package org.thingsboard.server.controller;

import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.validation.Valid;
import java.beans.ConstructorProperties;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.exception.ThingsboardException;
import org.thingsboard.server.common.data.id.OAuth2ClientId;
import org.thingsboard.server.common.data.oauth2.OAuth2Client;
import org.thingsboard.server.common.data.oauth2.OAuth2ClientInfo;
import org.thingsboard.server.common.data.oauth2.OAuth2ClientLoginInfo;
import org.thingsboard.server.common.data.oauth2.PlatformType;
import org.thingsboard.server.common.data.page.PageData;
import org.thingsboard.server.config.annotations.ApiOperation;
import org.thingsboard.server.dao.oauth2.OAuth2ClientService;
import org.thingsboard.server.dao.oauth2.OAuth2Configuration;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.entitiy.oauth2client.TbOauth2ClientService;
import org.thingsboard.server.service.security.permission.Operation;
import org.thingsboard.server.service.security.permission.Resource;
import org.thingsboard.server.utils.MiscUtils;

@RequestMapping({"/api"})
@TbCoreComponent
@RestController
/* loaded from: input_file:org/thingsboard/server/controller/OAuth2Controller.class */
public class OAuth2Controller extends BaseController {
    private static final Logger log = LoggerFactory.getLogger(OAuth2Controller.class);
    private final OAuth2Configuration oAuth2Configuration;
    private final TbOauth2ClientService tbOauth2ClientService;

    @PostMapping({"/noauth/oauth2Clients"})
    @ApiOperation(value = "Get OAuth2 clients (getOAuth2Clients)", notes = "Get the list of OAuth2 clients to log in with, available for such domain scheme (HTTP or HTTPS) (if x-forwarded-proto request header is present - the scheme is known from it) and domain name and port (port may be known from x-forwarded-port header)")
    public List<OAuth2ClientLoginInfo> getOAuth2Clients(HttpServletRequest httpServletRequest, @RequestParam(required = false) @Parameter(description = "Mobile application package name, to find OAuth2 clients where there is configured mobile application with such package name") String str, @RequestParam(required = false) @Parameter(description = "Platform type to search OAuth2 clients for which the usage with this platform type is allowed in the settings. If platform type is not one of allowable values - it will just be ignored", schema = @Schema(allowableValues = {"WEB", "ANDROID", "IOS"})) String str2) {
        if (log.isDebugEnabled()) {
            log.debug("Executing getOAuth2Clients: [{}][{}][{}]", new Object[]{httpServletRequest.getScheme(), httpServletRequest.getServerName(), Integer.valueOf(httpServletRequest.getServerPort())});
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str3 = (String) headerNames.nextElement();
                log.debug("Header: {} {}", str3, httpServletRequest.getHeader(str3));
            }
        }
        PlatformType platformType = null;
        if (StringUtils.isNotEmpty(str2)) {
            platformType = PlatformType.valueOf(str2);
        }
        return StringUtils.isNotEmpty(str) ? this.oAuth2ClientService.findOAuth2ClientLoginInfosByMobilePkgNameAndPlatformType(str, platformType) : this.oAuth2ClientService.findOAuth2ClientLoginInfosByDomainName(MiscUtils.getDomainNameAndPort(httpServletRequest));
    }

    @PostMapping({"/oauth2/client"})
    @ApiOperation(value = "Save OAuth2 Client (saveOAuth2Client)", notes = "\n\nAvailable for users with 'SYS_ADMIN' or 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    public OAuth2Client saveOAuth2Client(@Valid @RequestBody OAuth2Client oAuth2Client) throws Exception {
        oAuth2Client.setTenantId(getTenantId());
        checkEntity((OAuth2Controller) oAuth2Client.getId(), (OAuth2ClientId) oAuth2Client, Resource.OAUTH2_CLIENT);
        return this.tbOauth2ClientService.save(oAuth2Client, getCurrentUser());
    }

