package org.tailormap.api.security;

import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.ansi.AnsiPropertySource;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.event.ApplicationReadyEvent;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.event.EventListener;
import org.springframework.core.env.MapPropertySource;
import org.springframework.core.env.MutablePropertySources;
import org.springframework.core.env.PropertySourcesPropertyResolver;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StreamUtils;
import org.tailormap.api.persistence.Group;
import org.tailormap.api.persistence.User;
import org.tailormap.api.repository.GroupRepository;
import org.tailormap.api.repository.UserRepository;

@Configuration
@ConditionalOnProperty(name = {"tailormap-api.security.admin.create-if-not-exists"}, havingValue = "true")
/* loaded from: input_file:BOOT-INF/classes/org/tailormap/api/security/AdminAccountCreator.class */
public class AdminAccountCreator {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());

    @Value("${tailormap-api.security.admin.username}")
    private String newAdminUsername;

    @Value("${tailormap-api.security.admin.hashed-password}")
    private String newAdminHashedPassword;
    private final UserRepository userRepository;
    private final GroupRepository groupRepository;
    private final PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();

    public AdminAccountCreator(UserRepository userRepository, GroupRepository groupRepository) {
        this.userRepository = userRepository;
        this.groupRepository = groupRepository;
    }

    @Transactional
    @EventListener({ApplicationReadyEvent.class})
    public void postConstruct() throws IOException {
        logger.trace("Checking whether an admin account exists...");
        InternalAdminAuthentication.setInSecurityContext();
        try {
            if (!this.userRepository.existsByGroupsNameIn(List.of(Group.ADMIN))) {
                if (StringUtils.isNotBlank(this.newAdminHashedPassword) && this.newAdminHashedPassword.startsWith("{bcrypt}")) {
                    createAdmin(this.newAdminUsername, this.newAdminHashedPassword);
                    logger.info("New admin account \"{}\" created with hashed password from environment", this.newAdminUsername);
                } else {
                    String uuid = UUID.randomUUID().toString();
                    createAdmin(this.newAdminUsername, this.passwordEncoder.encode(uuid));
                    logger.info(getAccountBanner(this.newAdminUsername, uuid));
                }
            }
        } finally {
            InternalAdminAuthentication.clearSecurityContextAuthentication();
        }
    }

    private void createAdmin(String str, String str2) {
        User password = new User().setUsername(str).setPassword(str2);
        password.getGroups().add(this.groupRepository.getReferenceById(Group.ADMIN));
        this.userRepository.saveAndFlush(password);
    }

    private static String getAccountBanner(String str, String str2) throws IOException {
        String copyToString = StreamUtils.copyToString(new ClassPathResource("account-banner.txt").getInputStream(), StandardCharsets.US_ASCII);
        MutablePropertySources mutablePropertySources = new MutablePropertySources();
        mutablePropertySources.addFirst(new AnsiPropertySource("ansi", true));
        mutablePropertySources.addFirst(new MapPropertySource("account", Map.of("username", str, "password", str2)));
        return new PropertySourcesPropertyResolver(mutablePropertySources).resolvePlaceholders(copyToString);
    }
}
