package org.apache.pinot.controller.api.resources;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiKeyAuthDefinition;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.SecurityDefinition;
import io.swagger.annotations.SwaggerDefinition;
import java.util.LinkedList;
import javax.inject.Inject;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import org.apache.helix.store.zk.ZkHelixPropertyStore;
import org.apache.helix.zookeeper.datamodel.ZNRecord;
import org.apache.pinot.common.metadata.ZKMetadataProvider;
import org.apache.pinot.common.utils.BcryptUtils;
import org.apache.pinot.controller.api.access.AccessType;
import org.apache.pinot.controller.api.access.Authenticate;
import org.apache.pinot.controller.api.exception.ControllerApplicationException;
import org.apache.pinot.controller.api.exception.UserAlreadyExistsException;
import org.apache.pinot.controller.helix.core.PinotHelixResourceManager;
import org.apache.pinot.core.auth.Authorize;
import org.apache.pinot.core.auth.TargetType;
import org.apache.pinot.spi.config.user.UserConfig;
import org.apache.pinot.spi.utils.JsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Api(tags = {Constants.USER_TAG}, authorizations = {@Authorization("oauth")})
@SwaggerDefinition(securityDefinition = @SecurityDefinition(apiKeyAuthDefinitions = {@ApiKeyAuthDefinition(name = "Authorization", in = ApiKeyAuthDefinition.ApiKeyLocation.HEADER, key = "oauth", description = "The format of the key is  ```\"Basic <token>\" or \"Bearer <token>\"```")}))
@Path("/")
/* loaded from: input_file:org/apache/pinot/controller/api/resources/PinotAccessControlUserRestletResource.class */
public class PinotAccessControlUserRestletResource {
    public static final Logger LOGGER = LoggerFactory.getLogger(PinotAccessControlUserRestletResource.class);

    @Inject
    PinotHelixResourceManager _pinotHelixResourceManager;

    @GET
    @Path("/users")
    @ApiOperation(value = "List all uses in cluster", notes = "List all users in cluster")
    @Produces({"application/json"})
    @Authorize(targetType = TargetType.CLUSTER, action = "GetUser")
    public String listUsers() {
        try {
            return JsonUtils.newObjectNode().set("users", JsonUtils.objectToJsonNode(ZKMetadataProvider.getAllUserInfo(this._pinotHelixResourceManager.getPropertyStore()))).toString();
        } catch (Exception e) {
            throw new ControllerApplicationException(LOGGER, e.getMessage(), Response.Status.BAD_REQUEST, e);
        }
    }

    @GET
    @Path("/users/{username}")
    @ApiOperation(value = "Get an user in cluster", notes = "Get an user in cluster")
    @Produces({"application/json"})
    @Authorize(targetType = TargetType.CLUSTER, action = "GetUser")
    public String getUser(@PathParam("username") String str, @QueryParam("component") @ApiParam("CONTROLLER|SERVER|BROKER") String str2) {
        try {
            ZkHelixPropertyStore<ZNRecord> propertyStore = this._pinotHelixResourceManager.getPropertyStore();
            String str3 = str + "_" + Constants.validateComponentType(str2).name();
            return JsonUtils.newObjectNode().set(str3, JsonUtils.objectToJsonNode(ZKMetadataProvider.getUserConfig(propertyStore, str3))).toString();
        } catch (Exception e) {
            throw new ControllerApplicationException(LOGGER, e.getMessage(), Response.Status.BAD_REQUEST, e);
        }
    }

    @Path("/users")
    @ApiOperation(value = "Add a user", notes = "Add a user")
    @POST
    @Produces({"application/json"})
    @Authorize(targetType = TargetType.CLUSTER, action = "CreateUser")
    public SuccessResponse addUser(String str) {
        try {
            UserConfig userConfig = (UserConfig) JsonUtils.stringToObject(str, UserConfig.class);
            String userName = userConfig.getUserName();
            if (userName.contains(".") || userName.contains(" ")) {
                throw new IllegalStateException("Username: " + userName + " containing '.' or space is not allowed");
            }
            try {
                this._pinotHelixResourceManager.addUser(userConfig);
                return new SuccessResponse("User " + userConfig.getUserName() + "_" + String.valueOf(userConfig.getComponentType()) + " has been successfully added!");
            } catch (Exception e) {
                if (e instanceof UserAlreadyExistsException) {
                    throw new ControllerApplicationException(LOGGER, e.getMessage(), Response.Status.CONFLICT, e);
                }
                throw new ControllerApplicationException(LOGGER, e.getMessage(), Response.Status.BAD_REQUEST, e);
            }
        } catch (Exception e2) {
            throw new ControllerApplicationException(LOGGER, e2.getMessage(), Response.Status.BAD_REQUEST, e2);
        }
    }

    @Path("/users/{username}")
    @Authenticate(AccessType.DELETE)
    @DELETE
    @ApiOperation(value = "Delete a user", notes = "Delete a user")
    @Produces({"application/json"})
    @Authorize(targetType = TargetType.CLUSTER, action = "DeleteUser")
    public SuccessResponse deleteUser(@PathParam("username") String str, @QueryParam("component") @ApiParam("CONTROLLER|SERVER|BROKER") String str2) {
        LinkedList linkedList = new LinkedList();
        String str3 = str + "_" + str2;
        try {
            boolean hasUser = this._pinotHelixResourceManager.hasUser(str, str2);
            this._pinotHelixResourceManager.deleteUser(str3);
            if (hasUser) {
                linkedList.add(str);
            }
            if (linkedList.isEmpty()) {
                throw new ControllerApplicationException(LOGGER, "User " + str3 + " does not exists", Response.Status.NOT_FOUND);
            }
            return new SuccessResponse("User: " + str3 + " has been successfully deleted");
        } catch (Exception e) {
            throw new ControllerApplicationException(LOGGER, e.getMessage(), Response.Status.BAD_REQUEST, e);
        }
    }

    @Path("/users/{username}")
    @Authenticate(AccessType.UPDATE)
    @ApiOperation(value = "Update user config for a user", notes = "Update user config for user")
    @Produces({"application/json"})
    @Authorize(targetType = TargetType.CLUSTER, action = "UpdateUser")
    @PUT
    public SuccessResponse updateUserConfig(@PathParam("username") String str, @QueryParam("component") @ApiParam("CONTROLLER|SERVER|BROKER") String str2, @QueryParam("passwordChanged") boolean z, String str3) {
        String str4 = str + "_" + str2;
        try {
            UserConfig userConfig = (UserConfig) JsonUtils.stringToObject(str3, UserConfig.class);
            if (z) {
                userConfig.setPassword(BcryptUtils.encrypt(userConfig.getPassword()));
            }
            String usernameWithComponent = userConfig.getUsernameWithComponent();
            if (!str4.equals(usernameWithComponent)) {
                throw new ControllerApplicationException(LOGGER, "Request user " + str4 + " does not match " + usernameWithComponent + " in the Request body", Response.Status.BAD_REQUEST);
            }
            if (!this._pinotHelixResourceManager.hasUser(str, str2)) {
                throw new ControllerApplicationException(LOGGER, "Request user " + str4 + " does not exist", Response.Status.NOT_FOUND);
            }
            this._pinotHelixResourceManager.updateUserConfig(userConfig);
            return new SuccessResponse("User config update for " + str4);
        } catch (Exception e) {
            throw new ControllerApplicationException(LOGGER, e.getMessage(), Response.Status.BAD_REQUEST, e);
        }
    }
}
