package eu.openanalytics.shinyproxy.controllers;

import com.fasterxml.jackson.annotation.JsonView;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.net.HttpHeaders;
import eu.openanalytics.containerproxy.ProxyStartValidationException;
import eu.openanalytics.containerproxy.api.dto.SwaggerDto;
import eu.openanalytics.containerproxy.model.Views;
import eu.openanalytics.containerproxy.model.runtime.AllowedParametersForUser;
import eu.openanalytics.containerproxy.model.runtime.ParameterValues;
import eu.openanalytics.containerproxy.model.runtime.PortMappings;
import eu.openanalytics.containerproxy.model.runtime.Proxy;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.DisplayNameKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.ParameterValuesKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.PortMappingsKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.PublicPathKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.RuntimeValue;
import eu.openanalytics.containerproxy.model.spec.ContainerSpec;
import eu.openanalytics.containerproxy.model.spec.ProxySpec;
import eu.openanalytics.containerproxy.service.AsyncProxyService;
import eu.openanalytics.containerproxy.service.InvalidParametersException;
import eu.openanalytics.containerproxy.service.ParametersService;
import eu.openanalytics.containerproxy.util.ProxyMappingManager;
import eu.openanalytics.shinyproxy.ShinyProxyIframeScriptInjector;
import eu.openanalytics.shinyproxy.controllers.dto.ShinyProxyApiResponse;
import eu.openanalytics.shinyproxy.external.ExternalAppSpecExtension;
import eu.openanalytics.shinyproxy.runtimevalues.AppInstanceKey;
import eu.openanalytics.shinyproxy.runtimevalues.UserTimeZoneKey;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.ExampleObject;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.undertow.util.HttpString;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
import org.springframework.web.servlet.view.RedirectView;
import org.springframework.web.util.TagUtils;
import org.springframework.web.util.UriComponentsBuilder;
import org.thymeleaf.TemplateEngine;
import org.thymeleaf.context.ExpressionContext;
import org.thymeleaf.spring6.dialect.SpringStandardDialect;
import org.thymeleaf.templatemode.TemplateMode;
import org.thymeleaf.templateresolver.StringTemplateResolver;
import org.xnio.conduits.StreamSinkConduit;
import software.amazon.awssdk.core.internal.useragent.UserAgentConstant;

@Controller
/* loaded from: input_file:BOOT-INF/classes/eu/openanalytics/shinyproxy/controllers/AppController.class */
public class AppController extends BaseController {

    @Inject
    private ProxyMappingManager mappingManager;

    @Inject
    private AsyncProxyService asyncProxyService;

    @Inject
    private ParametersService parameterService;
    private final ObjectMapper objectMapper = new ObjectMapper();
    private final HttpString acceptEncodingHeader = new HttpString("Accept-Encoding");
    private int pathPrefixLength = 0;

    /* loaded from: input_file:BOOT-INF/classes/eu/openanalytics/shinyproxy/controllers/AppController$AppBody.class */
    private static class AppBody {
        private Map<String, String> parameters;
        private String timezone;

        private AppBody() {
        }

        @Schema(description = "Map of parameters for the app.", requiredMode = Schema.RequiredMode.NOT_REQUIRED)
        public Map<String, String> getParameters() {
            return this.parameters;
        }

        public void setParameters(Map<String, String> map) {
            this.parameters = map;
        }

        @Schema(description = "The timezone of the user in TZ format.", requiredMode = Schema.RequiredMode.NOT_REQUIRED)
        public String getTimezone() {
            return this.timezone;
        }

        public void setTimezone(String str) {
            this.timezone = str;
        }
    }

    public AppController() {
        this.objectMapper.setConfig(this.objectMapper.getSerializationConfig().withView(Views.UserApi.class));
    }

    @PostConstruct
    public void init() {
        this.pathPrefixLength = getBasePublicPath().length() + 36 + 1;
    }

