package org.thingsboard.server.config;

import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.JsonNode;
import io.swagger.v3.core.converter.AnnotatedType;
import io.swagger.v3.core.converter.ModelConverter;
import io.swagger.v3.core.converter.ModelConverters;
import io.swagger.v3.core.util.Json;
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.PathItem;
import io.swagger.v3.oas.models.Paths;
import io.swagger.v3.oas.models.examples.Example;
import io.swagger.v3.oas.models.info.Contact;
import io.swagger.v3.oas.models.info.Info;
import io.swagger.v3.oas.models.info.License;
import io.swagger.v3.oas.models.media.Content;
import io.swagger.v3.oas.models.media.MediaType;
import io.swagger.v3.oas.models.media.Schema;
import io.swagger.v3.oas.models.parameters.RequestBody;
import io.swagger.v3.oas.models.responses.ApiResponse;
import io.swagger.v3.oas.models.responses.ApiResponses;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.tags.Tag;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.TreeMap;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springdoc.core.customizers.OpenApiCustomizer;
import org.springdoc.core.customizers.OperationCustomizer;
import org.springdoc.core.customizers.RouterOperationCustomizer;
import org.springdoc.core.discoverer.SpringDocParameterNameDiscoverer;
import org.springdoc.core.models.GroupedOpenApi;
import org.springdoc.core.properties.SpringDocConfigProperties;
import org.springdoc.core.properties.SwaggerUiConfigProperties;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Profile;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestParam;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
import org.thingsboard.server.common.data.security.Authority;
import org.thingsboard.server.controller.UserController;
import org.thingsboard.server.exception.ThingsboardCredentialsExpiredResponse;
import org.thingsboard.server.exception.ThingsboardErrorResponse;
import org.thingsboard.server.service.security.auth.rest.LoginRequest;
import org.thingsboard.server.service.security.auth.rest.LoginResponse;

@Profile({"!test"})
@Configuration
@ConditionalOnExpression("('${service.type:null}'=='monolith' || '${service.type:null}'=='tb-core') && '${springdoc.api-docs.enabled:true}'=='true'")
/* loaded from: input_file:org/thingsboard/server/config/SwaggerConfiguration.class */
public class SwaggerConfiguration {
    public static final String LOGIN_ENDPOINT = "/api/auth/login";
    public static final String REFRESH_TOKEN_ENDPOINT = "/api/auth/token";

    @Value("${swagger.api_path:/api/**}")
    private String apiPath;

    @Value("${swagger.security_path_regex}")
    private String securityPathRegex;

    @Value("${swagger.non_security_path_regex}")
    private String nonSecurityPathRegex;

    @Value("${swagger.title}")
    private String title;

    @Value("${swagger.description}")
    private String description;

    @Value("${swagger.contact.name}")
    private String contactName;

    @Value("${swagger.contact.url}")
    private String contactUrl;

    @Value("${swagger.contact.email}")
    private String contactEmail;

    @Value("${swagger.license.title}")
    private String licenseTitle;

    @Value("${swagger.license.url}")
    private String licenseUrl;

    @Value("${swagger.version}")
    private String version;

    @Value("${app.version:unknown}")
    private String appVersion;

    @Value("${swagger.group_name:thingsboard}")
    private String groupName;
    private static final Logger log = LoggerFactory.getLogger(SwaggerConfiguration.class);
    private static final ApiResponses loginResponses = loginResponses();
    private static final ApiResponses defaultErrorResponses = defaultErrorResponses(false);
    private static final ApiResponses defaultPostErrorResponses = defaultErrorResponses(true);

    @Bean
    public OpenAPI thingsboardApi() {
        Contact email = new Contact().name(this.contactName).url(this.contactUrl).email(this.contactEmail);
        License url = new License().name(this.licenseTitle).url(this.licenseUrl);
        String str = this.version;
        if (StringUtils.isEmpty(str)) {
            str = this.appVersion;
        }
        OpenAPI info = new OpenAPI().components(new Components().addSecuritySchemes("HTTP login form", new SecurityScheme().type(SecurityScheme.Type.HTTP).description("Enter Username / Password").scheme("loginPassword").bearerFormat("/api/auth/login|X-Authorization"))).info(new Info().title(this.title).description(this.description).contact(email).license(url).version(str));
        addDefaultSchemas(info);
        addLoginOperation(info);
        addRefreshTokenOperation(info);
        return info;
    }

