package org.rapidgraphql.directives;

import graphql.GraphqlErrorException;
import graphql.execution.DataFetcherResult;
import graphql.kickstart.servlet.context.DefaultGraphQLServletContext;
import graphql.language.ArrayValue;
import graphql.schema.DataFetcher;
import graphql.schema.DataFetchingEnvironment;
import graphql.schema.GraphQLCodeRegistry;
import graphql.schema.GraphQLFieldDefinition;
import graphql.schema.GraphQLFieldsContainer;
import graphql.schema.idl.SchemaDirectiveWiringEnvironment;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.rapidgraphql.errors.ErrorType;
import org.rapidgraphql.utils.GraphQLUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/rapidgraphql/directives/SecuredDirectiveWiring.class */
public class SecuredDirectiveWiring implements GraphQLDirectiveWiring {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecuredDirectiveWiring.class);
    public static final String DIRECTIVE_NAME = "secured";
    public static final String DIRECTIVE_ARGUMENT_NAME = "roles";
    private final boolean authEnabled;
    private final List<RoleExtractor> roleExtractors;

    public SecuredDirectiveWiring(boolean z, List<RoleExtractor> list) {
        this.authEnabled = z;
        this.roleExtractors = list;
    }

    public GraphQLFieldDefinition onField(SchemaDirectiveWiringEnvironment<GraphQLFieldDefinition> schemaDirectiveWiringEnvironment) {
        GraphQLFieldDefinition graphQLFieldDefinition = (GraphQLFieldDefinition) schemaDirectiveWiringEnvironment.getElement();
        if (!this.authEnabled || graphQLFieldDefinition.getDirective(DIRECTIVE_NAME) == null) {
            return graphQLFieldDefinition;
        }
        setDataFetcher(schemaDirectiveWiringEnvironment, graphQLFieldDefinition);
        return graphQLFieldDefinition;
    }

    private void setDataFetcher(SchemaDirectiveWiringEnvironment<GraphQLFieldDefinition> schemaDirectiveWiringEnvironment, GraphQLFieldDefinition graphQLFieldDefinition) {
        GraphQLFieldsContainer fieldsContainer = schemaDirectiveWiringEnvironment.getFieldsContainer();
        GraphQLCodeRegistry.Builder codeRegistry = schemaDirectiveWiringEnvironment.getCodeRegistry();
        DataFetcher dataFetcher = codeRegistry.getDataFetcher(fieldsContainer, graphQLFieldDefinition);
        codeRegistry.dataFetcher(fieldsContainer, graphQLFieldDefinition, dataFetchingEnvironment -> {
            return evaluateUserRoleAndReturnResultOrError(graphQLFieldDefinition, dataFetcher, dataFetchingEnvironment);
        });
    }

    private Object evaluateUserRoleAndReturnResultOrError(GraphQLFieldDefinition graphQLFieldDefinition, DataFetcher dataFetcher, DataFetchingEnvironment dataFetchingEnvironment) throws Exception {
        Optional<String> extractRoleFromRequest = extractRoleFromRequest(dataFetchingEnvironment);
        List<String> queryClearance = getQueryClearance(dataFetchingEnvironment);
        if (extractRoleFromRequest.isPresent() && queryClearance.contains(extractRoleFromRequest.get())) {
            return dataFetcher.get(dataFetchingEnvironment);
        }
        logAuthenticationFailure(graphQLFieldDefinition.getName(), extractRoleFromRequest, queryClearance);
        return buildErrorResult(graphQLFieldDefinition, dataFetchingEnvironment);
    }

    private Optional<String> extractRoleFromRequest(DataFetchingEnvironment dataFetchingEnvironment) {
        if (this.roleExtractors == null) {
            return Optional.empty();
        }
        DefaultGraphQLServletContext defaultGraphQLServletContext = (DefaultGraphQLServletContext) dataFetchingEnvironment.getContext();
        return this.roleExtractors.stream().map(roleExtractor -> {
            return roleExtractor.getRole(defaultGraphQLServletContext.getHttpServletRequest());
        }).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findFirst();
    }

    private void logAuthenticationFailure(String str, Optional<String> optional, List<String> list) {
        LOGGER.warn("Access to {} was blocked because {} is not one of required roles: {}", new Object[]{str, optional.orElse("empty role"), list});
    }

    private List<String> getQueryClearance(DataFetchingEnvironment dataFetchingEnvironment) {
        return (List) Objects.requireNonNull(GraphQLUtils.parseLiteral((ArrayValue) dataFetchingEnvironment.getFieldDefinition().getDirective(DIRECTIVE_NAME).getArgument(DIRECTIVE_ARGUMENT_NAME).getArgumentValue().getValue()));
    }

    private DataFetcherResult<Object> buildErrorResult(GraphQLFieldDefinition graphQLFieldDefinition, DataFetchingEnvironment dataFetchingEnvironment) {
        return DataFetcherResult.newResult().error(new GraphqlErrorException.Builder().errorClassification(ErrorType.UNAUTHENTICATED).message("Authentication required").path(dataFetchingEnvironment.getExecutionStepInfo().getPath().toList()).sourceLocation(graphQLFieldDefinition.getDefinition().getSourceLocation()).build()).build();
    }

    @Override // org.rapidgraphql.directives.GraphQLDirectiveWiring
    public String getName() {
        return DIRECTIVE_NAME;
    }
}
