package com.appiancorp.webapi;

import com.appiancorp.common.clientstate.ClientState;
import com.appiancorp.common.monitoring.AggregatedDataCollectorProvider;
import com.appiancorp.common.monitoring.AggregatedDataCollectorType;
import com.appiancorp.common.monitoring.DesignErrorLogger;
import com.appiancorp.common.monitoring.WebApiLoggingData;
import com.appiancorp.core.evaluationstatus.ESMemorySnapshot;
import com.appiancorp.core.expr.exceptions.ExpressionRuntimeException;
import com.appiancorp.core.expr.exceptions.ScriptException;
import com.appiancorp.core.expr.exceptions.UncheckedScriptException;
import com.appiancorp.core.expr.portable.cdt.HttpMethod;
import com.appiancorp.exceptions.InsufficientPrivilegesException;
import com.appiancorp.ix.analysis.index.IaType;
import com.appiancorp.ix.analysis.index.TypedUuid;
import com.appiancorp.plugins.AppianUserManager;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import com.appiancorp.suiteapi.common.exceptions.AppianStorageException;
import com.appiancorp.suiteapi.common.exceptions.InvalidVersionException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.content.exceptions.InvalidContentException;
import com.appiancorp.tracing.TracingHelper;
import com.appiancorp.tracing.allow.AllowedStringTags;
import com.appiancorp.type.cdt.HttpHeader;
import com.appiancorp.type.cdt.WebApiResponse;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.MoreObjects;
import com.google.common.base.Stopwatch;
import com.google.common.base.Strings;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.entity.ContentType;
import org.apache.log4j.Logger;
import org.springframework.http.HttpStatus;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

@SuppressFBWarnings({"SE_BAD_FIELD"})
/* loaded from: input_file:com/appiancorp/webapi/WebApiServlet.class */
public class WebApiServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    public static final String INTERNAL_SERVLET_PATH = "/internal/webapi";
    public static final String HTTP_ALLOW_HEADER = "Allow";
    private WebApiService webApiService;
    private AppianUserManager appianUserManager;
    private WebApiEvaluator webApiEvaluator;
    private DesignErrorLogger designErrorLogger;
    private WebApiResponseBodyWriter webApiResponseBodyWriter;
    private static final String APPIAN_API_KEY_TAG = "API Key";
    private static final String NO_AUTHENTICATION_HEADER = "None";
    private static final Logger LOG = Logger.getLogger(WebApiServlet.class);
    private static final Pattern PATH_PATTERN = Pattern.compile("^/([^/]+)");

    public WebApiServlet() {
    }

    @VisibleForTesting
    public WebApiServlet(WebApiService webApiService, AppianUserManager appianUserManager, WebApiEvaluator webApiEvaluator, DesignErrorLogger designErrorLogger, WebApiResponseBodyWriter webApiResponseBodyWriter) {
        this.webApiService = webApiService;
        this.appianUserManager = appianUserManager;
        this.webApiEvaluator = webApiEvaluator;
        this.designErrorLogger = designErrorLogger;
        this.webApiResponseBodyWriter = webApiResponseBodyWriter;
    }

