenticationManager authenticationManager;
    private final ApplicationEventPublisher applicationEventPublisher;
    private final OAuth2ClientRegistrationProperties oAuth2ClientRegistrationProperties;

    @PostMapping({"/token"})
    @Operation(description = "Log in to request a new JWT token")
    public TokenResponse postLogin(@RequestBody @Validated LoginRequest loginRequest, @RequestHeader(value = "User-Agent", required = false) String str, HttpServletResponse httpServletResponse) {
        try {
            Authentication authenticate = this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(loginRequest.username(), loginRequest.password()));
            this.applicationEventPublisher.publishEvent(new CustomAuthenticationSuccessEvent(authenticate, String.format("Login successful for user %s", authenticate.getName())));
            String login = this.jwtTokenService.login((AbstractBaseUser) authenticate.getPrincipal(), str);
            Cookie cookie = new Cookie("refreshToken", login);
            cookie.setHttpOnly(true);
            cookie.setPath("/auth/renew");
            cookie.setMaxAge(this.jwtConfigProperties.getRefreshTokenExpiration());
            cookie.setDomain(this.appConfigProperties.getDomain());
            cookie.setSecure(true);
            httpServletResponse.addCookie(cookie);
            return new TokenResponse(this.jwtTokenService.renew(login, str));
        } catch (AuthenticationException e) {
            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, e.getMessage(), e);
        }
    }

    @PostMapping({"/renew"})
    @CrossOrigin(origins = {"${app.url}"}, allowCredentials = "true")
    @Operation(description = "Request a new JWT access token, given a valid refresh token")
    public TokenResponse postRenew(@RequestHeader("User-Agent") String str, @CookieValue("refreshToken") String str2) {
        try {
            return new TokenResponse(this.jwtTokenService.renew(str2, str));
        } catch (AuthenticationException e) {
            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, e.getMessage(), e);
        }
    }

    @GetMapping({"/oauth-registrations"})
    public Map<String, Object> getRegistrations() {
        return Objects.isNull(this.oAuth2ClientRegistrationProperties.getRegistration()) ? Map.of() : (Map) this.oAuth2ClientRegistrationProperties.getRegistration().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return Map.of("name", ((OAuth2ClientRegistrationProperties.Registration) entry.getValue()).getClientName(), "url", "/oauth2/authorization/" + ((String) entry.getKey()), "imageUrl", (String) Objects.requireNonNullElse(((OAuth2ClientRegistrationProperties.Registration) entry.getValue()).getImageUrl(), ""));
        }));
    }

    @RequestMapping(value = {"/**"}, method = {RequestMethod.OPTIONS})
    public final ResponseEntity<?> collectionOptions() {
        return ResponseEntity.ok().allow((HttpMethod[]) getAllowedMethods().toArray(new HttpMethod[0])).build();
    }

    protected Set<HttpMethod> getAllowedMethods() {
        return Set.of(HttpMethod.HEAD, HttpMethod.POST, HttpMethod.OPTIONS);
    }

    @Generated
    public AuthenticationController(AppConfigProperties appConfigProperties, JwtConfigProperties jwtConfigProperties, JwtTokenService jwtTokenService, AuthenticationManager authenticationManager, ApplicationEventPublisher applicationEventPublisher, OAuth2ClientRegistrationProperties oAuth2ClientRegistrationProperties) {
        this.appConfigProperties = appConfigProperties;
        this.jwtConfigProperties = jwtConfigProperties;
        this.jwtTokenService = jwtTokenService;
        this.authenticationManager = authenticationManager;
        this.applicationEventPublisher = applicationEventPublisher;
        this.oAuth2ClientRegistrationProperties = oAuth2ClientRegistrationProperties;
    }
}