    @Bean
    @Primary
    public SpringDocConfigProperties springDocConfig(SpringDocConfigProperties springDocConfigProperties) {
        springDocConfigProperties.getApiDocs().setVersion(SpringDocConfigProperties.ApiDocs.OpenApiVersion.OPENAPI_3_1);
        springDocConfigProperties.setRemoveBrokenReferenceDefinitions(false);
        return springDocConfigProperties;
    }

    @Bean
    @Primary
    public SwaggerUiConfigProperties swaggerUiConfig(SwaggerUiConfigProperties swaggerUiConfigProperties) {
        swaggerUiConfigProperties.setDeepLinking(true);
        swaggerUiConfigProperties.setDisplayOperationId(false);
        swaggerUiConfigProperties.setDefaultModelsExpandDepth(1);
        swaggerUiConfigProperties.setDefaultModelExpandDepth(1);
        swaggerUiConfigProperties.setDefaultModelRendering("example");
        swaggerUiConfigProperties.setDisplayRequestDuration(false);
        swaggerUiConfigProperties.setDocExpansion("list");
        swaggerUiConfigProperties.setFilter("false");
        swaggerUiConfigProperties.setMaxDisplayedTags((Integer) null);
        swaggerUiConfigProperties.setOperationsSorter("alpha");
        swaggerUiConfigProperties.setTagsSorter("alpha");
        swaggerUiConfigProperties.setShowExtensions(false);
        swaggerUiConfigProperties.setShowCommonExtensions(false);
        swaggerUiConfigProperties.setSupportedSubmitMethods(List.of("get", "put", "post", "delete", "options", "head", "patch", "trace"));
        swaggerUiConfigProperties.setValidatorUrl((String) null);
        swaggerUiConfigProperties.setPersistAuthorization(true);
        SwaggerUiConfigProperties.SyntaxHighlight syntaxHighlight = new SwaggerUiConfigProperties.SyntaxHighlight();
        syntaxHighlight.setActivated(true);
        syntaxHighlight.setTheme("agate");
        swaggerUiConfigProperties.setSyntaxHighlight(syntaxHighlight);
        return swaggerUiConfigProperties;
    }

    private void addLoginOperation(OpenAPI openAPI) {
        Operation operation = new Operation();
        operation.summary("Login method to get user JWT token data");
        operation.description("Login method used to authenticate user and get JWT token data.\n\nValue of the response **token** field can be used as **X-Authorization** header value:\n\n`X-Authorization: Bearer $JWT_TOKEN_VALUE`.");
        operation.requestBody(new RequestBody().description("Login request").content(new Content().addMediaType("application/json", new MediaType().schema(new Schema().$ref("#/components/schemas/LoginRequest")))));
        operation.responses(loginResponses);
        operation.addTagsItem("login-endpoint");
        openAPI.path("/api/auth/login", new PathItem().post(operation));
    }

    private void addRefreshTokenOperation(OpenAPI openAPI) {
        Operation operation = new Operation();
        operation.summary("Refresh user JWT token data");
        operation.description("Method to refresh JWT token. Provide a valid refresh token to get a new JWT token.\n\nThe response contains a new token that can be used for authorization.\n\n`X-Authorization: Bearer $JWT_TOKEN_VALUE`");
        operation.requestBody(new RequestBody().description("Refresh token request").content(new Content().addMediaType("application/json", new MediaType().schema(new Schema().addProperty("refreshToken", new Schema().type("string"))))));
        operation.responses(loginResponses);
        operation.addTagsItem("login-endpoint");
        openAPI.path("/api/auth/token", new PathItem().post(operation));
    }