    @RequestMapping(value = {"/app/{appName}/{*subPath}"}, method = {RequestMethod.GET})
    public ModelAndView app(ModelMap modelMap, HttpServletRequest httpServletRequest, @PathVariable String str, @PathVariable String str2) {
        return app(modelMap, httpServletRequest, str, "_", "/app/" + str, str2);
    }

    @RequestMapping(value = {"/app_i/{appName}/{appInstance}/{*subPath}"}, method = {RequestMethod.GET})
    public ModelAndView app(ModelMap modelMap, HttpServletRequest httpServletRequest, @PathVariable String str, @PathVariable String str2, @PathVariable String str3) {
        return app(modelMap, httpServletRequest, str, str2, "/app_i/" + str + "/" + str2, str3);
    }

    private ModelAndView app(ModelMap modelMap, HttpServletRequest httpServletRequest, String str, String str2, String str3, String str4) {
        Proxy findUserProxy = findUserProxy(str, str2);
        ProxySpec userSpec = this.proxyService.getUserSpec(str);
        if (findUserProxy == null && userSpec == null) {
            httpServletRequest.setAttribute("jakarta.servlet.error.status_code", Integer.valueOf(HttpStatus.FORBIDDEN.value()));
            return new ModelAndView("forward:/error");
        }
        Optional<RedirectView> createRedirectIfRequired = createRedirectIfRequired(httpServletRequest, str4, userSpec, findUserProxy);
        if (createRedirectIfRequired.isPresent()) {
            return new ModelAndView(createRedirectIfRequired.get());
        }
        prepareMap(modelMap, httpServletRequest, userSpec, findUserProxy);
        modelMap.put("heartbeatRate", Long.valueOf(this.heartbeatRate));
        modelMap.put(TagUtils.SCOPE_PAGE, UserAgentConstant.APP_ID);
        modelMap.put("appName", str);
        modelMap.put("appInstance", str2);
        modelMap.put("appPath", str3);
        modelMap.put("containerSubPath", buildContainerSubPath(httpServletRequest, str4));
        modelMap.put("refreshOpenidEnabled", Boolean.valueOf(this.authenticationBackend.getName().equals("openid")));
        ParameterValues parameterValues = null;
        if (findUserProxy != null && findUserProxy.getRuntimeObjectOrNull(DisplayNameKey.inst) != null) {
            modelMap.put("appTitle", findUserProxy.getRuntimeValue(DisplayNameKey.inst));
            parameterValues = (ParameterValues) findUserProxy.getRuntimeObjectOrNull(ParameterValuesKey.inst);
        } else if (userSpec == null) {
            modelMap.put("appTitle", "ShinyProxy");
        } else if (userSpec.getDisplayName() == null || userSpec.getDisplayName().isEmpty()) {
            modelMap.put("appTitle", userSpec.getId());
        } else {
            modelMap.put("appTitle", userSpec.getDisplayName());
        }
        modelMap.put("proxy", secureProxy(findUserProxy));
        if (userSpec == null || userSpec.getParameters() == null) {
            modelMap.put("parameterValues", null);
            modelMap.put("parameterDefaults", null);
            modelMap.put("parameterDefinitions", null);
            modelMap.put("parameterIds", null);
            modelMap.put("parameterFragment", null);
        } else {
            AllowedParametersForUser calculateAllowedParametersForUser = this.parameterService.calculateAllowedParametersForUser(SecurityContextHolder.getContext().getAuthentication(), userSpec, parameterValues);
            modelMap.put("parameterAllowedCombinations", calculateAllowedParametersForUser.getAllowedCombinations());
            modelMap.put("parameterValues", calculateAllowedParametersForUser.getValues());
            modelMap.put("parameterDefaults", calculateAllowedParametersForUser.getDefaultValue());
            modelMap.put("parameterDefinitions", userSpec.getParameters().getDefinitions());
            modelMap.put("parameterIds", userSpec.getParameters().getIds());
            if (userSpec.getParameters().getTemplate() != null) {
                modelMap.put("parameterFragment", renderParameterTemplate(userSpec.getParameters().getTemplate(), modelMap));
            } else {
                modelMap.put("parameterFragment", null);
            }
        }
        return new ModelAndView(UserAgentConstant.APP_ID, modelMap);
    }

