package com.erudika.para.security.filters;

import com.eaio.uuid.UUID;
import com.erudika.para.Para;
import com.erudika.para.core.App;
import com.erudika.para.core.User;
import com.erudika.para.core.utils.ParaObjectUtils;
import com.erudika.para.security.AuthenticatedUserDetails;
import com.erudika.para.security.SecurityUtils;
import com.erudika.para.security.UserAuthentication;
import com.erudika.para.utils.Config;
import com.erudika.para.utils.Utils;
import com.erudika.para.utils.filters.CORSFilter;
import com.fasterxml.jackson.databind.MappingIterator;
import com.fasterxml.jackson.databind.ObjectReader;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

/* loaded from: input_file:com/erudika/para/security/filters/GitHubAuthFilter.class */
public class GitHubAuthFilter extends AbstractAuthenticationProcessingFilter {
    private final CloseableHttpClient httpclient;
    private final ObjectReader jreader;
    private static final String PROFILE_URL = "https://api.github.com/user";
    private static final String TOKEN_URL = "https://github.com/login/oauth/access_token";
    private static final String PAYLOAD = "code={0}&redirect_uri={1}&scope=&client_id={2}&client_secret={3}&grant_type=authorization_code";
    public static final String GITHUB_ACTION = "github_auth";

    public GitHubAuthFilter(String str) {
        super(str);
        this.jreader = ParaObjectUtils.getJsonReader(Map.class);
        this.httpclient = HttpClients.createDefault();
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        UserAuthentication userAuthentication = null;
        if (httpServletRequest.getRequestURI().endsWith(GITHUB_ACTION)) {
            String parameter = httpServletRequest.getParameter("code");
            if (!StringUtils.isBlank(parameter)) {
                String parameter2 = httpServletRequest.getParameter("appid");
                String str = httpServletRequest.getRequestURL().toString() + (parameter2 == null ? CORSFilter.DEFAULT_EXPOSED_HEADERS : "?appid=" + parameter2);
                App app = (App) Para.getDAO().read(App.id(parameter2 == null ? Config.getRootAppIdentifier() : parameter2));
                String[] oAuthKeysForApp = SecurityUtils.getOAuthKeysForApp(app, Config.GITHUB_PREFIX);
                String formatMessage = Utils.formatMessage(PAYLOAD, new Object[]{URLEncoder.encode(parameter, "UTF-8"), URLEncoder.encode(str, "UTF-8"), oAuthKeysForApp[0], oAuthKeysForApp[1]});
                HttpPost httpPost = new HttpPost(TOKEN_URL);
                httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
                httpPost.setHeader("Accept", "application/json");
                httpPost.setEntity(new StringEntity(formatMessage, "UTF-8"));
                CloseableHttpResponse execute = this.httpclient.execute(httpPost);
                if (execute != null && execute.getEntity() != null) {
                    Map map = (Map) this.jreader.readValue(execute.getEntity().getContent());
                    if (map != null && map.containsKey("access_token")) {
                        userAuthentication = getOrCreateUser(app, (String) map.get("access_token"));
                    }
                    EntityUtils.consumeQuietly(execute.getEntity());
                }
            }
        }
        return SecurityUtils.checkIfActive(userAuthentication, SecurityUtils.getAuthenticatedUser(userAuthentication), true);
    }

    public UserAuthentication getOrCreateUser(App app, String str) throws IOException {
        UserAuthentication userAuthentication = null;
        User user = new User();
        if (str != null) {
            HttpGet httpGet = new HttpGet(PROFILE_URL);
            httpGet.setHeader("Authorization", "Bearer " + str);
            httpGet.setHeader("Accept", "application/json");
            CloseableHttpResponse execute = this.httpclient.execute(httpGet);
            HttpEntity entity = execute.getEntity();
            String value = execute.getFirstHeader("Content-Type").getValue();
            if (entity != null && Utils.isJsonType(value)) {
                Map map = (Map) this.jreader.readValue(entity.getContent());
                if (map != null && map.containsKey("id")) {
                    Integer num = (Integer) map.get("id");
                    String str2 = (String) map.get("avatar_url");
                    String str3 = (String) map.get("email");
                    String str4 = (String) map.get("name");
                    if (StringUtils.isBlank(str3)) {
                        str3 = fetchUserEmail(num, str);
                    }
                    user.setAppid(getAppid(app));
                    user.setIdentifier(Config.GITHUB_PREFIX + num);
                    user.setEmail(str3);
                    user = User.readUserForIdentifier(user);
                    if (user == null) {
                        user = new User();
                        user.setActive(true);
                        user.setAppid(getAppid(app));
                        user.setEmail(StringUtils.isBlank(str3) ? num + "@github.com" : str3);
                        user.setName(StringUtils.isBlank(str4) ? "No Name" : str4);
                        user.setPassword(new UUID().toString());
                        user.setPicture(getPicture(str2));
                        user.setIdentifier(Config.GITHUB_PREFIX + num);
                        if (user.create() == null) {
                            throw new AuthenticationServiceException("Authentication failed: cannot create new user.");
                        }
                    } else {
                        String picture = getPicture(str2);
                        boolean z = false;
                        if (!StringUtils.equals(user.getPicture(), picture)) {
                            user.setPicture(picture);
                            z = true;
                        }
                        if (!StringUtils.isBlank(str3) && !StringUtils.equals(user.getEmail(), str3)) {
                            user.setEmail(str3);
                            z = true;
                        }
                        if (z) {
                            user.update();
                        }
                    }
                    userAuthentication = new UserAuthentication(new AuthenticatedUserDetails(user));
                }
                EntityUtils.consumeQuietly(entity);
            }
        }
        return SecurityUtils.checkIfActive(userAuthentication, user, false);
    }

    private static String getPicture(String str) {
        if (str != null) {
            return str.contains("?") ? str.substring(0, str.indexOf(63)) : str;
        }
        return null;
    }

    private String fetchUserEmail(Integer num, String str) throws IOException {
        MappingIterator readValues;
        HttpGet httpGet = new HttpGet("https://api.github.com/user/emails");
        httpGet.setHeader("Authorization", "Bearer " + str);
        httpGet.setHeader("Accept", "application/json");
        CloseableHttpResponse execute = this.httpclient.execute(httpGet);
        HttpEntity entity = execute.getEntity();
        String value = execute.getFirstHeader("Content-Type").getValue();
        if (entity == null || !Utils.isJsonType(value) || (readValues = this.jreader.readValues(entity.getContent())) == null) {
            return num + "@github.com";
        }
        String str2 = null;
        while (readValues.hasNext()) {
            Map map = (Map) readValues.next();
            str2 = (String) map.get("email");
            if (map.containsKey("primary") && ((Boolean) map.get("primary")).booleanValue()) {
                break;
            }
        }
        return str2;
    }

    private String getAppid(App app) {
        if (app == null) {
            return null;
        }
        return app.getAppIdentifier();
    }
}
