package io.hyperfoil.tools.horreum.server;

import io.hyperfoil.tools.horreum.entity.user.UserInfo;
import io.hyperfoil.tools.horreum.svc.ServiceException;
import io.quarkus.arc.lookup.LookupIfProperty;
import io.quarkus.arc.profile.UnlessBuildProfile;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.SecurityIdentityAugmentor;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.smallrye.mutiny.Uni;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.Objects;
import java.util.stream.Stream;
import org.eclipse.microprofile.config.inject.ConfigProperty;

@ApplicationScoped
@UnlessBuildProfile("test")
@LookupIfProperty(name = "horreum.roles.provider", stringValue = "database")
/* loaded from: input_file:io/hyperfoil/tools/horreum/server/RolesAugmentor.class */
public class RolesAugmentor implements SecurityIdentityAugmentor {

    @Inject
    RoleManager roleManager;

    @ConfigProperty(name = "horreum.roles.database.override", defaultValue = "true")
    boolean override;

    public Uni<SecurityIdentity> augment(SecurityIdentity securityIdentity, AuthenticationRequestContext authenticationRequestContext) {
        return securityIdentity.isAnonymous() ? Uni.createFrom().item(securityIdentity) : authenticationRequestContext.runBlocking(() -> {
            return addHorreumRoles(securityIdentity);
        });
    }

    private SecurityIdentity addHorreumRoles(SecurityIdentity securityIdentity) {
        String name = securityIdentity.getPrincipal().getName();
        String roles = this.roleManager.setRoles(name);
        try {
            UserInfo userInfo = (UserInfo) UserInfo.findById(name);
            if (!this.override) {
                if (userInfo == null) {
                    return securityIdentity;
                }
                QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder(securityIdentity);
                addRoles(builder, userInfo);
                QuarkusSecurityIdentity build = builder.build();
                this.roleManager.setRoles(roles);
                return build;
            }
            if (userInfo == null) {
                throw ServiceException.serverError("Unable to fetch user entity");
            }
            QuarkusSecurityIdentity.Builder builder2 = QuarkusSecurityIdentity.builder();
            builder2.setAnonymous(false);
            builder2.setPrincipal(securityIdentity.getPrincipal());
            builder2.addAttributes(securityIdentity.getAttributes());
            builder2.addCredentials(securityIdentity.getCredentials());
            Objects.requireNonNull(securityIdentity);
            builder2.addPermissionChecker(securityIdentity::checkPermission);
            addRoles(builder2, userInfo);
            QuarkusSecurityIdentity build2 = builder2.build();
            this.roleManager.setRoles(roles);
            return build2;
        } finally {
            this.roleManager.setRoles(roles);
        }
    }

    private void addRoles(QuarkusSecurityIdentity.Builder builder, UserInfo userInfo) {
        Stream map = userInfo.roles.stream().map((v0) -> {
            return v0.toString();
        }).map((v0) -> {
            return v0.toLowerCase();
        });
        Objects.requireNonNull(builder);
        map.forEach(builder::addRole);
        Stream<R> map2 = userInfo.teams.stream().map((v0) -> {
            return v0.asRole();
        });
        Objects.requireNonNull(builder);
        map2.forEach(builder::addRole);
        Stream<R> map3 = userInfo.teams.stream().map((v0) -> {
            return v0.asTeam();
        });
        Objects.requireNonNull(builder);
        map3.forEach(builder::addRole);
        Stream distinct = userInfo.teams.stream().map((v0) -> {
            return v0.asUIRole();
        }).distinct();
        Objects.requireNonNull(builder);
        distinct.forEach(builder::addRole);
    }
}
