package com.enginframe.rest.monitor;

import com.ef.usergroupmanager.Utils;
import com.enginframe.acl.AuthorizationChecks;
import com.enginframe.acl.UnauthorizedOperationException;
import com.enginframe.common.context.ContextUtils;
import com.enginframe.common.environment.EnginFrameContext;
import com.enginframe.common.license.LicenseManager;
import com.enginframe.common.license.SessionDetailsList;
import com.enginframe.common.utils.xml.XMLUtils;
import com.enginframe.rest.RestError;
import com.enginframe.rest.RestFilter;
import com.enginframe.rest.RestResponse;
import com.enginframe.rest.RestUtils;
import com.enginframe.server.EnginFrameSessionManager;
import io.swagger.v3.oas.annotations.ExternalDocumentation;
import io.swagger.v3.oas.annotations.OpenAPIDefinition;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.extensions.Extension;
import io.swagger.v3.oas.annotations.extensions.ExtensionProperty;
import io.swagger.v3.oas.annotations.info.Contact;
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.media.ArraySchema;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.security.SecurityScheme;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.axis2.Constants;
import org.w3c.dom.Element;

@Path("/monitor")
@Consumes({"application/json"})
@SecurityScheme(name = RestFilter.EFTOKEN, type = SecuritySchemeType.HTTP, description = "Your personal access token is used for authentication when using the EF Portal REST API.\n\nFind your personal access token in your EF Portal Settings page.", scheme = "bearer", bearerFormat = "EF Portal personal access token")
@Produces({"application/json"})
@OpenAPIDefinition(info = @Info(title = "EF Portal REST API", description = "EF Portal REST API to manage GRID, MONITOR, and SYSTEM endpoints.", contact = @Contact(name = "NI SP Software Gmbh", url = "https://www.ni-sp-software.com/", email = "info@ni-sp-software.com"), version = "1.0"), tags = {@Tag(name = RestFilter.EFTOKEN, description = "Your personal access token is used for authentication when using the EF Portal REST API.\n\nFind your personal access token in your EF Portal Settings page.")}, externalDocs = @ExternalDocumentation(description = "Find out more", url = "https://www.ni-sp-software.com/docs/rest/"), security = {@SecurityRequirement(name = RestFilter.EFTOKEN)})
/* loaded from: input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/rest/monitor/MonitorService.class */
public class MonitorService {
    @GET
    @Path("/users")
    @Operation(summary = "Displays a list of all users currently logged into the system.", description = "**Logged-In Users Details**<br/><br/>This endpoint performs a GET operation to retrieve information about users currently logged into the system.", responses = {@ApiResponse(content = {@Content(array = @ArraySchema(schema = @Schema(implementation = Session.class)))}, description = "Returns a list of users who are currently logged in.", responseCode = "200"), @ApiResponse(content = {@Content(schema = @Schema(implementation = RestError.class))}, description = "Bad request because logged users cannot be found.", responseCode = "400"), @ApiResponse(content = {@Content(schema = @Schema(implementation = RestError.class))}, description = "An unauthorized request because you do not have admin privileges.", responseCode = "401")}, extensions = {@Extension(properties = {@ExtensionProperty(name = "x-badges", value = "[{\"name\":\"ADMIN ONLY\",\"label\":\"ADMIN ONLY\",\"color\":\"red\"}]", parseValue = true)})})
    public Response users() {
        try {
            AuthorizationChecks.checkAdminAuthorization(ContextUtils.getContext().getUser(), "read");
            Element node = getSessionList().toNode();
            RestUtils.log().debug(String.format("Session list\n%s", RestUtils.safeNodeToString(node)));
            return Response.ok().entity(Session.asList(node)).build();
        } catch (UnauthorizedOperationException e) {
            RestUtils.log().error(String.format("User %s is not authorized to list logged users", ContextUtils.getContext().getUser()), e);
            return newErrorResponse(Utils.UGM_GROUP_USERS_ATTR, "Unauthorized to query users currently logged in", Response.Status.UNAUTHORIZED);
        }
    }

    private EnginFrameSessionManager getSessionManager() {
        return (EnginFrameSessionManager) com.enginframe.common.utils.Utils.locate(EnginFrameSessionManager.class);
    }

    private SessionDetailsList getSessionList() {
        return getSessionManager().getSessionList();
    }

    private Response newErrorResponse(String str, String str2, Response.Status status) {
        RestError restError = new RestError();
        restError.setService(str);
        restError.setMessage(str2);
        restError.setTitle("Monitoring Error");
        restError.setType(Constants.DEFAULT_REST_PATH);
        return Response.status(status).entity(restError).build();
    }