    @Bean
    public GroupedOpenApi groupedApi(SpringDocParameterNameDiscoverer springDocParameterNameDiscoverer) {
        return GroupedOpenApi.builder().group(this.groupName).pathsToMatch(new String[]{this.apiPath}).addRouterOperationCustomizer(routerOperationCustomizer(springDocParameterNameDiscoverer)).addOperationCustomizer(operationCustomizer()).addOpenApiCustomizer(customOpenApiCustomizer()).build();
    }

    @Bean
    @Lazy(false)
    ModelConverter mapAwareConverter() {
        return (annotatedType, modelConverterContext, it) -> {
            if (!it.hasNext()) {
                return null;
            }
            Schema resolve = ((ModelConverter) it.next()).resolve(annotatedType, modelConverterContext, it);
            JavaType constructType = Json.mapper().constructType(annotatedType.getType());
            if (constructType != null && Map.class.isAssignableFrom(constructType.getRawClass()) && resolve != null && resolve.getProperties() != null) {
                resolve.getProperties().remove("empty");
                if (resolve.getProperties().isEmpty()) {
                    resolve.setProperties((Map) null);
                }
            }
            return resolve;
        };
    }

    private void addDefaultSchemas(OpenAPI openAPI) {
        Schema schema = ModelConverters.getInstance().readAllAsResolvedSchema(new AnnotatedType().type(JsonNode.class)).schema;
        schema.setType("any");
        schema.setExamples(List.of(JacksonUtil.newObjectNode()));
        schema.setDescription("A value representing the any type (object or primitive)");
        openAPI.getComponents().addSchemas("JsonNode", schema).addSchemas("LoginRequest", ModelConverters.getInstance().readAllAsResolvedSchema(new AnnotatedType().type(LoginRequest.class)).schema).addSchemas("LoginResponse", ModelConverters.getInstance().readAllAsResolvedSchema(new AnnotatedType().type(LoginResponse.class)).schema).addSchemas("ThingsboardErrorResponse", ModelConverters.getInstance().readAllAsResolvedSchema(new AnnotatedType().type(ThingsboardErrorResponse.class)).schema).addSchemas("ThingsboardCredentialsExpiredResponse", ModelConverters.getInstance().readAllAsResolvedSchema(new AnnotatedType().type(ThingsboardCredentialsExpiredResponse.class)).schema);
    }

    private RouterOperationCustomizer routerOperationCustomizer(SpringDocParameterNameDiscoverer springDocParameterNameDiscoverer) {
        return (routerOperation, handlerMethod) -> {
            String[] parameterNames = springDocParameterNameDiscoverer.getParameterNames(handlerMethod.getMethod());
            String[] strArr = (String[]) Arrays.stream(handlerMethod.getMethod().getParameters()).map((v0) -> {
                return v0.getName();
            }).toArray(i -> {
                return new String[i];
            });
            if (parameterNames == null || Arrays.stream(parameterNames).anyMatch((v0) -> {
                return Objects.isNull(v0);
            })) {
                parameterNames = strArr;
            }
            MethodParameter[] methodParameters = handlerMethod.getMethodParameters();
            ArrayList arrayList = new ArrayList();
            for (int i2 = 0; i2 < methodParameters.length; i2++) {
                RequestParam parameterAnnotation = methodParameters[i2].getParameterAnnotation(RequestParam.class);
                if (parameterAnnotation != null) {
                    String value = StringUtils.isNotBlank(parameterAnnotation.value()) ? parameterAnnotation.value() : parameterNames[i2];
                    if (StringUtils.isNotBlank(value)) {
                        arrayList.add(value);
                    }
                }
            }
            if (!arrayList.isEmpty()) {
                routerOperation.setPath(routerOperation.getPath() + "{?" + String.join(",", arrayList) + "}");
            }
            return routerOperation;
        };
    }

    private OperationCustomizer operationCustomizer() {
        return (operation, handlerMethod) -> {
            if (StringUtils.isBlank(operation.getSummary())) {
                operation.setSummary(operation.getOperationId());
            }
            return operation;
        };
    }