    public void init() throws ServletException {
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
        this.webApiService = (WebApiService) requiredWebApplicationContext.getBean(WebApiService.class);
        this.webApiEvaluator = (WebApiEvaluator) requiredWebApplicationContext.getBean(WebApiEvaluator.class);
        this.appianUserManager = (AppianUserManager) requiredWebApplicationContext.getBean(AppianUserManager.class);
        this.designErrorLogger = (DesignErrorLogger) requiredWebApplicationContext.getBean(DesignErrorLogger.class);
        this.webApiResponseBodyWriter = (WebApiResponseBodyWriter) requiredWebApplicationContext.getBean(WebApiResponseBodyWriter.class);
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String aliasFromRequest = getAliasFromRequest(httpServletRequest);
        Stopwatch createStarted = Stopwatch.createStarted();
        String remoteUsername = this.appianUserManager.getRemoteUsername();
        String method = httpServletRequest.getMethod();
        long j = 0;
        Optional empty = Optional.empty();
        try {
            if (HttpMethod.fromValue(method).equals(HttpMethod.OPTIONS)) {
                serviceOptions(httpServletResponse, aliasFromRequest);
                createStarted.stop();
                logExecution((WebApi) empty.orElse(null), httpServletResponse, createStarted, aliasFromRequest, remoteUsername, 0L, method, isSystemApi(httpServletRequest), httpServletRequest.getHeader(WebApiAppianHeader.PORTAL_NAME.getHeaderName()));
                return;
            }
            try {
                Optional optional = (Optional) TracingHelper.traceDangerous("GetWebApi", () -> {
                    return getWebApiForRequest(httpServletRequest, aliasFromRequest);
                });
                if (optional.isPresent()) {
                    TracingHelper.setTag(AllowedStringTags.webApiUuid, ((WebApi) optional.get()).getUuid());
                    j = writeResponse(httpServletRequest, httpServletResponse, (WebApi) optional.get(), remoteUsername);
                } else {
                    writeErrorResponse(httpServletResponse, HttpStatus.NOT_FOUND);
                }
                createStarted.stop();
                logExecution((WebApi) optional.orElse(null), httpServletResponse, createStarted, aliasFromRequest, remoteUsername, j, method, isSystemApi(httpServletRequest), httpServletRequest.getHeader(WebApiAppianHeader.PORTAL_NAME.getHeaderName()));
            } catch (InsufficientPrivilegesException e) {
                writeErrorResponse(httpServletResponse, HttpStatus.NOT_FOUND);
                createStarted.stop();
                logExecution((WebApi) empty.orElse(null), httpServletResponse, createStarted, aliasFromRequest, remoteUsername, 0L, method, isSystemApi(httpServletRequest), httpServletRequest.getHeader(WebApiAppianHeader.PORTAL_NAME.getHeaderName()));
            } catch (Exception e2) {
                if ((e2 instanceof AppianRuntimeException) || (e2 instanceof ScriptException) || (e2 instanceof UncheckedScriptException)) {
                    LOG.debug("Error processing request to Web Api Endpoint " + aliasFromRequest, e2);
                } else {
                    LOG.error("Error processing request to Web Api Endpoint " + aliasFromRequest, e2);
                }
                writeErrorResponse(httpServletResponse, HttpStatus.INTERNAL_SERVER_ERROR);
                createStarted.stop();
                logExecution((WebApi) empty.orElse(null), httpServletResponse, createStarted, aliasFromRequest, remoteUsername, 0L, method, isSystemApi(httpServletRequest), httpServletRequest.getHeader(WebApiAppianHeader.PORTAL_NAME.getHeaderName()));
            }
        } catch (Throwable th) {
            createStarted.stop();
            logExecution((WebApi) empty.orElse(null), httpServletResponse, createStarted, aliasFromRequest, remoteUsername, 0L, method, isSystemApi(httpServletRequest), httpServletRequest.getHeader(WebApiAppianHeader.PORTAL_NAME.getHeaderName()));
            throw th;
        }
    }

    private void serviceOptions(HttpServletResponse httpServletResponse, String str) throws IOException {
        List optionsForAlias = this.webApiService.getOptionsForAlias(str);
        if (optionsForAlias.isEmpty()) {
            writeErrorResponse(httpServletResponse, HttpStatus.NOT_FOUND);
        } else {
            httpServletResponse.setStatus(HttpStatus.OK.value());
            httpServletResponse.setHeader(HTTP_ALLOW_HEADER, String.join(", ", optionsForAlias));
        }
    }

    private String getAliasFromRequest(HttpServletRequest httpServletRequest) {
        Matcher matcher = PATH_PATTERN.matcher(httpServletRequest.getPathInfo());
        matcher.find();
        return Strings.nullToEmpty(matcher.group(1));
    }

    private boolean isSystemApi(HttpServletRequest httpServletRequest) {
        return Strings.nullToEmpty(httpServletRequest.getServletPath()).startsWith(INTERNAL_SERVLET_PATH);
    }

    private Optional<WebApi> getWebApiForRequest(HttpServletRequest httpServletRequest, String str) throws InsufficientPrivilegesException {
        HttpMethod fromValue = HttpMethod.fromValue(httpServletRequest.getMethod());
        HttpMethod httpMethod = HttpMethod.HEAD.equals(fromValue) ? HttpMethod.GET : fromValue;
        WebApi byAliasAndMethod = isSystemApi(httpServletRequest) ? (WebApi) SpringSecurityContextHelper.runAsAdmin(() -> {
            return this.webApiService.getSystemApiByAliasAndMethod(str, httpMethod);
        }) : this.webApiService.getByAliasAndMethod(str, httpMethod);
        TracingHelper.setTag(AllowedStringTags.authenticationMethod, getRequestAuthenticationMethod(httpServletRequest));
        return Optional.ofNullable(byAliasAndMethod);
    }

