package pt.webdetails.cdf.dd.api;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.StreamingOutput;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.api.engine.IPluginManager;
import org.pentaho.platform.api.engine.IPluginResourceLoader;
import org.pentaho.platform.engine.core.system.PentahoSessionHolder;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.security.SecurityHelper;
import org.pentaho.platform.web.http.api.resources.PluginResource;
import pt.webdetails.cdf.dd.CdeSettings;
import pt.webdetails.cdf.dd.reader.factory.IResourceLoader;
import pt.webdetails.cdf.dd.reader.factory.ResourceLoaderFactory;
import pt.webdetails.cdf.dd.util.CdeEnvironment;
import pt.webdetails.cdf.dd.util.GenericBasicFileFilter;
import pt.webdetails.cdf.dd.util.GenericFileAndDirectoryFilter;
import pt.webdetails.cdf.dd.util.Utils;
import pt.webdetails.cpf.MimeTypeHandler;
import pt.webdetails.cpf.repository.api.IBasicFile;
import pt.webdetails.cpf.repository.api.IReadAccess;
import pt.webdetails.cpf.repository.util.RepositoryHelper;

@Path("pentaho-cdf-dd/api/resources")
/* loaded from: input_file:pt/webdetails/cdf/dd/api/ResourcesApi.class */
public class ResourcesApi {
    private static final Log logger = LogFactory.getLog(ResourcesApi.class);
    private static final List<String> allowedExtensions = Arrays.asList(StringUtils.split(((IPluginResourceLoader) PentahoSystem.get(IPluginResourceLoader.class, (IPentahoSession) null)).getPluginSetting(ResourcesApi.class, "settings/resources/downloadable-formats"), ','));

    @GET
    @Produces({"text/plain"})
    @Path("/get")
    public Response getResource(@QueryParam("resource") @DefaultValue("") String str, @HeaderParam("if-none-match") String str2) throws IOException {
        String decodeAndEscape = decodeAndEscape(str);
        try {
            checkExtensions(decodeAndEscape);
            IBasicFile fileViaAppropriateReadAccess = Utils.getFileViaAppropriateReadAccess(decodeAndEscape);
            if (fileViaAppropriateReadAccess == null) {
                logger.error("resource not found:" + decodeAndEscape);
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
            }
            if (!wasModified(str2, decodeAndEscape)) {
                return buildNotModifiedResponse(decodeAndEscape);
            }
            String mimeType = getMimeType(fileViaAppropriateReadAccess.getExtension());
            Response.ResponseBuilder cacheControlHandler = cacheControlHandler(fileViaAppropriateReadAccess, outputStream -> {
                IOUtils.copy(fileViaAppropriateReadAccess.getContents(), outputStream);
            }, decodeAndEscape);
            cacheControlHandler.header("Content-Type", mimeType);
            cacheControlHandler.header("content-disposition", "inline; filename=\"" + fileViaAppropriateReadAccess.getName() + "\"");
            return cacheControlHandler.build();
        } catch (SecurityException e) {
            return Response.status(Response.Status.FORBIDDEN).build();
        }
    }

    @GET
    @Produces({"text/css"})
    @Path("/getCss")
    public Response getCssResource(@QueryParam("path") @DefaultValue("") String str, @QueryParam("resource") @DefaultValue("") String str2, @HeaderParam("if-none-match") String str3) throws IOException {
        return getResource(str2, str3);
    }

    @GET
    @Produces({"text/javascript"})
    @Path("/getJs")
    public Response getJsResource(@QueryParam("path") @DefaultValue("") String str, @QueryParam("resource") @DefaultValue("") String str2) throws IOException {
        return getResource(str2, null);
    }

    @GET
    @Produces({"text/plain"})
    @Path("/getUntyped")
    public Response getUntypedResource(@QueryParam("path") @DefaultValue("") String str, @QueryParam("resource") @DefaultValue("") String str2) throws IOException {
        return getResource(str2, null);
    }

