package org.endeavourhealth.coreui.endpoints;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.Authorization;
import java.net.URI;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.endeavourhealth.common.security.OrgRoles;
import org.endeavourhealth.common.security.SecurityUtils;
import org.endeavourhealth.coreui.framework.config.ConfigService;
import org.keycloak.KeycloakSecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Api(value = "Security", authorizations = {@Authorization(value = "oauth", scopes = {})})
@Path("/security")
/* loaded from: input_file:WEB-INF/lib/api-1.0-SNAPSHOT.jar:org/endeavourhealth/coreui/endpoints/SecurityEndpoint.class */
public final class SecurityEndpoint extends AbstractEndpoint {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecurityEndpoint.class);

    @GET
    @Path("/info")
    @ApiOperation("Returns current user information")
    @Produces({MediaType.APPLICATION_JSON})
    public Response userInfo(@Context SecurityContext securityContext) throws Exception {
        super.setLogbackMarkers(securityContext);
        KeycloakSecurityContext keycloakSecurityContext = SecurityUtils.getKeycloakSecurityContext(securityContext);
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
        clearLogbackMarkers();
        return Response.ok().entity(objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(keycloakSecurityContext.getToken())).build();
    }

    @GET
    @Path("/info/organisationRoles")
    @ApiOperation("Returns current user's roles in the current organisation")
    @Produces({MediaType.APPLICATION_JSON})
    public Response userInfoOrganisationRoles(@Context SecurityContext securityContext, @Context ContainerRequestContext containerRequestContext, @HeaderParam("X-Organisation-Id") @ApiParam(defaultValue = "00000000-0000-0000-0000-000000000000", value = "The currently selected organisation") String str) throws Exception {
        super.setLogbackMarkers(securityContext);
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
        String currentUserOrganisationId = SecurityUtils.getCurrentUserOrganisationId(containerRequestContext);
        HashMap hashMap = new HashMap();
        hashMap.put(OrgRoles.OTHER_CLAIMS_ORG_GROUPS_ORG_ID, currentUserOrganisationId);
        hashMap.put("orgRoles", SecurityUtils.getOrganisationRoles(securityContext, currentUserOrganisationId));
        clearLogbackMarkers();
        return Response.ok().entity(objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(hashMap)).build();
    }

    @GET
    @Path("/info/organisations")
    @ApiOperation("Returns current user's available organisations")
    @Produces({MediaType.APPLICATION_JSON})
    public Response userInfoOrganisations(@Context SecurityContext securityContext, @Context ContainerRequestContext containerRequestContext) throws Exception {
        super.setLogbackMarkers(securityContext);
        Map<String, List<String>> organisationRoles = SecurityUtils.getOrganisationRoles(securityContext);
        clearLogbackMarkers();
        return Response.ok().entity(organisationRoles).build();
    }

    @Path("/logoff")
    @Consumes({MediaType.APPLICATION_JSON})
    @ApiOperation("Redirects the current user to the single sign-off URL")
    @POST
    @Produces({MediaType.APPLICATION_JSON})
    public Response logoff(@Context SecurityContext securityContext) throws Exception {
        super.setLogbackMarkers(securityContext);
        LOG.trace("Logoff");
        String format = String.format(ConfigService.instance().getAuthConfig().getAuthServerUrl() + "/realms/%s/protocol/openid-connect/logout?redirect_uri=%s", SecurityUtils.getKeycloakSecurityContext(securityContext).getRealm(), URLEncoder.encode(ConfigService.instance().getAppConfig().getAppUrl() + "/api/user/details", "UTF-8"));
        clearLogbackMarkers();
        return Response.seeOther(new URI(format)).build();
    }
}
