package com.amaken.aop.logging.security;

import com.amaken.config.Constants;
import com.amaken.domain.User;
import com.amaken.enums.DeviceTypeEnum;
import com.amaken.repository.UserDeviceInfoRepository;
import com.amaken.security.jwt.JWTFilter;
import com.amaken.service.UserService;
import com.amaken.web.rest.errors.AmakenStatusCode;
import com.amaken.web.rest.errors.CustomException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.MessageSource;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.zalando.problem.Status;

@Aspect
@Component
/* loaded from: input_file:com/amaken/aop/logging/security/SecurityAspect.class */
class SecurityAspect {
    private static final Logger log = LoggerFactory.getLogger(SecurityAspect.class);
    private final MessageSource messageSource;
    private final UserService userService;
    private final UserDeviceInfoRepository userDeviceInfoRepository;

    @Pointcut("within(@org.springframework.web.bind.annotation.RestController *) && !execution(* com.amaken.web.rest.UserJWTController.signIn(..)) && !execution(* com.amaken.web.rest.AccountResource.requestPasswordReset(..)) && !execution(* com.amaken.web.rest.AccountResource.finishPasswordReset(..)) && !execution(* com.amaken.web.rest.AccountResource.resetPasswordSendOTP(..)) && !execution(* com.amaken.web.rest.AccountResource.resetPasswordVerifyOTP(..)) && !execution(* com.amaken.web.rest.AccountResource.verifyEmail(..)) && !execution(* com.amaken.web.rest.AccountResource.activateAccount(..)) && !execution(* com.amaken.web.rest.TestResource.test(..)) && !execution(* com.amaken.user.web.rest.v1.AccountResource.signUp(..)) && !execution(* com.amaken.user.web.rest.v1.AccountResource.socialSignUp(..)) && !execution(* com.amaken.user.web.rest.v1.AccountResource.socialSignIn(..)) && !execution(* com.amaken.user.web.rest.v1.PublicUserResource.generalInfo(..)) && !execution(* com.amaken.agency.web.rest.v1.AccountResource.agencySignUp(..)) && !execution(* com.amaken.agency.web.rest.v1.AgencyResource.getAllAgenciesSummary(..)) && !execution(* com.amaken.agency.web.rest.v1.AccountResource.agentSignUp(..)) ")
    public void controller() {
        log.debug("Here goes security aspect");
        throw new UnsupportedOperationException();
    }

    @Before("controller()")
    public void checkTokenUserAndSetLogInUser(JoinPoint joinPoint) throws UnknownHostException {
        try {
            log.debug("Ip Address Security Aspect = {}", InetAddress.getLocalHost().getHostAddress());
            User orElseThrow = this.userService.getUserWithAuthorities().orElseThrow(() -> {
                return new CustomException(Status.UNAUTHORIZED, AmakenStatusCode.USER_NOT_FOUND, null);
            });
            HttpServletRequest request = RequestContextHolder.currentRequestAttributes().getRequest();
            String header = request.getHeader(JWTFilter.AUTHORIZATION_HEADER);
            String header2 = request.getHeader(Constants.DEVICE_TYPE_HEADER);
            String header3 = request.getHeader(Constants.DEVICE_ID_HEADER);
            log.debug("authorization:{} deviceType:{} deviceId:{}", new Object[]{header, header2, header3});
            validateDeviceHeaders(header2, header3);
            this.userService.validateAccount(orElseThrow);
            DeviceTypeEnum valueOf = DeviceTypeEnum.valueOf(header2);
            if (valueOf.equals(DeviceTypeEnum.ANDROID) || valueOf.equals(DeviceTypeEnum.IOS)) {
                validateAuthorizationToken(header);
            }
        } catch (CustomException e) {
            throw e;
        } catch (IllegalArgumentException e2) {
            throw e2;
        } catch (UnknownHostException e3) {
            log.error("UnknownHostException: {}", e3.getMessage());
            throw e3;
        } catch (Exception e4) {
            throw e4;
        }
    }

    private void validateDeviceHeaders(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            log.warn("Device-Type header not set");
            throw new IllegalArgumentException("Device-Type header is not set");
        }
        DeviceTypeEnum valueOf = DeviceTypeEnum.valueOf(str);
        if ((valueOf.equals(DeviceTypeEnum.ANDROID) || valueOf.equals(DeviceTypeEnum.IOS)) && StringUtils.isBlank(str2)) {
            log.warn("Device-Id header not set");
            throw new IllegalArgumentException("Device-Id header is not set");
        }
    }

    private void validateAuthorizationToken(String str) {
        if (str == null || !str.startsWith("Bearer ")) {
            throw new IllegalArgumentException("Invalid authorization token format");
        }
        if (this.userDeviceInfoRepository.findByAccessToken(str.substring(7)).isPresent()) {
            return;
        }
        log.warn("Invalid access token");
        throw new CustomException(Status.UNAUTHORIZED, AmakenStatusCode.INVALID_ACCESS_TOKEN, null);
    }

    public SecurityAspect(MessageSource messageSource, UserService userService, UserDeviceInfoRepository userDeviceInfoRepository) {
        this.messageSource = messageSource;
        this.userService = userService;
        this.userDeviceInfoRepository = userDeviceInfoRepository;
    }
}
