package org.tailormap.api.controller;

import io.micrometer.core.annotation.Timed;
import jakarta.servlet.http.HttpServletRequest;
import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.AbstractMap;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.InputStreamResource;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.server.ResponseStatusException;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.UriUtils;
import org.tailormap.api.annotation.AppRestController;
import org.tailormap.api.persistence.Application;
import org.tailormap.api.persistence.GeoService;
import org.tailormap.api.persistence.helper.GeoServiceHelper;
import org.tailormap.api.persistence.json.GeoServiceLayer;
import org.tailormap.api.persistence.json.GeoServiceProtocol;
import org.tailormap.api.persistence.json.ServiceAuthentication;
import org.tailormap.api.security.AuthorizationService;
import org.tailormap.api.util.HttpProxyUtil;

@RequestMapping(path = {"/api/{viewerKind}/{viewerName}/layer/{appLayerId}/proxy/{protocol}"})
@AppRestController
@Validated
/* loaded from: input_file:org/tailormap/api/controller/GeoServiceProxyController.class */
public class GeoServiceProxyController {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private final AuthorizationService authorizationService;

    public GeoServiceProxyController(AuthorizationService authorizationService) {
        this.authorizationService = authorizationService;
    }

    @RequestMapping(method = {RequestMethod.GET, RequestMethod.POST})
    @Timed(value = "proxy", description = "Proxy OGC service calls")
    public ResponseEntity<?> proxy(@ModelAttribute Application application, @ModelAttribute GeoService geoService, @ModelAttribute GeoServiceLayer geoServiceLayer, @PathVariable("protocol") GeoServiceProtocol geoServiceProtocol, HttpServletRequest httpServletRequest) {
        if (geoService == null || geoServiceLayer == null) {
            throw new ResponseStatusException(HttpStatus.NOT_FOUND);
        }
        if (GeoServiceProtocol.XYZ.equals(geoServiceProtocol)) {
            throw new ResponseStatusException(HttpStatus.NOT_IMPLEMENTED, "XYZ proxying not implemented");
        }
        if (!geoService.getProtocol().equals(geoServiceProtocol) && !GeoServiceProtocol.PROXIEDLEGEND.equals(geoServiceProtocol)) {
            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Invalid proxy protocol: " + String.valueOf(geoServiceProtocol));
        }
        if (!geoService.getSettings().getUseProxy().booleanValue()) {
            throw new ResponseStatusException(HttpStatus.FORBIDDEN, "Proxy not enabled for requested service");
        }
        if (this.authorizationService.mustDenyAccessForSecuredProxy(application, geoService)) {
            logger.warn("App {} (\"{}\") is using layer \"{}\" from proxied secured service URL {} (username \"{}\"), but app is publicly accessible. Denying proxy, even if user is authenticated.", new Object[]{application.getId(), application.getName(), geoServiceLayer.getName(), geoService.getUrl(), geoService.getAuthentication().getUsername()});
            throw new ResponseStatusException(HttpStatus.FORBIDDEN);
        }
        switch (geoServiceProtocol) {
            case WMS:
            case WMTS:
                return doProxy(buildWMSUrl(geoService, httpServletRequest), geoService, httpServletRequest);
            case PROXIEDLEGEND:
                URI buildLegendURI = buildLegendURI(geoService, geoServiceLayer, httpServletRequest);
                if (null != buildLegendURI) {
                    return doProxy(buildLegendURI, geoService, httpServletRequest);
                }
                logger.warn("No legend URL found for layer {}", geoServiceLayer.getName());
                return null;
            default:
                throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Unsupported proxy protocol: " + String.valueOf(geoServiceProtocol));
        }
    }