    private OpenApiCustomizer customOpenApiCustomizer() {
        SecurityRequirement addList = new SecurityRequirement().addList("HTTP login form", Arrays.asList(Authority.SYS_ADMIN.name(), Authority.TENANT_ADMIN.name(), Authority.CUSTOMER_USER.name()));
        return openAPI -> {
            Paths paths = openAPI.getPaths();
            Stream sorted = paths.entrySet().stream().peek(entry -> {
                securityCustomization(addList, entry);
                if (((String) entry.getKey()).equals("/api/auth/login")) {
                    return;
                }
                defaultErrorResponsesCustomization((PathItem) entry.getValue());
            }).map(this::tagsCustomization).filter((v0) -> {
                return Objects.nonNull(v0);
            }).distinct().sorted(Comparator.comparing((v0) -> {
                return v0.getName();
            }));
            Objects.requireNonNull(openAPI);
            sorted.forEach(openAPI::addTagsItem);
            TreeMap treeMap = new TreeMap();
            paths.forEach((str, pathItem) -> {
                String tagItemFromPathItem = tagItemFromPathItem(pathItem);
                if (tagItemFromPathItem != null) {
                    ((Map) treeMap.computeIfAbsent(tagItemFromPathItem, str -> {
                        return new TreeMap();
                    })).put(str, pathItem);
                }
            });
            Paths paths2 = new Paths();
            treeMap.forEach((str2, map) -> {
                Objects.requireNonNull(paths2);
                map.forEach(paths2::addPathItem);
            });
            paths2.setExtensions(paths.getExtensions());
            openAPI.setPaths(paths2);
            openAPI.getComponents().setSchemas(new LinkedHashMap(new TreeMap(openAPI.getComponents().getSchemas())));
        };
    }

    private Tag tagsCustomization(Map.Entry<String, PathItem> entry) {
        String tagItemFromPathItem = tagItemFromPathItem(entry.getValue());
        if (tagItemFromPathItem != null) {
            return tagFromTagItem(tagItemFromPathItem);
        }
        return null;
    }

    private String tagItemFromPathItem(PathItem pathItem) {
        List tags;
        Optional findAny = pathItem.readOperationsMap().values().stream().findAny();
        if (!findAny.isPresent() || (tags = ((Operation) findAny.get()).getTags()) == null || tags.isEmpty()) {
            return null;
        }
        return (String) tags.get(0);
    }

    private Tag tagFromTagItem(String str) {
        String[] split = str.split("-");
        StringBuilder sb = new StringBuilder();
        for (String str2 : split) {
            sb.append(str2.substring(0, 1).toUpperCase());
            sb.append(str2.substring(1).toLowerCase());
            sb.append(" ");
        }
        return new Tag().name(str).description(sb.toString().trim());
    }

    private void defaultErrorResponsesCustomization(PathItem pathItem) {
        pathItem.readOperationsMap().forEach((httpMethod, operation) -> {
            ApiResponses apiResponses = httpMethod.equals(PathItem.HttpMethod.POST) ? defaultPostErrorResponses : defaultErrorResponses;
            ApiResponses responses = operation.getResponses();
            if (responses == null) {
                responses = apiResponses;
            } else {
                apiResponses.forEach((str, apiResponse) -> {
                    if (responses.containsKey(str)) {
                        return;
                    }
                    responses.put(str, apiResponse);
                });
            }
            operation.setResponses(responses);
        });
    }

    private void securityCustomization(SecurityRequirement securityRequirement, Map.Entry<String, PathItem> entry) {
        String key = entry.getKey();
        if (!key.matches(this.securityPathRegex) || key.matches(this.nonSecurityPathRegex) || key.equals("/api/auth/login")) {
            return;
        }
        entry.getValue().readOperationsMap().values().forEach(operation -> {
            operation.addSecurityItem(securityRequirement);
        });
    }

