package org.thingsboard.server.controller;

import com.fasterxml.jackson.databind.JsonNode;
import io.swagger.v3.oas.annotations.Parameter;
import jakarta.servlet.http.HttpServletRequest;
import java.beans.ConstructorProperties;
import java.net.URI;
import java.net.URISyntaxException;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RestController;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.common.data.exception.ThingsboardException;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.mobile.app.MobileApp;
import org.thingsboard.server.common.data.mobile.app.StoreInfo;
import org.thingsboard.server.common.data.mobile.qrCodeSettings.QrCodeSettings;
import org.thingsboard.server.common.data.oauth2.PlatformType;
import org.thingsboard.server.common.data.security.model.JwtPair;
import org.thingsboard.server.config.annotations.ApiOperation;
import org.thingsboard.server.dao.mobile.QrCodeSettingService;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.mobile.secret.MobileAppSecretService;
import org.thingsboard.server.service.security.model.SecurityUser;
import org.thingsboard.server.service.security.permission.Operation;
import org.thingsboard.server.service.security.permission.Resource;
import org.thingsboard.server.service.security.system.SystemSecurityService;

@TbCoreComponent
@RestController
/* loaded from: input_file:org/thingsboard/server/controller/QrCodeSettingsController.class */
public class QrCodeSettingsController extends BaseController {

    @Value("${cache.specs.mobileSecretKey.timeToLiveInMinutes:2}")
    private int mobileSecretKeyTtl;

    @Value("${mobileApp.domain:demo.thingsboard.io}")
    private String defaultAppDomain;
    public static final String ASSET_LINKS_PATTERN = "[{\n  \"relation\": [\"delegate_permission/common.handle_all_urls\"],\n  \"target\": {\n    \"namespace\": \"android_app\",\n    \"package_name\": \"%s\",\n    \"sha256_cert_fingerprints\":\n    [\"%s\"]\n  }\n}]";
    public static final String APPLE_APP_SITE_ASSOCIATION_PATTERN = "{\n    \"applinks\": {\n        \"apps\": [],\n        \"details\": [\n            {\n                \"appID\": \"%s\",\n                \"paths\": [ \"/api/noauth/qr\" ]\n            }\n        ]\n    }\n}";
    public static final String SECRET = "secret";
    public static final String SECRET_PARAM_DESCRIPTION = "A string value representing short-lived secret key";
    public static final String DEEP_LINK_PATTERN = "https://%s/api/noauth/qr?secret=%s&ttl=%s";
    private final SystemSecurityService systemSecurityService;
    private final MobileAppSecretService mobileAppSecretService;
    private final QrCodeSettingService qrCodeSettingService;

    @GetMapping({"/.well-known/assetlinks.json"})
    @ApiOperation("Get associated android applications (getAssetLinks)")
    public ResponseEntity<JsonNode> getAssetLinks() {
        MobileApp findAppFromQrCodeSettings = this.qrCodeSettingService.findAppFromQrCodeSettings(TenantId.SYS_TENANT_ID, PlatformType.ANDROID);
        StoreInfo storeInfo = findAppFromQrCodeSettings != null ? findAppFromQrCodeSettings.getStoreInfo() : null;
        return (storeInfo == null || storeInfo.getSha256CertFingerprints() == null) ? ResponseEntity.notFound().build() : ResponseEntity.ok(JacksonUtil.toJsonNode(String.format(ASSET_LINKS_PATTERN, findAppFromQrCodeSettings.getPkgName(), storeInfo.getSha256CertFingerprints())));
    }

    @GetMapping({"/.well-known/apple-app-site-association"})
    @ApiOperation("Get associated ios applications (getAppleAppSiteAssociation)")
    public ResponseEntity<JsonNode> getAppleAppSiteAssociation() {
        MobileApp findAppFromQrCodeSettings = this.qrCodeSettingService.findAppFromQrCodeSettings(TenantId.SYS_TENANT_ID, PlatformType.IOS);
        StoreInfo storeInfo = findAppFromQrCodeSettings != null ? findAppFromQrCodeSettings.getStoreInfo() : null;
        return (storeInfo == null || storeInfo.getAppId() == null) ? ResponseEntity.notFound().build() : ResponseEntity.ok(JacksonUtil.toJsonNode(String.format(APPLE_APP_SITE_ASSOCIATION_PATTERN, storeInfo.getAppId())));
    }