    @Nullable
    private URI buildLegendURI(GeoService geoService, GeoServiceLayer geoServiceLayer, HttpServletRequest httpServletRequest) {
        URI layerLegendUrlFromStyles = GeoServiceHelper.getLayerLegendUrlFromStyles(geoService, geoServiceLayer);
        if (null != layerLegendUrlFromStyles && null != layerLegendUrlFromStyles.getQuery() && null != httpServletRequest.getQueryString()) {
            UriComponentsBuilder fromUri = UriComponentsBuilder.fromUri(layerLegendUrlFromStyles);
            switch (geoService.getSettings().getServerType()) {
                case GEOSERVER:
                    fromUri.queryParam("LEGEND_OPTIONS", new Object[]{"fontAntiAliasing:true;labelMargin:0;forceLabels:on"});
                    break;
            }
            if (null != httpServletRequest.getParameterMap().get("SCALE")) {
                layerLegendUrlFromStyles = fromUri.queryParam("SCALE", new Object[]{((String[]) httpServletRequest.getParameterMap().get("SCALE"))[0]}).build(true).toUri();
            }
        }
        return layerLegendUrlFromStyles;
    }

    private URI buildWMSUrl(GeoService geoService, HttpServletRequest httpServletRequest) {
        UriComponentsBuilder fromUriString = UriComponentsBuilder.fromUriString(geoService.getUrl());
        fromUriString.replaceQueryParams(buildOgcProxyRequestParams(fromUriString.build(true).getQueryParams(), (MultiValueMap) httpServletRequest.getParameterMap().entrySet().stream().map(entry -> {
            return new AbstractMap.SimpleEntry((String) entry.getKey(), (List) Arrays.stream((String[]) entry.getValue()).map(str -> {
                return UriUtils.encode(str, StandardCharsets.UTF_8);
            }).collect(Collectors.toList()));
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }, (list, list2) -> {
            return list2;
        }, LinkedMultiValueMap::new))));
        return fromUriString.build(true).toUri();
    }

    public static MultiValueMap<String, String> buildOgcProxyRequestParams(MultiValueMap<String, String> multiValueMap, MultiValueMap<String, String> multiValueMap2) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(multiValueMap2);
        List of = List.of((Object[]) new String[]{"SERVICE", "REQUEST", "VERSION"});
        for (Map.Entry entry : multiValueMap.entrySet()) {
            if (!linkedMultiValueMap.containsKey(entry.getKey()) && !of.contains(((String) entry.getKey()).toUpperCase(Locale.ROOT))) {
                linkedMultiValueMap.put((String) entry.getKey(), (List) entry.getValue());
            }
        }
        return linkedMultiValueMap;
    }

    private static ResponseEntity<?> doProxy(URI uri, GeoService geoService, HttpServletRequest httpServletRequest) {
        HttpClient build = HttpClient.newBuilder().followRedirects(HttpClient.Redirect.NORMAL).build();
        HttpRequest.Builder uri2 = HttpRequest.newBuilder().uri(uri);
        HttpProxyUtil.addForwardedForRequestHeaders(uri2, httpServletRequest);
        HttpProxyUtil.passthroughRequestHeaders(uri2, httpServletRequest, Set.of("Accept", "If-Modified-Since", "If-Unmodified-Since", "If-Match", "If-None-Match", "If-Range", "Range", "Referer", "User-Agent"));
        if (geoService.getAuthentication() != null && geoService.getAuthentication().getMethod() == ServiceAuthentication.MethodEnum.PASSWORD) {
            HttpProxyUtil.setHttpBasicAuthenticationHeader(uri2, geoService.getAuthentication().getUsername(), geoService.getAuthentication().getPassword());
        }
        try {
            HttpResponse send = build.send(uri2.build(), HttpResponse.BodyHandlers.ofInputStream());
            return ResponseEntity.status(send.statusCode()).headers(HttpProxyUtil.passthroughResponseHeaders(send.headers(), Set.of("Content-Type", "Content-Length", "Content-Range", "Content-Disposition", "Cache-Control", "Expires", "Last-Modified", "ETag", "Pragma"))).body(new InputStreamResource((InputStream) send.body()));
        } catch (Exception e) {
            return ResponseEntity.status(HttpStatus.BAD_GATEWAY).body("Bad Gateway");
        }
    }
}