    @GetMapping({"/oauth2/client/infos"})
    @ApiOperation(value = "Get OAuth2 Client infos (findTenantOAuth2ClientInfos)", notes = "\n\nAvailable for users with 'SYS_ADMIN' or 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    public PageData<OAuth2ClientInfo> findTenantOAuth2ClientInfos(@RequestParam @Parameter(description = "Maximum amount of entities in a one page", required = true) int i, @RequestParam @Parameter(description = "Sequence number of page starting from 0", required = true) int i2, @RequestParam(required = false) @Parameter(description = "Case-insensitive 'substring' filter based on client's title") String str, @RequestParam(required = false) @Parameter(description = "Property of entity to sort by") String str2, @RequestParam(required = false) @Parameter(description = "Sort order. ASC (ASCENDING) or DESC (DESCENDING)") String str3) throws ThingsboardException {
        return this.oAuth2ClientService.findOAuth2ClientInfosByTenantId(getTenantId(), createPageLink(i, i2, str, str2, str3));
    }

    @GetMapping(value = {"/oauth2/client/infos"}, params = {"clientIds"})
    @ApiOperation(value = "Get OAuth2 Client infos By Ids (findTenantOAuth2ClientInfosByIds)", notes = "Fetch OAuth2 Client info objects based on the provided ids. \n\nAvailable for users with 'SYS_ADMIN' or 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    public List<OAuth2ClientInfo> findTenantOAuth2ClientInfosByIds(@RequestParam("clientIds") @Parameter(description = "A list of oauth2 ids, separated by comma ','", array = @ArraySchema(schema = @Schema(type = "string")), required = true) UUID[] uuidArr) throws ThingsboardException {
        return this.oAuth2ClientService.findOAuth2ClientInfosByIds(getTenantId(), getOAuth2ClientIds(uuidArr));
    }

    @GetMapping({"/oauth2/client/{id}"})
    @ApiOperation(value = "Get OAuth2 Client by id (getOAuth2ClientById)", notes = "\n\nAvailable for users with 'SYS_ADMIN' or 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    public OAuth2Client getOAuth2ClientById(@PathVariable UUID uuid) throws ThingsboardException {
        OAuth2ClientId oAuth2ClientId = new OAuth2ClientId(uuid);
        OAuth2ClientService oAuth2ClientService = this.oAuth2ClientService;
        Objects.requireNonNull(oAuth2ClientService);
        return checkEntityId(oAuth2ClientId, oAuth2ClientService::findOAuth2ClientById, Operation.READ);
    }

    @DeleteMapping({"/oauth2/client/{id}"})
    @ApiOperation(value = "Delete oauth2 client (deleteOauth2Client)", notes = "Deletes the oauth2 client. Referencing non-existing oauth2 client Id will cause an error.\n\nAvailable for users with 'SYS_ADMIN' or 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    public void deleteOauth2Client(@PathVariable UUID uuid) throws Exception {
        this.tbOauth2ClientService.delete(checkOauth2ClientId(new OAuth2ClientId(uuid), Operation.DELETE), getCurrentUser());
    }

    @GetMapping({"/oauth2/loginProcessingUrl"})
    @ApiOperation(value = "Get OAuth2 log in processing URL (getLoginProcessingUrl)", notes = "Returns the URL enclosed in double quotes. After successful authentication with OAuth2 provider, it makes a redirect to this path so that the platform can do further log in processing. This URL may be configured as 'security.oauth2.loginProcessingUrl' property in yml configuration file, or as 'SECURITY_OAUTH2_LOGIN_PROCESSING_URL' env variable. By default it is '/login/oauth2/code/'\n\nAvailable for users with 'SYS_ADMIN' or 'TENANT_ADMIN' authority.")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
    public String getLoginProcessingUrl() {
        return "\"" + this.oAuth2Configuration.getLoginProcessingUrl() + "\"";
    }

    @ConstructorProperties({"oAuth2Configuration", "tbOauth2ClientService"})
    public OAuth2Controller(OAuth2Configuration oAuth2Configuration, TbOauth2ClientService tbOauth2ClientService) {
        this.oAuth2Configuration = oAuth2Configuration;
        this.tbOauth2ClientService = tbOauth2ClientService;
    }
}