    @PostMapping({"/api/mobile/qr/settings"})
    @ApiOperation(value = "Create Or Update the Mobile application settings (saveMobileAppSettings)", notes = "The request payload contains configuration for android/iOS applications and platform qr code widget settings.\n\nAvailable for users with 'SYS_ADMIN' authority.")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
    public QrCodeSettings saveQrCodeSettings(@Parameter(description = "A JSON value representing the mobile apps configuration") @RequestBody QrCodeSettings qrCodeSettings) throws ThingsboardException {
        SecurityUser currentUser = getCurrentUser();
        this.accessControlService.checkPermission(currentUser, Resource.MOBILE_APP_SETTINGS, Operation.WRITE);
        qrCodeSettings.setTenantId(getTenantId());
        return this.qrCodeSettingService.saveQrCodeSettings(currentUser.getTenantId(), qrCodeSettings);
    }

    @GetMapping({"/api/mobile/qr/settings"})
    @ApiOperation(value = "Get Mobile application settings (getMobileAppSettings)", notes = "The response payload contains configuration for android/iOS applications and platform qr code widget settings.\n\nAvailable for any authorized user. ")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
    public QrCodeSettings getQrCodeSettings() throws ThingsboardException {
        this.accessControlService.checkPermission(getCurrentUser(), Resource.MOBILE_APP_SETTINGS, Operation.READ);
        return this.qrCodeSettingService.findQrCodeSettings(TenantId.SYS_TENANT_ID);
    }

    @GetMapping(value = {"/api/mobile/qr/deepLink"}, produces = {"text/plain"})
    @ApiOperation(value = "Get the deep link to the associated mobile application (getMobileAppDeepLink)", notes = "Fetch the url that takes user to linked mobile application \n\nAvailable for any authorized user. ")
    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
    public String getMobileAppDeepLink(HttpServletRequest httpServletRequest) throws ThingsboardException, URISyntaxException {
        String generateMobileAppSecret = this.mobileAppSecretService.generateMobileAppSecret(getCurrentUser());
        String baseUrl = this.systemSecurityService.getBaseUrl(TenantId.SYS_TENANT_ID, null, httpServletRequest);
        String host = new URI(baseUrl).getHost();
        String str = this.qrCodeSettingService.findQrCodeSettings(TenantId.SYS_TENANT_ID).isUseDefaultApp() ? this.defaultAppDomain : host;
        String format = String.format(DEEP_LINK_PATTERN, str, generateMobileAppSecret, Integer.valueOf(this.mobileSecretKeyTtl));
        if (!str.equals(host)) {
            format = format + "&host=" + baseUrl;
        }
        return "\"" + format + "\"";
    }

    @GetMapping({"/api/noauth/qr/{secret}"})
    @ApiOperation(value = "Get User Token (getUserTokenByMobileSecret)", notes = "Returns the token of the User based on the provided secret key.")
    public JwtPair getUserTokenByMobileSecret(@PathVariable("secret") @Parameter(description = "A string value representing short-lived secret key") String str) throws ThingsboardException {
        checkParameter(SECRET, str);
        return this.mobileAppSecretService.getJwtPair(str);
    }

    @GetMapping({"/api/noauth/qr"})
    public ResponseEntity<?> getApplicationRedirect(@RequestHeader("User-Agent") String str) {
        QrCodeSettings findQrCodeSettings = this.qrCodeSettingService.findQrCodeSettings(TenantId.SYS_TENANT_ID);
        if (str.contains("Android") && findQrCodeSettings.isAndroidEnabled()) {
            return ResponseEntity.status(HttpStatus.FOUND).header("Location", new String[]{findQrCodeSettings.getGooglePlayLink()}).build();
        }
        if ((!str.contains("iPhone") && !str.contains("iPad")) || !findQrCodeSettings.isIosEnabled()) {
            return response(HttpStatus.NOT_FOUND);
        }
        return ResponseEntity.status(HttpStatus.FOUND).header("Location", new String[]{findQrCodeSettings.getAppStoreLink()}).build();
    }

    @ConstructorProperties({"systemSecurityService", "mobileAppSecretService", "qrCodeSettingService"})
    public QrCodeSettingsController(SystemSecurityService systemSecurityService, MobileAppSecretService mobileAppSecretService, QrCodeSettingService qrCodeSettingService) {
        this.systemSecurityService = systemSecurityService;
        this.mobileAppSecretService = mobileAppSecretService;
        this.qrCodeSettingService = qrCodeSettingService;
    }
}