    @GET
    @Produces({"text/plain"})
    @Path("/getImg")
    public Response getImage(@QueryParam("path") @DefaultValue("") String str, @QueryParam("resource") @DefaultValue("") String str2) throws IOException {
        return getResource(str2, null);
    }

    @GET
    @Produces({"text/plain"})
    @Path("/res")
    public Response res(@QueryParam("path") @DefaultValue("") String str, @QueryParam("resource") @DefaultValue("") String str2) throws IOException {
        return getResource(str2, null);
    }

    @POST
    @Produces({"text/plain"})
    @Path("/explore")
    public String exploreFolder(@FormParam("dir") @DefaultValue("/") String str, @FormParam("outputType") String str2, @QueryParam("dashboardPath") @DefaultValue("") String str3, @QueryParam("fileExtensions") String str4, @QueryParam("access") String str5, @QueryParam("showHiddenFiles") @DefaultValue("false") boolean z) {
        String decodeAndEscape = decodeAndEscape(str);
        String decodeAndEscape2 = decodeAndEscape(str2);
        String decodeAndEscape3 = decodeAndEscape(str3);
        String decodeAndEscape4 = decodeAndEscape(str4);
        if (StringUtils.isEmpty(decodeAndEscape2) || !decodeAndEscape2.equals("json")) {
            return RepositoryHelper.toJQueryFileTree(decodeAndEscape, getFileList(decodeAndEscape, decodeAndEscape3, decodeAndEscape4, z));
        }
        try {
            return RepositoryHelper.toJSON(decodeAndEscape, getFileList(decodeAndEscape, decodeAndEscape3, decodeAndEscape4, z));
        } catch (JSONException e) {
            logger.error("exploreFolder" + decodeAndEscape, e);
            return "Error getting files in folder " + decodeAndEscape;
        }
    }

    private IBasicFile[] getFileList(String str, String str2, String str3, boolean z) {
        List listFiles;
        ArrayList arrayList = new ArrayList();
        String[] split = StringUtils.split(str3, ".");
        if (split != null) {
            for (String str4 : split) {
                arrayList.add("." + str4);
                arrayList.add(str4);
            }
        }
        GenericBasicFileFilter genericBasicFileFilter = new GenericBasicFileFilter((String) null, (String[]) arrayList.toArray(new String[0]), true);
        boolean z2 = false;
        if (!str2.isEmpty() && str2.toLowerCase().replaceFirst("/", "").startsWith(CdeEnvironment.getSystemDir() + "/")) {
            z2 = true;
        }
        IReadAccess reader = getResourceLoader(str2).getReader();
        GenericFileAndDirectoryFilter genericFileAndDirectoryFilter = new GenericFileAndDirectoryFilter(genericBasicFileFilter);
        if (z2) {
            if (!isAdministrator()) {
                genericFileAndDirectoryFilter.setDirectories(CdeSettings.getFilePickerHiddenFolderPaths(CdeSettings.FolderType.STATIC));
                genericFileAndDirectoryFilter.setFilterType(GenericFileAndDirectoryFilter.FilterType.FILTER_OUT);
            }
            listFiles = reader.listFiles(str, genericFileAndDirectoryFilter, 1, true, false);
            listFiles.remove(0);
        } else {
            if (!isAdministrator()) {
                genericFileAndDirectoryFilter.setDirectories(CdeSettings.getFilePickerHiddenFolderPaths(CdeSettings.FolderType.REPO));
                genericFileAndDirectoryFilter.setFilterType(GenericFileAndDirectoryFilter.FilterType.FILTER_OUT);
            }
            listFiles = reader.listFiles(str, genericFileAndDirectoryFilter, 1, true, z);
        }
        return (listFiles == null || listFiles.isEmpty()) ? new IBasicFile[0] : (IBasicFile[]) listFiles.toArray(new IBasicFile[0]);
    }