    @RequestMapping(value = {"/app_i/{specId}/{appInstanceName}"}, method = {RequestMethod.POST})
    @Operation(summary = "Start an app.", tags = {"ShinyProxy"}, requestBody = @RequestBody(content = {@Content(mediaType = "application/json", schema = @Schema(implementation = AppBody.class), examples = {@ExampleObject(name = "With parameters", value = "{\"parameters\":{\"resources\":\"2 CPU cores - 8G RAM\",\"other_parameter\":\"example\"}}"), @ExampleObject(name = "With timezone", value = "{\"timezone\":\"Europe/Brussels\"}")})}))
    @ApiResponses({@ApiResponse(responseCode = "200", description = "The proxy has been created.", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = SwaggerDto.ProxyResponse.class), examples = {@ExampleObject("{\"status\":\"success\",\"data\":{\"id\":\"cdaa8056-4f96-428e-91e8-bc13518d8987\",\"status\":\"New\",\"startupTimestamp\":0,\"createdTimestamp\":1671707875757,\"userId\":\"jack\",\"specId\":\"01_hello\",\"displayName\":\"Hello Application\",\"containers\":[],\"runtimeValues\":{\"SHINYPROXY_FORCE_FULL_RELOAD\":false,\"SHINYPROXY_WEBSOCKET_RECONNECTION_MODE\":\"None\",\"SHINYPROXY_MAX_INSTANCES\":100,\"SHINYPROXY_PUBLIC_PATH\":\"/app_proxy/cdaa8056-4f96-428e-91e8-bc13518d8987/\",\"SHINYPROXY_APP_INSTANCE\":\"default\"}}}\n")})}), @ApiResponse(responseCode = "400", description = "Invalid request, app not started.", content = {@Content(mediaType = "application/json", examples = {@ExampleObject(name = "Max instances reached", value = "{\"status\":\"fail\",\"data\":\"Cannot start new proxy because the maximum amount of instances of this proxy has been reached\"}"), @ExampleObject(name = "Instance already exists", value = "{\"status\":\"fail\",\"data\":\"You already have an instance of this app with the given name\"}"), @ExampleObject(name = "Parameters required", value = "{\"status\":\"fail\",\"data\":\"No parameters provided, but proxy spec expects parameters\"}"), @ExampleObject(name = "Missing parameter", value = "{\"status\":\"fail\",\"data\":\"Missing value for parameter example\"}"), @ExampleObject(name = "Invalid parameter value", value = "{\"status\":\"fail\",\"data\":\"Provided parameter values are not allowed\"}")})}), @ApiResponse(responseCode = "403", description = "Proxy spec not found or no permission to use this proxy spec.", content = {@Content(mediaType = "application/json", examples = {@ExampleObject("{\"status\": \"fail\", \"data\": \"forbidden\"}")})}), @ApiResponse(responseCode = "500", description = "Failed to start proxy.", content = {@Content(mediaType = "application/json", examples = {@ExampleObject("{\"status\": \"fail\", \"data\": \"Failed to start proxy\"}")})})})
    @ResponseBody
    @JsonView({Views.UserApi.class})
    public ResponseEntity<eu.openanalytics.containerproxy.api.dto.ApiResponse<Proxy>> startApp(@PathVariable String str, @PathVariable String str2, @org.springframework.web.bind.annotation.RequestBody(required = false) AppBody appBody) {
        ProxySpec userSpec = this.proxyService.getUserSpec(str);
        if (!this.userService.canAccess(userSpec)) {
            return eu.openanalytics.containerproxy.api.dto.ApiResponse.failForbidden();
        }
        if (findUserProxy(str, str2) != null) {
            return eu.openanalytics.containerproxy.api.dto.ApiResponse.fail("You already have an instance of this app with the given name");
        }
        if (!validateMaxInstances(userSpec)) {
            return eu.openanalytics.containerproxy.api.dto.ApiResponse.fail(String.format("Cannot start this app because you are using the maximum number of instances (%s) of this app.", this.shinyProxySpecProvider.getMaxInstancesForSpec(userSpec)));
        }
        List<RuntimeValue> runtimeValues = this.shinyProxySpecProvider.getRuntimeValues(userSpec);
        String uuid = UUID.randomUUID().toString();
        runtimeValues.add(new RuntimeValue(PublicPathKey.inst, getPublicPath(uuid)));
        runtimeValues.add(new RuntimeValue(AppInstanceKey.inst, str2));
        if (appBody != null && appBody.getTimezone() != null) {
            runtimeValues.add(new RuntimeValue(UserTimeZoneKey.inst, appBody.getTimezone()));
        }
        try {
            return eu.openanalytics.containerproxy.api.dto.ApiResponse.success(this.asyncProxyService.startProxy(userSpec, runtimeValues, uuid, appBody != null ? appBody.getParameters() : null));
        } catch (ProxyStartValidationException | InvalidParametersException e) {
            return eu.openanalytics.containerproxy.api.dto.ApiResponse.fail(e.getMessage());
        } catch (Throwable th) {
            return eu.openanalytics.containerproxy.api.dto.ApiResponse.error("Failed to start proxy");
        }
    }

