package eu.openanalytics.containerproxy;

import com.fasterxml.jackson.datatype.jsonp.JSONPModule;
import eu.openanalytics.containerproxy.api.ApiSecurityService;
import eu.openanalytics.containerproxy.backend.dispatcher.proxysharing.ProxySharingDispatcher;
import eu.openanalytics.containerproxy.model.spec.ProxySpec;
import eu.openanalytics.containerproxy.service.AppRecoveryService;
import eu.openanalytics.containerproxy.service.ProxyService;
import eu.openanalytics.containerproxy.service.hearbeat.ActiveProxiesService;
import eu.openanalytics.containerproxy.service.hearbeat.HeartbeatService;
import eu.openanalytics.containerproxy.service.hearbeat.IHeartbeatProcessor;
import eu.openanalytics.containerproxy.spec.IProxySpecProvider;
import eu.openanalytics.containerproxy.util.LoggingConfigurer;
import eu.openanalytics.containerproxy.util.ProxyMappingManager;
import io.fabric8.kubernetes.client.impl.V1AuthorizationAPIGroupClient;
import io.lettuce.core.RedisURI;
import io.swagger.v3.oas.models.PathItem;
import io.undertow.Handlers;
import io.undertow.server.handlers.SameSiteCookieHandler;
import io.undertow.server.handlers.resource.ResourceManager;
import io.undertow.servlet.api.ServletSessionConfig;
import io.undertow.servlet.api.SessionManagerFactory;
import java.io.FileWriter;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.Executor;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.springdoc.core.models.GroupedOpenApi;
import org.springdoc.core.utils.Constants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.data.redis.RedisAutoConfiguration;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
import org.springframework.boot.autoconfigure.ldap.LdapAutoConfiguration;
import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.core.env.Environment;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.session.Session;
import org.springframework.session.security.SpringSessionBackedSessionRegistry;
import org.springframework.session.web.http.DefaultCookieSerializer;
import org.springframework.web.filter.FormContentFilter;
import reactor.netty.Metrics;

@EnableScheduling
@EnableAsync
@SpringBootApplication(exclude = {UserDetailsServiceAutoConfiguration.class, DataSourceAutoConfiguration.class, RedisAutoConfiguration.class, LdapAutoConfiguration.class})
@ComponentScan({"eu.openanalytics"})
/* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/ContainerProxyApplication.class */
public class ContainerProxyApplication {
    public static final String CONFIG_FILENAME = "application.yml";
    public static final String CONFIG_DEMO_PROFILE = "demo";
    private static final String PROP_PROXY_SAME_SITE_COOKIE = "proxy.same-site-cookie";
    private static final String SAME_SITE_COOKIE_DEFAULT_VALUE = "Lax";
    private static final String PROP_SERVER_SECURE_COOKIES = "server.secure-cookies";
    private static final Boolean SECURE_COOKIES_DEFAULT_VALUE = false;
    private static final Path TERMINATION_LOG_FILE = Path.of("/dev/termination-log", new String[0]);
    private static Boolean logAsJson = false;
    public static Boolean secureCookiesEnabled;
    public static String sameSiteCookiePolicy;
    private final Logger log = LogManager.getLogger(getClass());

    @Inject
    private Environment environment;

    @Inject
    private ProxyMappingManager mappingManager;

    @Inject
    private DefaultCookieSerializer defaultCookieSerializer;

    @Autowired(required = false)
    private SessionManagerFactory sessionManagerFactory;

    @Inject
    private IProxySpecProvider proxySpecProvider;

    public static void main(String[] strArr) {
        SpringApplication springApplication = new SpringApplication(ContainerProxyApplication.class);
        springApplication.addListeners(new LoggingConfigurer());
        if (!(Files.exists(Paths.get(CONFIG_FILENAME, new String[0]), new LinkOption[0]) || System.getProperty("spring.config.location") != null || System.getenv("SPRING_CONFIG_LOCATION") != null || Arrays.stream(strArr).anyMatch(str -> {
            return str.contains("--spring.config.location");
        }))) {
            springApplication.setAdditionalProfiles(CONFIG_DEMO_PROFILE);
            LogManager.getLogger((Class<?>) ContainerProxyApplication.class).warn("WARNING: Did not found configuration, using fallback configuration!");
        }
        setDefaultProperties(springApplication);
        try {
            springApplication.setLogStartupInfo(false);
            springApplication.run(strArr);
        } catch (Throwable th) {
            handleError(th);
        }
    }