    @GET
    @Produces({})
    @Path("/system/{path: [^?]+ }")
    public Response getSystemResource(@PathParam("path") String str, @Context HttpServletResponse httpServletResponse) throws IOException {
        String decodeAndEscape = decodeAndEscape(str);
        checkExtensions(decodeAndEscape);
        String[] split = decodeAndEscape.split("/");
        String str2 = split[0];
        StringBuilder sb = new StringBuilder();
        for (int i = 1; i < split.length; i++) {
            sb.append("/").append(split[i]);
        }
        IPluginManager iPluginManager = (IPluginManager) PentahoSystem.get(IPluginManager.class);
        if (!StringUtils.isEmpty(decodeAndEscape) && iPluginManager.isPublic(str2, sb.toString())) {
            Response readFile = new PluginResource(httpServletResponse).readFile(str2, sb.toString());
            if (readFile.getStatus() != Response.Status.NOT_FOUND.getStatusCode()) {
                return readFile;
            }
        }
        return Response.status(Response.Status.NOT_FOUND).build();
    }

    @GET
    @Produces({})
    @Path("/{resource: [^?]+ }")
    public Response resource(@PathParam("resource") String str, @HeaderParam("if-none-match") String str2) throws IOException {
        IBasicFile fileViaAppropriateReadAccess = Utils.getFileViaAppropriateReadAccess(str);
        return getResource(str, (fileViaAppropriateReadAccess == null || !"css".equals(fileViaAppropriateReadAccess.getExtension())) ? null : str2);
    }

    protected boolean isAdministrator() {
        return SecurityHelper.getInstance().isPentahoAdministrator(PentahoSessionHolder.getSession());
    }

    private IResourceLoader getResourceLoader(String str) {
        return new ResourceLoaderFactory().getResourceLoader(str);
    }

    @VisibleForTesting
    String decodeAndEscape(String str) {
        return XSSHelper.getInstance().escape(Utils.getURLDecoded(str));
    }

    private void checkExtensions(String str) {
        String replaceAll = str.replaceAll(".*\\.(.*)", "$1");
        if (allowedExtensions.indexOf(replaceAll) < 0) {
            logger.error("Extension '" + replaceAll + "' not whitelisted");
            throw new SecurityException("Not allowed");
        }
    }

    private String getMimeType(String str) {
        try {
            return MimeTypeHandler.getMimeTypeFromExtension(str);
        } catch (EnumConstantNotPresentException | IllegalArgumentException e) {
            return "";
        }
    }

    private Response.ResponseBuilder cacheControlHandler(IBasicFile iBasicFile, StreamingOutput streamingOutput, String str) {
        Response.ResponseBuilder ok = Response.ok(streamingOutput);
        if (iBasicFile.getExtension().equals("css")) {
            long lastModifiedTime = getLastModifiedTime(str);
            ok.header("Cache-Control", "max-age=0");
            ok.header("Etag", Long.valueOf(lastModifiedTime));
        } else {
            String pluginSetting = ((IPluginResourceLoader) PentahoSystem.get(IPluginResourceLoader.class, (IPentahoSession) null)).getPluginSetting(getClass(), "max-age");
            if (pluginSetting != null) {
                ok.header("Cache-Control", "max-age=" + pluginSetting);
            }
        }
        return ok;
    }

    private Response buildNotModifiedResponse(String str) {
        long lastModifiedTime = getLastModifiedTime(str);
        Response.ResponseBuilder notModified = Response.notModified();
        notModified.header("Etag", Long.valueOf(lastModifiedTime));
        return notModified.build();
    }

    @VisibleForTesting
    long getLastModifiedTime(String str) {
        return getResourceLoader("").getReader().getLastModified(str);
    }

    private boolean wasModified(String str, String str2) {
        return str == null || !Long.toString(getLastModifiedTime(str2)).equals(str);
    }
}
