package dev.hilla;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.vaadin.flow.component.dependency.NpmPackage;
import com.vaadin.flow.internal.CurrentInstance;
import com.vaadin.flow.server.VaadinRequest;
import com.vaadin.flow.server.VaadinService;
import com.vaadin.flow.server.VaadinServletRequest;
import dev.hilla.EndpointInvocationException;
import dev.hilla.auth.CsrfChecker;
import dev.hilla.auth.EndpointAccessChecker;
import dev.hilla.exception.EndpointException;
import java.security.Principal;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
@Import({EndpointControllerConfiguration.class, EndpointProperties.class})
@NpmPackage.Container({@NpmPackage(value = "@hilla/frontend", version = "1.2.0"), @NpmPackage(value = "@hilla/form", version = "1.2.0")})
/* loaded from: input_file:dev/hilla/EndpointController.class */
public class EndpointController {
    static final String ENDPOINT_METHODS = "/{endpoint}/{method}";
    public static final String VAADIN_ENDPOINT_MAPPER_BEAN_QUALIFIER = "vaadinEndpointMapper";
    EndpointRegistry endpointRegistry;
    private CsrfChecker csrfChecker;
    private EndpointInvoker endpointInvoker;

    public EndpointController(ApplicationContext applicationContext, EndpointRegistry endpointRegistry, EndpointInvoker endpointInvoker, CsrfChecker csrfChecker) {
        this.endpointInvoker = endpointInvoker;
        this.csrfChecker = csrfChecker;
        this.endpointRegistry = endpointRegistry;
        applicationContext.getBeansWithAnnotation(Endpoint.class).forEach((str, obj) -> {
            endpointRegistry.registerEndpoint(obj);
        });
    }

    private static Logger getLogger() {
        return LoggerFactory.getLogger(EndpointController.class);
    }

    @PostMapping(path = {ENDPOINT_METHODS}, produces = {"application/json;charset=UTF-8"})
    public ResponseEntity<String> serveEndpoint(@PathVariable("endpoint") String str, @PathVariable("method") String str2, @RequestBody(required = false) ObjectNode objectNode, HttpServletRequest httpServletRequest) {
        getLogger().debug("Endpoint: {}, method: {}, request body: {}", new Object[]{str, str2, objectNode});
        try {
            if (!this.csrfChecker.validateCsrfTokenInRequest(httpServletRequest)) {
                return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(this.endpointInvoker.createResponseErrorObject(EndpointAccessChecker.ACCESS_DENIED_MSG));
            }
            try {
                try {
                    try {
                        try {
                            CurrentInstance.set(VaadinRequest.class, new VaadinServletRequest(httpServletRequest, VaadinService.getCurrent()));
                            EndpointInvoker endpointInvoker = this.endpointInvoker;
                            Principal userPrincipal = httpServletRequest.getUserPrincipal();
                            Objects.requireNonNull(httpServletRequest);
                            try {
                                ResponseEntity<String> ok = ResponseEntity.ok(this.endpointInvoker.writeValueAsString(endpointInvoker.invoke(str, str2, objectNode, userPrincipal, httpServletRequest::isUserInRole)));
                                CurrentInstance.set(VaadinRequest.class, (Object) null);
                                return ok;
                            } catch (JsonProcessingException e) {
                                String format = String.format("Failed to serialize endpoint '%s' method '%s' response. Double check method's return type or specify a custom mapper bean with qualifier '%s'", str, str2, VAADIN_ENDPOINT_MAPPER_BEAN_QUALIFIER);
                                getLogger().error(format, e);
                                throw new EndpointInvocationException.EndpointInternalException(format);
                            }
                        } catch (EndpointInvocationException.EndpointInternalException e2) {
                            ResponseEntity<String> body = ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(this.endpointInvoker.createResponseErrorObject(e2.getMessage()));
                            CurrentInstance.set(VaadinRequest.class, (Object) null);
                            return body;
                        }
                    } catch (EndpointException e3) {
                        try {
                            ResponseEntity<String> body2 = ResponseEntity.badRequest().body(this.endpointInvoker.createResponseErrorObject(e3.getSerializationData()));
                            CurrentInstance.set(VaadinRequest.class, (Object) null);
                            return body2;
                        } catch (JsonProcessingException e4) {
                            String format2 = String.format("Failed to serialize error object for endpoint exception. ", new Object[0]);
                            getLogger().error(format2, e3);
                            ResponseEntity<String> body3 = ResponseEntity.internalServerError().body(format2);
                            CurrentInstance.set(VaadinRequest.class, (Object) null);
                            return body3;
                        }
                    }
                } catch (EndpointInvocationException.EndpointNotFoundException e5) {
                    ResponseEntity<String> build = ResponseEntity.notFound().build();
                    CurrentInstance.set(VaadinRequest.class, (Object) null);
                    return build;
                }
            } catch (EndpointInvocationException.EndpointAccessDeniedException e6) {
                ResponseEntity<String> body4 = ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(this.endpointInvoker.createResponseErrorObject(e6.getMessage()));
                CurrentInstance.set(VaadinRequest.class, (Object) null);
                return body4;
            } catch (EndpointInvocationException.EndpointBadRequestException e7) {
                ResponseEntity<String> body5 = ResponseEntity.badRequest().body(this.endpointInvoker.createResponseErrorObject(e7.getMessage()));
                CurrentInstance.set(VaadinRequest.class, (Object) null);
                return body5;
            }
        } catch (Throwable th) {
            CurrentInstance.set(VaadinRequest.class, (Object) null);
            throw th;
        }
    }
}