    public static Properties getDefaultProperties() {
        Properties properties = new Properties();
        properties.put("spring.session.store-type", "none");
        properties.put("spring.session.redis.flush-mode", "IMMEDIATE");
        properties.put("spring.session.redis.repository-type", "indexed");
        properties.put("spring.servlet.multipart.enabled", "false");
        properties.put("logging.level.org.springframework.web.servlet.DispatcherServlet", "INFO");
        properties.put("logging.level.io.fabric8.kubernetes.client.dsl.internal.VersionUsageUtils", Metrics.ERROR);
        properties.put("spring.application.name", "ContainerProxy");
        properties.put("logging.include-application-name", "false");
        properties.put("logging.level.org.mandas.docker.client.DefaultDockerClient", "WARN");
        properties.put("logging.level.io.undertow.websockets.jsr", Metrics.ERROR);
        properties.put("logging.level.org.springframework.validation.beanvalidation.OptionalValidatorFactoryBean", "WARN");
        properties.put("logging.level.org.springframework.integration.config.DefaultConfiguringBeanFactoryPostProcessor", "WARN");
        properties.put("logging.level.org.springframework.boot.web.servlet.RegistrationBean", "WARN");
        properties.put("logging.level.org.springframework.data.repository.config.RepositoryConfigurationDelegate", "WARN");
        properties.put("logging.level.org.springframework.integration.endpoint.EventDrivenConsumer", "WARN");
        properties.put("logging.level.org.springframework.integration.channel.PublishSubscribeChannel", "WARN");
        properties.put("logging.level.org.springframework.boot.autoconfigure.web.servlet.WelcomePageHandlerMapping", "WARN");
        properties.put("management.defaults.metrics.export.enabled", "false");
        properties.put("management.server.port", "9090");
        properties.put("management.endpoints.web.exposure.include", "health,prometheus,recyclable");
        properties.put("management.endpoint.health.group.readiness.include", "appRecoveryReadyIndicator");
        properties.put("management.health.ldap.enabled", false);
        properties.put("management.health.redis.enabled", "false");
        properties.put("management.endpoint.health.probes.enabled", true);
        properties.put(Constants.SPRINGDOC_ENABLED, false);
        properties.put(Constants.SPRINGDOC_SWAGGER_UI_ENABLED, false);
        return properties;
    }

    private static void setDefaultProperties(SpringApplication springApplication) {
        springApplication.setDefaultProperties(getDefaultProperties());
        System.setProperty("jdk.serialSetFilterAfterRead", "true");
    }