    @RequestMapping({"/app_proxy/{targetId}/**"})
    @Operation(summary = "Proxy request to app. This endpoint is used to serve the iframe, hence it makes some assumptions. Do not use it directly or for embedding.", tags = {"ShinyProxy"})
    @ApiResponses({@ApiResponse(responseCode = "401", description = "User is not authenticated.", content = {@Content(mediaType = "application/json", examples = {@ExampleObject("{\"message\":\"shinyproxy_authentication_required\",\"status\":\"fail\"}")})}), @ApiResponse(responseCode = "410", description = "App has been stopped or the app never existed or the user has no access to the app.", content = {@Content(mediaType = "application/json", examples = {@ExampleObject("{\"message\":\"app_stopped_or_non_existent\",\"status\":\"fail\"}")})})})
    public void appProxy(@PathVariable String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String extractSubPath = extractSubPath(str, httpServletRequest);
        if (extractSubPath == null) {
            ShinyProxyApiResponse.appStoppedOrNonExistent(httpServletResponse);
            return;
        }
        String extractQueryParameter = extractQueryParameter(httpServletRequest, "sp_proxy_id");
        Proxy userProxy = extractQueryParameter != null ? this.proxyService.getUserProxy(extractQueryParameter) : this.userAndTargetIdProxyIndex.getProxy(this.userService.getCurrentUserId(), str);
        if (userProxy == null || userProxy.getStatus().isUnavailable() || !this.userService.isOwner(userProxy)) {
            ShinyProxyApiResponse.appStoppedOrNonExistent(httpServletResponse);
            return;
        }
        try {
            this.mappingManager.dispatchAsync(userProxy, extractSubPath, httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            throw new RuntimeException("Error routing proxy request", e);
        }
    }

    @RequestMapping(value = {"/app_proxy/{targetId}/**"}, produces = {"text/html"}, method = {RequestMethod.GET})
    public void appProxyHtml(@PathVariable String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String extractSubPath = extractSubPath(str, httpServletRequest);
        if (extractSubPath == null) {
            ShinyProxyApiResponse.appStoppedOrNonExistent(httpServletResponse);
            return;
        }
        Proxy proxy = this.userAndTargetIdProxyIndex.getProxy(this.userService.getCurrentUserId(), str);
        if (proxy == null || proxy.getStatus().isUnavailable() || !this.userService.isOwner(proxy)) {
            ShinyProxyApiResponse.appStoppedOrNonExistent(httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader(HttpHeaders.SEC_FETCH_MODE);
        if (header != null && !header.equals("navigate")) {
            try {
                this.mappingManager.dispatchAsync(proxy, extractSubPath, httpServletRequest, httpServletResponse);
            } catch (Exception e) {
                throw new RuntimeException("Error routing proxy request", e);
            }
        } else {
            try {
                String str2 = this.contextPathHelper.withEndingSlash() + this.identifierService.instanceId + "/js/shiny.iframe.js";
                this.mappingManager.dispatchAsync(proxy, extractSubPath, httpServletRequest, httpServletResponse, httpServerExchange -> {
                    httpServerExchange.getRequestHeaders().put(this.acceptEncodingHeader, "identity");
                    httpServerExchange.addResponseWrapper((conduitFactory, httpServerExchange) -> {
                        return new ShinyProxyIframeScriptInjector((StreamSinkConduit) conduitFactory.create(), httpServerExchange, str2);
                    });
                });
            } catch (Exception e2) {
                throw new RuntimeException("Error routing proxy request", e2);
            }
        }
    }

