package io.trino.server.ui;

import com.google.common.base.Strings;
import com.google.common.base.Verify;
import com.google.common.io.Resources;
import com.google.inject.Inject;
import io.trino.server.security.ResourceSecurity;
import jakarta.ws.rs.FormParam;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.NewCookie;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.core.UriInfo;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import java.util.Optional;

@Path("")
/* loaded from: input_file:io/trino/server/ui/LoginResource.class */
public class LoginResource {
    private static final String REPLACEMENT_TEXT = "var hidePassword = false; // This value will be replaced";
    private final FormWebUiAuthenticationFilter formWebUiAuthenticationManager;
    private final String loginHtml = Resources.toString(Resources.getResource(getClass(), "/webapp/login.html"), StandardCharsets.UTF_8);

    @Inject
    public LoginResource(FormWebUiAuthenticationFilter formWebUiAuthenticationFilter) throws IOException {
        this.formWebUiAuthenticationManager = (FormWebUiAuthenticationFilter) Objects.requireNonNull(formWebUiAuthenticationFilter, "formWebUiAuthenticationManager is null");
        Verify.verify(this.loginHtml.contains(REPLACEMENT_TEXT), "login.html does not contain the replacement text", new Object[0]);
    }

    @ResourceSecurity(ResourceSecurity.AccessType.WEB_UI)
    @GET
    @Path("/ui/login.html")
    public Response getFile(@Context SecurityContext securityContext) {
        return Response.ok(this.loginHtml.replace(REPLACEMENT_TEXT, "var hidePassword = " + (!this.formWebUiAuthenticationManager.isPasswordAllowed(securityContext.isSecure())) + ";")).type("text/html").build();
    }

    @ResourceSecurity(ResourceSecurity.AccessType.WEB_UI)
    @POST
    @Path("/ui/login")
    public Response login(@FormParam("username") String str, @FormParam("password") String str2, @FormParam("redirectPath") String str3, @Context SecurityContext securityContext) {
        String emptyToNull = Strings.emptyToNull(str);
        String emptyToNull2 = Strings.emptyToNull(str2);
        String emptyToNull3 = Strings.emptyToNull(str3);
        if (!this.formWebUiAuthenticationManager.isAuthenticationEnabled(securityContext.isSecure())) {
            return Response.seeOther(FormWebUiAuthenticationFilter.DISABLED_LOCATION_URI).build();
        }
        Optional<NewCookie> checkLoginCredentials = this.formWebUiAuthenticationManager.checkLoginCredentials(emptyToNull, emptyToNull2, securityContext.isSecure());
        return checkLoginCredentials.isEmpty() ? Response.seeOther(FormWebUiAuthenticationFilter.LOGIN_FORM_URI).build() : FormWebUiAuthenticationFilter.redirectFromSuccessfulLoginResponse(emptyToNull3).cookie(new NewCookie[]{checkLoginCredentials.get()}).build();
    }

    @ResourceSecurity(ResourceSecurity.AccessType.WEB_UI)
    @GET
    @Path("/ui/logout")
    public Response logout(@Context HttpHeaders httpHeaders, @Context UriInfo uriInfo, @Context SecurityContext securityContext) {
        return Response.seeOther(this.formWebUiAuthenticationManager.isAuthenticationEnabled(securityContext.isSecure()) ? FormWebUiAuthenticationFilter.LOGIN_FORM_URI : FormWebUiAuthenticationFilter.DISABLED_LOCATION_URI).cookie(new NewCookie[]{FormWebUiAuthenticationFilter.getDeleteCookie(securityContext.isSecure())}).build();
    }
}