    @PostConstruct
    public void init() {
        if (this.environment.getProperty("server.use-forward-headers") != null) {
            this.log.warn("WARNING: Using server.use-forward-headers will not work in this ShinyProxy release, you need to change your configuration to use another property. See https://shinyproxy.io/documentation/security/#forward-headers on how to change your configuration.");
        }
        sameSiteCookiePolicy = this.environment.getProperty(PROP_PROXY_SAME_SITE_COOKIE, SAME_SITE_COOKIE_DEFAULT_VALUE);
        secureCookiesEnabled = (Boolean) this.environment.getProperty(PROP_SERVER_SECURE_COOKIES, Boolean.class, SECURE_COOKIES_DEFAULT_VALUE);
        this.log.debug("Setting sameSiteCookie policy to {}", sameSiteCookiePolicy);
        this.defaultCookieSerializer.setSameSite(sameSiteCookiePolicy);
        this.defaultCookieSerializer.setUseSecureCookie(secureCookiesEnabled.booleanValue());
        if (sameSiteCookiePolicy.equalsIgnoreCase("none") && !secureCookiesEnabled.booleanValue()) {
            this.log.warn("WARNING: Invalid configuration detected: same-site-cookie policy is set to None, but secure-cookies are not enabled. Secure cookies must be enabled when using None as same-site-cookie policy ");
        }
        if (this.environment.getProperty("proxy.store-mode", "").equalsIgnoreCase("Redis")) {
            if (!this.environment.getProperty("spring.session.store-type", "").equalsIgnoreCase(RedisURI.URI_SCHEME_REDIS)) {
                this.log.warn("WARNING: Invalid configuration detected: store-mode is set to Redis (i.e. High-Availability mode), but you are not using Redis for user sessions!");
            }
            if (((Boolean) this.environment.getProperty(ProxyService.PROPERTY_STOP_PROXIES_ON_SHUTDOWN, Boolean.class, true)).booleanValue()) {
                this.log.warn("WARNING: Invalid configuration detected: store-mode is set to Redis (i.e. High-Availability mode), but proxies are stopped at shutdown of server!");
            }
            if (((Boolean) this.environment.getProperty(AppRecoveryService.PROPERTY_RECOVER_RUNNING_PROXIES, Boolean.class, false)).booleanValue() || ((Boolean) this.environment.getProperty(AppRecoveryService.PROPERTY_RECOVER_RUNNING_PROXIES_FROM_DIFFERENT_CONFIG, Boolean.class, false)).booleanValue()) {
                this.log.warn("WARNING: Invalid configuration detected: cannot use store-mode with Redis (i.e. High-Availability mode) and app recovery at the same time. Disable app recovery!");
            }
        }
        if (this.environment.getProperty("spring.session.store-type", "").equalsIgnoreCase(RedisURI.URI_SCHEME_REDIS)) {
            if (!this.environment.getProperty("proxy.store-mode", "").equalsIgnoreCase("Redis")) {
                this.log.warn("WARNING: Invalid configuration detected: user sessions are stored in Redis, but store-more is not set to Redis. Change store-mode so that app sessions are stored in Redis!");
            }
            if (((Boolean) this.environment.getProperty(AppRecoveryService.PROPERTY_RECOVER_RUNNING_PROXIES, Boolean.class, false)).booleanValue() || ((Boolean) this.environment.getProperty(AppRecoveryService.PROPERTY_RECOVER_RUNNING_PROXIES_FROM_DIFFERENT_CONFIG, Boolean.class, false)).booleanValue()) {
                this.log.warn("WARNING: Invalid configuration detected: user sessions are stored in Redis and App Recovery is enabled. Instead of using App Recovery, change store-mode so that app sessions are stored in Redis!");
            }
        }
        if (((Boolean) this.environment.getProperty(AppRecoveryService.PROPERTY_RECOVER_RUNNING_PROXIES, Boolean.class, false)).booleanValue() || ((Boolean) this.environment.getProperty(AppRecoveryService.PROPERTY_RECOVER_RUNNING_PROXIES_FROM_DIFFERENT_CONFIG, Boolean.class, false)).booleanValue()) {
            Iterator<ProxySpec> it = this.proxySpecProvider.getSpecs().iterator();
            while (it.hasNext()) {
                if (ProxySharingDispatcher.supportSpec(it.next())) {
                    throw new IllegalStateException("Cannot use App Recovery together with container pre-initialization or sharing");
                }
            }
        }
        if (!((Boolean) this.environment.getProperty(ApiSecurityService.PROP_API_SECURITY_HIDE_SPEC_DETAILS, Boolean.class, true)).booleanValue()) {
            this.log.warn("WARNING: Insecure configuration detected: The API is configured to return the full spec of proxies, this may contain sensitive values such as the container image, secret environment variables etc. Remove the proxy.api-security.hide-spec-details property to enable API security.");
        }
        logAsJson = (Boolean) this.environment.getProperty(LoggingConfigurer.PROP_LOG_AS_JSON, Boolean.class, false);
    }

    private static void handleError(Throwable th) {
        Throwable rootCause = ExceptionUtils.getRootCause(th);
        if (rootCause == null) {
            rootCause = th;
        }
        String str = "ShinyProxy crashed! Exception: '" + rootCause.getClass().getName() + "', message: '" + rootCause.getMessage() + "'";
        if (Files.exists(TERMINATION_LOG_FILE, new LinkOption[0]) && Files.isRegularFile(TERMINATION_LOG_FILE, new LinkOption[0])) {
            try {
                PrintWriter printWriter = new PrintWriter(new FileWriter(TERMINATION_LOG_FILE.toString()));
                printWriter.print(str);
                printWriter.close();
            } catch (Throwable th2) {
                System.out.println("Error while writing termination log");
                th2.printStackTrace();
            }
        }
        if (!logAsJson.booleanValue()) {
            System.out.println();
            System.out.println(str);
            System.out.println();
        }
        System.exit(1);
    }

