package io.corbel.oauth.api;

import io.corbel.lib.token.reader.TokenReader;
import io.corbel.lib.ws.api.error.ErrorResponseFactory;
import io.corbel.lib.ws.model.Error;
import io.corbel.oauth.model.Client;
import io.corbel.oauth.model.Role;
import io.corbel.oauth.model.User;
import io.corbel.oauth.repository.CreateUserException;
import io.corbel.oauth.service.ClientService;
import io.corbel.oauth.service.UserService;
import io.dropwizard.auth.Auth;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Optional;
import javax.validation.Valid;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;

@Path("v1.0/user")
/* loaded from: input_file:io/corbel/oauth/api/UserResource.class */
public class UserResource {
    private static final String ME = "me";
    private final UserService userService;
    private final ClientService clientService;

    public UserResource(UserService userService, ClientService clientService) {
        this.userService = userService;
        this.clientService = clientService;
    }

    @POST
    @Consumes({"application/json"})
    public Response create(@Context UriInfo uriInfo, @Auth Client client, @Valid User user) {
        try {
            user.setRole(Role.USER);
            user.setId(null);
            return Response.created(uriInfo.getAbsolutePathBuilder().path(this.userService.createUser(user, client)).build(new Object[0])).build();
        } catch (CreateUserException.DuplicatedUser e) {
            return ErrorResponseFactory.getInstance().conflict(new Error("entity_exists", "User already exists"));
        }
    }

    @GET
    @Produces({"application/json"})
    @Path("/{id}")
    public Response get(@PathParam("id") String str, @Auth TokenReader tokenReader) {
        return Response.ok().type(MediaType.APPLICATION_JSON_TYPE).entity(getUserFromIdAliases(str, tokenReader).getUser()).build();
    }

    @GET
    @Produces({"application/json"})
    @Path("/{id}/profile")
    public Response getUserProfile(@PathParam("id") String str, @Auth TokenReader tokenReader) {
        return Response.ok().type(MediaType.APPLICATION_JSON_TYPE).entity(getUserFromIdAliases(str, tokenReader).getUserProfile()).build();
    }

    @GET
    @Path("/{id}/avatar")
    public Response getAvatar(@PathParam("id") String str, @Auth TokenReader tokenReader) {
        return (Response) Optional.ofNullable(getUserFromIdAliases(str, tokenReader).getAvatarUri()).map(str2 -> {
            try {
                return new URI(str2);
            } catch (URISyntaxException e) {
                return null;
            }
        }).map(uri -> {
            return Response.temporaryRedirect(uri).build();
        }).orElseGet(() -> {
            return ErrorResponseFactory.getInstance().notfound(new Error("not_found", "User " + str + " has no avatar."));
        });
    }

    @Path("/{id}")
    @PUT
    @Consumes({"application/json"})
    public Response update(@PathParam("id") String str, @Auth TokenReader tokenReader, User user) {
        if (user == null) {
            return ErrorResponseFactory.getInstance().badRequest(new Error("bad_request", "Invalid update data"));
        }
        try {
            Client orElseThrow = this.clientService.findByName(tokenReader.getInfo().getClientId()).orElseThrow(() -> {
                return new WebApplicationException(ErrorResponseFactory.getInstance().unauthorized());
            });
            user.setEmailValidated(null);
            User userFromIdAliases = getUserFromIdAliases(str, tokenReader);
            checkUpdateUserRolePermissions(tokenReader.getInfo().getUserId(), user.getRole());
            this.userService.updateUser(userFromIdAliases, user, orElseThrow);
            return Response.noContent().build();
        } catch (CreateUserException.DuplicatedUser e) {
            return ErrorResponseFactory.getInstance().conflict(new Error("entity_exists", "User already exists"));
        }
    }

    @Path("/{id}/emailConfirmation")
    @PUT
    @Consumes({"application/json"})
    public Response confirmEmail(@PathParam("id") String str, @Auth TokenReader tokenReader) {
        String state = tokenReader.getInfo().getState();
        if (state == null) {
            return ErrorResponseFactory.getInstance().badRequest();
        }
        this.userService.confirmEmail(state);
        return Response.noContent().build();
    }

    @Path("/{id}")
    @DELETE
    public Response delete(@PathParam("id") String str, @Auth TokenReader tokenReader) {
        this.userService.deleteUser(getUserFromIdAliases(str, tokenReader).getId());
        return Response.noContent().build();
    }

    @GET
    @Path("/{id}/validate")
    public Response generateValidationEmail(@PathParam("id") String str, @Auth TokenReader tokenReader) {
        User userFromIdAliases = getUserFromIdAliases(str, tokenReader);
        return (Response) this.clientService.findByName(tokenReader.getInfo().getClientId()).map(client -> {
            this.userService.sendValidationEmail(userFromIdAliases, client);
            return Response.ok().build();
        }).orElse(ErrorResponseFactory.getInstance().notFound());
    }

    @GET
    @Path("/resetPassword")
    public Response generateResetPasswordEmail(@Auth Client client, @QueryParam("email") String str) {
        this.userService.sendMailResetPassword(str, client);
        return Response.noContent().build();
    }

    private User getUserFromIdAliases(String str, TokenReader tokenReader) {
        String userId = tokenReader.getInfo().getUserId();
        User user = this.userService.getUser(userId);
        if (ME.equals(str) || str.equals(userId)) {
            return user;
        }
        User user2 = this.userService.getUser(str);
        if (user2 != null && user.getRole().canUpdate(user2.getRole()) && user2.getDomain().equals(user.getDomain())) {
            return user2;
        }
        throw new WebApplicationException(ErrorResponseFactory.getInstance().notFound());
    }

    private void checkUpdateUserRolePermissions(String str, Role role) {
        if (role != null && !this.userService.getUser(str).getRole().canChangeRoleTo(role)) {
            throw new WebApplicationException(ErrorResponseFactory.getInstance().forbidden());
        }
    }
}