    @POST
    @Path("/users/logout/{name}")
    @Operation(summary = "Logs out a user by specifying their username.", description = "**Force User Logout Details**<br/><br/>This endpoint performs a POST operation to forcibly log out a specified user.", responses = {@ApiResponse(content = {@Content(schema = @Schema(implementation = RestResponse.class))}, description = "Indicates the user was successfully logged out.", responseCode = "200"), @ApiResponse(content = {@Content(schema = @Schema(implementation = RestError.class))}, description = "Bad request because user could not be logged out.", responseCode = "400"), @ApiResponse(content = {@Content(schema = @Schema(implementation = RestError.class))}, description = "An unauthorized request because you do not have admin privileges.", responseCode = "401")}, extensions = {@Extension(properties = {@ExtensionProperty(name = "x-badges", value = "[{\"name\":\"ADMIN ONLY\",\"label\":\"ADMIN ONLY\",\"color\":\"red\"}]", parseValue = true)})})
    public Response logout(@Parameter(description = "User to logout identified by name", required = true) @PathParam("name") String str) {
        try {
            AuthorizationChecks.checkAdminAuthorization(ContextUtils.getContext().getUser(), "write");
            List list = (List) StreamSupport.stream(getSessionList().spliterator(), false).filter(sessionDetails -> {
                return str.equals(sessionDetails.getUsername());
            }).collect(Collectors.toList());
            if (list.isEmpty()) {
                return newErrorResponse("logout", String.format("No sessions found for %s", str), Response.Status.BAD_REQUEST);
            }
            list.forEach(sessionDetails2 -> {
                getSessionManager().invalidate(sessionDetails2.getId());
            });
            return Response.ok(new RestResponse("Monitor Service", "User logged out successfully.")).build();
        } catch (UnauthorizedOperationException e) {
            RestUtils.log().error(String.format("User %s is not authorized to logout users", ContextUtils.getContext().getUser()), e);
            return newErrorResponse("logout", "Unauthorized to logout users", Response.Status.UNAUTHORIZED);
        }
    }

    @GET
    @Path("/licenses")
    @Operation(summary = "Provides a summary of the current license usage.", description = "**License Usage Details**<br/><br/>This endpoint performs a GET operation to retrieve license usage information.", responses = {@ApiResponse(content = {@Content(array = @ArraySchema(schema = @Schema(implementation = License.class)))}, description = "Returns a list of currently used licenses.", responseCode = "200"), @ApiResponse(content = {@Content(schema = @Schema(implementation = RestError.class))}, description = "Bad request because used licenses cannot be found.", responseCode = "400"), @ApiResponse(content = {@Content(schema = @Schema(implementation = RestError.class))}, description = "An unauthorized request because you do not have admin privileges.", responseCode = "401")}, extensions = {@Extension(properties = {@ExtensionProperty(name = "x-badges", value = "[{\"name\":\"ADMIN ONLY\",\"label\":\"ADMIN ONLY\",\"color\":\"red\"}]", parseValue = true)})})
    public Response licenses() {
        if (((EnginFrameContext) com.enginframe.common.utils.Utils.locate(EnginFrameContext.class)).isRunningOnEc2()) {
            return Response.ok().entity(Collections.EMPTY_LIST).build();
        }
        if (!AuthorizationChecks.checkAuthorization(ContextUtils.getContext().getUser().getUsername(), "admin-only", "read")) {
            RestUtils.log().error(String.format("User %s is not authorized to list used licenses", ContextUtils.getContext().getUser()));
            return newErrorResponse(Utils.UGM_GROUP_USERS_ATTR, "Unauthorized to query users currently logged in", Response.Status.UNAUTHORIZED);
        }
        Element documentElement = ((LicenseManager) com.enginframe.common.utils.Utils.locate(LicenseManager.class)).getStatus().getDocumentElement();
        RestUtils.log().debug(String.format("License list\n%s", RestUtils.safeNodeToString(documentElement)));
        return Response.ok().entity(License.asList(XMLUtils.getFirstChildElementByTagName(documentElement, "ef:license-list"))).build();
    }
}