    private String extractQueryParameter(HttpServletRequest httpServletRequest, String str) {
        MultiValueMap<String, String> queryParams = ServletUriComponentsBuilder.fromRequest(httpServletRequest).build().getQueryParams();
        if (queryParams.containsKey(str)) {
            return queryParams.getFirst(str);
        }
        return null;
    }

    private String buildContainerSubPath(HttpServletRequest httpServletRequest, String str) {
        String uriString = UriComponentsBuilder.fromPath(str).query(ServletUriComponentsBuilder.fromRequest(httpServletRequest).replaceQueryParam("sp_hide_navbar", new Object[0]).replaceQueryParam("sp_automatic_reload", new Object[0]).build().getQuery()).build(false).toUriString();
        return uriString.startsWith("/") ? uriString.substring(1) : uriString;
    }

    private String extractSubPath(String str, HttpServletRequest httpServletRequest) {
        if (str.length() != 36) {
            return null;
        }
        return httpServletRequest.getRequestURI().substring(this.pathPrefixLength);
    }

    private String getBasePublicPath() {
        return this.contextPathHelper.withEndingSlash() + "app_proxy/";
    }

    private String getPublicPath(String str) {
        return getBasePublicPath() + str + "/";
    }

    private Optional<RedirectView> createRedirectIfRequired(HttpServletRequest httpServletRequest, String str, ProxySpec proxySpec, Proxy proxy) {
        String externalUrl;
        if (proxySpec != null && (externalUrl = ((ExternalAppSpecExtension) proxySpec.getSpecExtension(ExternalAppSpecExtension.class)).getExternalUrl()) != null) {
            return Optional.of(new RedirectView(externalUrl));
        }
        if (str.isEmpty() || str.equals("/")) {
            return Optional.empty();
        }
        String substring = str.substring(1);
        if (substring.contains("/")) {
            return Optional.empty();
        }
        return proxy != null ? ((PortMappings) proxy.getContainer(0).getRuntimeObject(PortMappingsKey.inst)).getPortMappings().stream().anyMatch(portMappingEntry -> {
            return portMappingEntry.getName().equals(substring);
        }) : proxySpec != null ? ((ContainerSpec) proxySpec.getContainerSpecs().getFirst()).getPortMapping().stream().anyMatch(portMapping -> {
            return portMapping.getName().equals(substring);
        }) : false ? Optional.of(new RedirectView(ServletUriComponentsBuilder.fromRequest(httpServletRequest).path("/").build().toUriString())) : Optional.empty();
    }

    private String renderParameterTemplate(String str, ModelMap modelMap) {
        TemplateEngine templateEngine = new TemplateEngine();
        StringTemplateResolver stringTemplateResolver = new StringTemplateResolver();
        stringTemplateResolver.setTemplateMode(TemplateMode.HTML);
        stringTemplateResolver.setCacheable(false);
        templateEngine.setTemplateResolver(stringTemplateResolver);
        templateEngine.setDialect(new SpringStandardDialect());
        return templateEngine.process(str, new ExpressionContext(templateEngine.getConfiguration(), null, modelMap));
    }

    private Object secureProxy(Proxy proxy) {
        return this.objectMapper.convertValue(proxy, Object.class);
    }
}