    @Bean
    public UndertowServletWebServerFactory servletContainer() {
        UndertowServletWebServerFactory undertowServletWebServerFactory = new UndertowServletWebServerFactory();
        undertowServletWebServerFactory.addDeploymentInfoCustomizers(deploymentInfo -> {
            deploymentInfo.setPreservePathOnForward(false);
            if (Boolean.parseBoolean(this.environment.getProperty("logging.requestdump", "false"))) {
                deploymentInfo.addOuterHandlerChainWrapper(Handlers::requestDump);
            }
            deploymentInfo.addInnerHandlerChainWrapper(httpHandler -> {
                return this.mappingManager.createHttpHandler(httpHandler);
            });
            this.log.debug("Setting sameSiteCookie policy for session cookies to {}", sameSiteCookiePolicy);
            deploymentInfo.addOuterHandlerChainWrapper(httpHandler2 -> {
                return new SameSiteCookieHandler(httpHandler2, sameSiteCookiePolicy, null, true, true, false);
            });
            ServletSessionConfig servletSessionConfig = new ServletSessionConfig();
            servletSessionConfig.setHttpOnly(true);
            servletSessionConfig.setSecure(secureCookiesEnabled.booleanValue());
            deploymentInfo.setServletSessionConfig(servletSessionConfig);
            if (this.sessionManagerFactory != null) {
                deploymentInfo.setSessionManagerFactory(this.sessionManagerFactory);
            }
            deploymentInfo.setResourceManager(ResourceManager.EMPTY_RESOURCE_MANAGER);
        });
        try {
            undertowServletWebServerFactory.setAddress(InetAddress.getByName(this.environment.getProperty("proxy.bind-address", "0.0.0.0")));
            undertowServletWebServerFactory.setPort(Integer.parseInt(this.environment.getProperty("proxy.port", "8080")));
            return undertowServletWebServerFactory;
        } catch (UnknownHostException e) {
            throw new IllegalArgumentException("Invalid bind address specified", e);
        }
    }

    @Bean
    public FilterRegistrationBean<FormContentFilter> registration2(FormContentFilter formContentFilter) {
        FilterRegistrationBean<FormContentFilter> filterRegistrationBean = new FilterRegistrationBean<>(formContentFilter, new ServletRegistrationBean[0]);
        filterRegistrationBean.setEnabled(false);
        return filterRegistrationBean;
    }

    @Bean
    public JSONPModule jsonpModule() {
        return new JSONPModule();
    }

    @ConditionalOnProperty(name = {"spring.session.store-type"}, havingValue = RedisURI.URI_SCHEME_REDIS)
    @Bean
    public <S extends Session> SessionRegistry sessionRegistry(FindByIndexNameSessionRepository<S> findByIndexNameSessionRepository) {
        return new SpringSessionBackedSessionRegistry(findByIndexNameSessionRepository);
    }

    @Bean
    public HttpSessionEventPublisher httpSessionEventPublisher() {
        return new HttpSessionEventPublisher();
    }

    @Bean
    public Executor taskExecutor() {
        ThreadPoolTaskExecutor threadPoolTaskExecutor = new ThreadPoolTaskExecutor();
        threadPoolTaskExecutor.setCorePoolSize(2);
        threadPoolTaskExecutor.setMaxPoolSize(4);
        threadPoolTaskExecutor.initialize();
        return threadPoolTaskExecutor;
    }

    @Bean
    public HeartbeatService heartbeatService(List<IHeartbeatProcessor> list, Environment environment) {
        return new HeartbeatService(list, environment);
    }

    @ConditionalOnMissingBean
    @Bean
    public ActiveProxiesService activeProxiesService() {
        return new ActiveProxiesService();
    }

    @Bean
    public GroupedOpenApi groupOpenApi() {
        return GroupedOpenApi.builder().group(V1AuthorizationAPIGroupClient.AUTHORIZATION_APIVERSION).addOpenApiCustomizer(openAPI -> {
            HashSet hashSet = new HashSet(Arrays.asList("/app_direct_i/**", "/app_direct/**", "/app_proxy/{targetId}/**", "/error"));
            openAPI.getPaths().entrySet().stream().filter(entry -> {
                return hashSet.contains(entry.getKey());
            }).forEach(entry2 -> {
                ((PathItem) entry2.getValue()).setHead(null);
                ((PathItem) entry2.getValue()).setPost(null);
                ((PathItem) entry2.getValue()).setDelete(null);
                ((PathItem) entry2.getValue()).setParameters(null);
                ((PathItem) entry2.getValue()).setOptions(null);
                ((PathItem) entry2.getValue()).setPut(null);
                ((PathItem) entry2.getValue()).setPatch(null);
            });
        }).build();
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