    private String getRequestAuthenticationMethod(HttpServletRequest httpServletRequest) {
        if (!((String) Optional.ofNullable(httpServletRequest.getHeader("Appian-API-Key")).orElse("")).isEmpty()) {
            return APPIAN_API_KEY_TAG;
        }
        String str = (String) Optional.ofNullable(httpServletRequest.getHeader("Authorization")).orElse("");
        return !str.isEmpty() ? extractSchemeFromAuthorizationHeader(str) : NO_AUTHENTICATION_HEADER;
    }

    private String extractSchemeFromAuthorizationHeader(String str) {
        return str.split(" ")[0];
    }

    private long writeResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebApi webApi, String str) throws ScriptException, IOException, InvalidVersionException, PrivilegeException, InvalidContentException, AppianStorageException {
        writeResponseStatusAndHeaders(evaluateExpression(str, webApi, httpServletRequest), httpServletResponse);
        if (HttpMethod.HEAD.equals(HttpMethod.fromValue(httpServletRequest.getMethod()))) {
            return 0L;
        }
        return this.webApiResponseBodyWriter.write(httpServletResponse, r0).intValue();
    }

    private void writeResponseStatusAndHeaders(WebApiResponse webApiResponse, HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(((Integer) MoreObjects.firstNonNull(Integer.valueOf(webApiResponse.getStatusCode()), Integer.valueOf(HttpStatus.OK.value()))).intValue());
        for (HttpHeader httpHeader : webApiResponse.getHeaders()) {
            httpServletResponse.setHeader(httpHeader.getName(), httpHeader.getValue());
        }
    }

    private Integer writeErrorResponse(HttpServletResponse httpServletResponse, HttpStatus httpStatus) throws IOException {
        httpServletResponse.setStatus(httpStatus.value());
        httpServletResponse.setContentType(ContentType.TEXT_PLAIN.getMimeType());
        return this.webApiResponseBodyWriter.writeErrorBody(httpServletResponse, httpStatus);
    }

    @VisibleForTesting
    public WebApiResponse evaluateExpression(String str, WebApi webApi, HttpServletRequest httpServletRequest) throws ScriptException, IOException {
        try {
            WebApiResponseResults evalToWebApiResponseWithUsername = this.webApiEvaluator.evalToWebApiResponseWithUsername(str, httpServletRequest, webApi, webApi.getSystem() == null ? false : webApi.getSystem().booleanValue());
            if (evalToWebApiResponseWithUsername.getError() != null) {
                logDesignError(str, webApi, evalToWebApiResponseWithUsername.getError());
            }
            return evalToWebApiResponseWithUsername.getWebApiResponse();
        } catch (AppianRuntimeException | ScriptException e) {
            logDesignError(str, webApi, e);
            throw e;
        }
    }

    private void logDesignError(String str, WebApi webApi, Exception exc) {
        ESMemorySnapshot eSMemorySnapshot = null;
        if (exc instanceof ExpressionRuntimeException) {
            eSMemorySnapshot = ((ExpressionRuntimeException) exc).getEvaluationStatusSnapshot();
        }
        this.designErrorLogger.log(str, webApi.getName() + " (" + webApi.getUrlAlias() + ")", DesignErrorLogger.ObjectType.WEB_API, new TypedUuid(IaType.WEB_API, webApi.getUuid()), eSMemorySnapshot, exc, (Long) null, (ClientState) null);
    }

    private void logExecution(WebApi webApi, HttpServletResponse httpServletResponse, Stopwatch stopwatch, String str, String str2, long j, String str3, boolean z, String str4) {
        if (z) {
            LOG.debug("Skipping Perflog for System WebAPI");
            return;
        }
        String str5 = null;
        if (webApi != null) {
            str5 = webApi.getUuid();
        }
        AggregatedDataCollectorProvider.getAggregatedDataCollector(AggregatedDataCollectorType.WEB_API).recordData(WebApiLoggingData.builder().uuid(str5).urlAlias(str).statusCode(httpServletResponse.getStatus()).responseSizeInBytes(j).executionTimeInMs(stopwatch.elapsed(TimeUnit.MILLISECONDS)).username(str2).httpMethod(str3).portalName(str4).build());
    }
}
