package org.thingsboard.server.config;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.beans.ConstructorProperties;
import java.io.IOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import org.thingsboard.server.cache.limits.RateLimitService;
import org.thingsboard.server.common.data.EntityType;
import org.thingsboard.server.common.data.exception.TenantProfileNotFoundException;
import org.thingsboard.server.common.data.limit.LimitedApi;
import org.thingsboard.server.common.msg.tools.TbRateLimitsException;
import org.thingsboard.server.exception.ThingsboardErrorResponseHandler;
import org.thingsboard.server.service.security.model.SecurityUser;

@Component
/* loaded from: input_file:org/thingsboard/server/config/RateLimitProcessingFilter.class */
public class RateLimitProcessingFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(RateLimitProcessingFilter.class);
    private final ThingsboardErrorResponseHandler errorResponseHandler;
    private final RateLimitService rateLimitService;

    public void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        SecurityUser currentUser = getCurrentUser();
        if (currentUser != null && !currentUser.isSystemAdmin()) {
            try {
                if (!this.rateLimitService.checkRateLimit(LimitedApi.REST_REQUESTS_PER_TENANT, currentUser.getTenantId())) {
                    rateLimitExceeded(EntityType.TENANT, httpServletResponse);
                    return;
                } else if (currentUser.isCustomerUser() && !this.rateLimitService.checkRateLimit(LimitedApi.REST_REQUESTS_PER_CUSTOMER, currentUser.getTenantId(), currentUser.getCustomerId())) {
                    rateLimitExceeded(EntityType.CUSTOMER, httpServletResponse);
                    return;
                }
            } catch (TenantProfileNotFoundException e) {
                log.debug("[{}] Failed to lookup tenant profile", currentUser.getTenantId());
                this.errorResponseHandler.handle(new BadCredentialsException("Failed to lookup tenant profile"), httpServletResponse);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected boolean shouldNotFilterAsyncDispatch() {
        return false;
    }

    protected boolean shouldNotFilterErrorDispatch() {
        return false;
    }

    private void rateLimitExceeded(EntityType entityType, HttpServletResponse httpServletResponse) {
        this.errorResponseHandler.handle(new TbRateLimitsException(entityType), httpServletResponse);
    }

    protected SecurityUser getCurrentUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !(authentication.getPrincipal() instanceof SecurityUser)) {
            return null;
        }
        return (SecurityUser) authentication.getPrincipal();
    }

    @ConstructorProperties({"errorResponseHandler", "rateLimitService"})
    public RateLimitProcessingFilter(ThingsboardErrorResponseHandler thingsboardErrorResponseHandler, RateLimitService rateLimitService) {
        this.errorResponseHandler = thingsboardErrorResponseHandler;
        this.rateLimitService = rateLimitService;
    }
}
