package inc.yukawa.chain.security.flux.rest;

import inc.yukawa.chain.security.domain.Credentials;
import inc.yukawa.chain.security.flux.security.RateLimitService;
import inc.yukawa.chain.security.service.AuthAspect;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.util.Collections;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Profile;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@RequestMapping(produces = {"application/json", "text/xml"})
@RestController
@Profile({"oauth-auth-aspect", "all-aspects", "default"})
@Tag(name = "OAuth")
/* loaded from: input_file:inc/yukawa/chain/security/flux/rest/OAuthFluxController.class */
public class OAuthFluxController extends BaseFluxController {
    private static final Logger log = LoggerFactory.getLogger(OAuthFluxController.class);
    private final AuthAspect<Mono<Map<String, Object>>> authService;

    @Autowired(required = false)
    @Qualifier("authRateLimitService")
    private RateLimitService rateLimitService;

    public OAuthFluxController(AuthAspect<Mono<Map<String, Object>>> authAspect) {
        this.authService = authAspect;
    }

    @PostMapping(value = {"/oauth/token"}, consumes = {"application/x-www-form-urlencoded"})
    @Operation(summary = "oAuthToken", description = "crate new auth + refresh token")
    public Mono<ResponseEntity<Map<String, Object>>> oAuthToken(ServerWebExchange serverWebExchange) {
        return serverWebExchange.getFormData().flatMap(multiValueMap -> {
            String str = (String) multiValueMap.getFirst("grant_type");
            String findOrgId = findOrgId(serverWebExchange, multiValueMap);
            log.debug("oAuthToken: grant_type = {}, orgId = {}", str, findOrgId);
            if (!"password".equals(str)) {
                return "refresh_token".equals(str) ? ((Mono) this.authService.refresh((String) multiValueMap.getFirst("refresh_token"))).map(map -> {
                    return new ResponseEntity(map, HttpStatus.OK);
                }).onErrorResume(th -> {
                    return Mono.just(ResponseEntity.status(HttpStatus.UNAUTHORIZED).build());
                }).defaultIfEmpty(ResponseEntity.status(HttpStatus.UNAUTHORIZED).build()) : Mono.just(new ResponseEntity(Collections.singletonMap("error", "unsupported_grant_type"), HttpStatus.BAD_REQUEST));
            }
            String str2 = (String) multiValueMap.getFirst("username");
            if (str2 != null && this.rateLimitService != null) {
                this.rateLimitService.consume(str2);
            }
            return ((Mono) this.authService.login(new Credentials(str2, (String) multiValueMap.getFirst("password"), findOrgId))).map((v0) -> {
                return ResponseEntity.ok(v0);
            }).onErrorResume(th2 -> {
                return Mono.just(ResponseEntity.status(HttpStatus.UNAUTHORIZED).build());
            }).defaultIfEmpty(ResponseEntity.status(HttpStatus.UNAUTHORIZED).build());
        });
    }

    protected String findOrgId(ServerWebExchange serverWebExchange, MultiValueMap<String, String> multiValueMap) {
        String str = (String) multiValueMap.getFirst("client_id");
        if (StringUtils.hasText(str)) {
            return str;
        }
        String str2 = (String) multiValueMap.getFirst("orgId");
        return StringUtils.hasText(str2) ? str2 : super.findOrgId(serverWebExchange);
    }
}