    private static ApiResponses loginResponses() {
        ApiResponses apiResponses = new ApiResponses();
        apiResponses.addApiResponse("200", new ApiResponse().description("OK").content(new Content().addMediaType("application/json", new MediaType().schema(new Schema().$ref("#/components/schemas/LoginResponse")))));
        apiResponses.putAll(loginErrorResponses());
        return apiResponses;
    }

    private static ApiResponses defaultErrorResponses(boolean z) {
        ApiResponses apiResponses = new ApiResponses();
        apiResponses.addApiResponse("400", errorResponse("400", "Bad Request", ThingsboardErrorResponse.of(z ? "Invalid request body" : "Invalid UUID string: 123", ThingsboardErrorCode.BAD_REQUEST_PARAMS, HttpStatus.BAD_REQUEST)));
        apiResponses.addApiResponse("401", errorResponse("401", "Unauthorized", ThingsboardErrorResponse.of("Authentication failed", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)));
        apiResponses.addApiResponse("403", errorResponse("403", "Forbidden", ThingsboardErrorResponse.of(UserController.YOU_DON_T_HAVE_PERMISSION_TO_PERFORM_THIS_OPERATION, ThingsboardErrorCode.PERMISSION_DENIED, HttpStatus.FORBIDDEN)));
        apiResponses.addApiResponse("404", errorResponse("404", "Not Found", ThingsboardErrorResponse.of("Requested item wasn't found!", ThingsboardErrorCode.ITEM_NOT_FOUND, HttpStatus.NOT_FOUND)));
        apiResponses.addApiResponse("429", errorResponse("429", "Too Many Requests", ThingsboardErrorResponse.of("Too many requests for current tenant!", ThingsboardErrorCode.TOO_MANY_REQUESTS, HttpStatus.TOO_MANY_REQUESTS)));
        return apiResponses;
    }

    private static ApiResponses loginErrorResponses() {
        ApiResponses apiResponses = new ApiResponses();
        apiResponses.addApiResponse("401", errorResponse("Unauthorized", Map.of("bad-credentials", errorExample("Bad credentials", ThingsboardErrorResponse.of("Invalid username or password", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)), "token-expired", errorExample("JWT token expired", ThingsboardErrorResponse.of("Token has expired", ThingsboardErrorCode.JWT_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED)), "account-disabled", errorExample("Disabled account", ThingsboardErrorResponse.of("User account is not active", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)), "account-locked", errorExample("Locked account", ThingsboardErrorResponse.of("User account is locked due to security policy", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)), "authentication-failed", errorExample("General authentication error", ThingsboardErrorResponse.of("Authentication failed", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED)))));
        Schema schema = new Schema();
        schema.$ref("#/components/schemas/ThingsboardCredentialsExpiredResponse");
        apiResponses.addApiResponse("401 ", errorResponse("Unauthorized (**Expired credentials**)", (Map<String, Example>) Map.of("credentials-expired", errorExample("Expired credentials", ThingsboardCredentialsExpiredResponse.of("User password expired!", StringUtils.randomAlphanumeric(30)))), (Schema<? extends ThingsboardErrorResponse>) schema));
        return apiResponses;
    }

    private static ApiResponse errorResponse(String str, String str2, ThingsboardErrorResponse thingsboardErrorResponse) {
        return errorResponse(str2, Map.of("error-code-" + str, errorExample(str2, thingsboardErrorResponse)));
    }

    private static ApiResponse errorResponse(String str, Map<String, Example> map) {
        Schema schema = new Schema();
        schema.$ref("#/components/schemas/ThingsboardErrorResponse");
        return errorResponse(str, map, (Schema<? extends ThingsboardErrorResponse>) schema);
    }

    private static ApiResponse errorResponse(String str, Map<String, Example> map, Schema<? extends ThingsboardErrorResponse> schema) {
        MediaType schema2 = new MediaType().schema(schema);
        schema2.setExamples(map);
        return new ApiResponse().description(str).content(new Content().addMediaType("application/json", schema2));
    }

    private static Example errorExample(String str, ThingsboardErrorResponse thingsboardErrorResponse) {
        return new Example().summary(str).value(thingsboardErrorResponse);
    }
}
