package io.datarouter.auth.web.service;

import io.datarouter.auth.web.config.metrics.DatarouterAccountMetrics;
import io.datarouter.auth.web.service.DatarouterAccountRefererService;
import io.datarouter.web.dispatcher.ApiKeyPredicate;
import io.datarouter.web.dispatcher.DispatchRule;
import java.util.function.Predicate;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:io/datarouter/auth/web/service/BaseDatarouterAccountWithRefererApiKeyPredicate.class */
public abstract class BaseDatarouterAccountWithRefererApiKeyPredicate extends DatarouterAccountApiKeyPredicate {
    private final DatarouterAccountRefererService accountRefererService;
    private final Predicate<HttpServletRequest> rateLimiter;

    public BaseDatarouterAccountWithRefererApiKeyPredicate(DatarouterAccountCredentialService datarouterAccountCredentialService, DatarouterAccountMetrics datarouterAccountMetrics, DatarouterAccountRefererService datarouterAccountRefererService, Predicate<HttpServletRequest> predicate) {
        super(datarouterAccountCredentialService, datarouterAccountMetrics);
        this.accountRefererService = datarouterAccountRefererService;
        this.rateLimiter = predicate;
    }

    @Override // io.datarouter.auth.web.service.DatarouterAccountApiKeyPredicate
    public ApiKeyPredicate.ApiKeyPredicateCheck innerCheck(DispatchRule dispatchRule, HttpServletRequest httpServletRequest, String str) {
        ApiKeyPredicate.ApiKeyPredicateCheck innerCheck = super.innerCheck(dispatchRule, httpServletRequest, str);
        if (innerCheck.allowed()) {
            DatarouterAccountRefererService.DatarouterAccountRefererCheck validateAccountReferer = this.accountRefererService.validateAccountReferer(innerCheck.accountName(), httpServletRequest);
            if (!validateAccountReferer.allowed()) {
                return new ApiKeyPredicate.ApiKeyPredicateCheck(false, "invalid referer for " + obfuscate(str));
            }
            if (validateAccountReferer.hasRefererValidation() && !this.rateLimiter.test(httpServletRequest)) {
                return new ApiKeyPredicate.ApiKeyPredicateCheck(false, "rate limit exceeded");
            }
        }
        return innerCheck;
    }
}
