package com.djrapitops.plan.delivery.webserver.http;

import com.djrapitops.plan.delivery.web.resolver.Response;
import com.djrapitops.plan.delivery.web.resolver.request.Request;
import com.djrapitops.plan.delivery.webserver.PassBruteForceGuard;
import com.djrapitops.plan.delivery.webserver.RateLimitGuard;
import com.djrapitops.plan.delivery.webserver.ResponseFactory;
import com.djrapitops.plan.delivery.webserver.ResponseResolver;
import com.djrapitops.plan.delivery.webserver.auth.FailReason;
import com.djrapitops.plan.delivery.webserver.configuration.WebserverConfiguration;
import com.djrapitops.plan.exceptions.WebUserAuthException;
import java.util.Optional;
import plan.javax.inject.Inject;
import plan.javax.inject.Singleton;
import plan.org.apache.commons.lang3.StringUtils;
import plan.org.eclipse.jetty.http.HttpHeader;

@Singleton
/* loaded from: input_file:com/djrapitops/plan/delivery/webserver/http/RequestHandler.class */
public class RequestHandler {
    private final WebserverConfiguration webserverConfiguration;
    private final ResponseFactory responseFactory;
    private final ResponseResolver responseResolver;
    private final PassBruteForceGuard bruteForceGuard = new PassBruteForceGuard();
    private final RateLimitGuard rateLimitGuard = new RateLimitGuard();
    private final AccessLogger accessLogger;

    @Inject
    public RequestHandler(WebserverConfiguration webserverConfiguration, ResponseFactory responseFactory, ResponseResolver responseResolver, AccessLogger accessLogger) {
        this.webserverConfiguration = webserverConfiguration;
        this.responseFactory = responseFactory;
        this.responseResolver = responseResolver;
        this.accessLogger = accessLogger;
    }

    public Response getResponse(InternalRequest internalRequest) {
        Response processFailedAuthentication;
        String accessAddress = internalRequest.getAccessAddress(this.webserverConfiguration);
        String requestedPath = internalRequest.getRequestedPath();
        boolean z = false;
        Request request = null;
        if (this.bruteForceGuard.shouldPreventRequest(accessAddress)) {
            processFailedAuthentication = this.responseFactory.failedLoginAttempts403();
            z = true;
        } else if (this.rateLimitGuard.shouldPreventRequest(requestedPath, accessAddress)) {
            processFailedAuthentication = this.responseFactory.failedRateLimit403();
            z = true;
        } else if (this.webserverConfiguration.getAllowedIpList().isAllowed(accessAddress)) {
            try {
                request = internalRequest.toRequest();
                processFailedAuthentication = attemptToResolve(request, accessAddress);
            } catch (WebUserAuthException e) {
                processFailedAuthentication = processFailedAuthentication(internalRequest, accessAddress, e);
            }
        } else {
            this.webserverConfiguration.getWebserverLogMessages().warnAboutWhitelistBlock(accessAddress, internalRequest.getRequestedURIString());
            processFailedAuthentication = this.responseFactory.ipWhitelist403(accessAddress);
        }
        processFailedAuthentication.getHeaders().putIfAbsent("Access-Control-Allow-Origin", this.webserverConfiguration.getAllowedCorsOrigin());
        processFailedAuthentication.getHeaders().putIfAbsent("Access-Control-Allow-Methods", "GET, OPTIONS");
        processFailedAuthentication.getHeaders().putIfAbsent("Access-Control-Allow-Credentials", "true");
        processFailedAuthentication.getHeaders().putIfAbsent("X-Robots-Tag", "noindex, nofollow");
        if (!z) {
            this.accessLogger.log(internalRequest, request, processFailedAuthentication);
        }
        return processFailedAuthentication;
    }

    private Response attemptToResolve(Request request, String str) {
        Response orElseGet = protocolUpgradeResponse(request).orElseGet(() -> {
            return this.responseResolver.getResponse(request);
        });
        request.getUser().ifPresent(webUser -> {
            processSuccessfulLogin(orElseGet.getCode(), str);
        });
        return orElseGet;
    }

    private Optional<Response> protocolUpgradeResponse(Request request) {
        Optional<String> header = request.getHeader(HttpHeader.UPGRADE.asString());
        if (header.isPresent()) {
            String str = header.get();
            if ("h2c".equals(str) || "h2".equals(str)) {
                return Optional.of(Response.builder().setStatus(101).setHeader("Connection", HttpHeader.UPGRADE.asString()).setHeader(HttpHeader.UPGRADE.asString(), str).build());
            }
        }
        return Optional.empty();
    }

    private Response processFailedAuthentication(InternalRequest internalRequest, String str, WebUserAuthException webUserAuthException) {
        FailReason failReason = webUserAuthException.getFailReason();
        if (failReason == FailReason.USER_PASS_MISMATCH) {
            return processWrongPassword(str, failReason);
        }
        String requestedURIString = internalRequest.getRequestedURIString();
        return Response.builder().redirectTo(StringUtils.startsWithAny(requestedURIString, "/auth/", "/login") ? "/login" : "/login?from=." + requestedURIString).setHeader("Set-Cookie", "auth=expired; Path=/; Max-Age=0; SameSite=Lax; Secure;").build();
    }

    private Response processWrongPassword(String str, FailReason failReason) {
        this.bruteForceGuard.increaseAttemptCountOnFailedLogin(str);
        return this.bruteForceGuard.shouldPreventRequest(str) ? this.responseFactory.failedLoginAttempts403() : this.responseFactory.badRequest(failReason.getReason(), "/auth/login");
    }

    private void processSuccessfulLogin(int i, String str) {
        boolean z = i != 401;
        boolean z2 = i != 403;
        if (z && z2) {
            this.bruteForceGuard.resetAttemptCount(str);
        }
    }
}
