package com.atlassian.gadgets.directory.internal.rest;

import com.atlassian.gadgets.GadgetParsingException;
import com.atlassian.gadgets.GadgetRequestContextFactory;
import com.atlassian.gadgets.GadgetSpecUriNotAllowedException;
import com.atlassian.gadgets.dashboard.PermissionException;
import com.atlassian.gadgets.directory.Directory;
import com.atlassian.gadgets.directory.internal.ConfigurableExternalGadgetSpecStore;
import com.atlassian.gadgets.directory.internal.DirectoryConfigurationPermissionChecker;
import com.atlassian.gadgets.directory.internal.impl.UnavailableFeatureException;
import com.atlassian.gadgets.directory.internal.jaxb.JAXBDirectoryContents;
import com.atlassian.gadgets.directory.spi.ExternalGadgetSpecId;
import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import com.atlassian.sal.api.message.I18nResolver;
import java.io.IOException;
import java.io.Reader;
import java.io.Serializable;
import java.net.URI;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
import org.json.JSONObject;

@Path("/directory")
/* loaded from: input_file:com/atlassian/gadgets/directory/internal/rest/DirectoryResource.class */
public class DirectoryResource {
    private final Log log = LogFactory.getLog(getClass());
    private final Directory directory;
    private final GadgetRequestContextFactory gadgetRequestContextFactory;
    private final ConfigurableExternalGadgetSpecStore configurableDirectory;
    private final DirectoryConfigurationPermissionChecker gadgetUrlChecker;
    private final I18nResolver i18n;

    public DirectoryResource(Directory directory, GadgetRequestContextFactory gadgetRequestContextFactory, ConfigurableExternalGadgetSpecStore configurableExternalGadgetSpecStore, DirectoryConfigurationPermissionChecker directoryConfigurationPermissionChecker, I18nResolver i18nResolver) {
        this.directory = directory;
        this.gadgetRequestContextFactory = gadgetRequestContextFactory;
        this.configurableDirectory = configurableExternalGadgetSpecStore;
        this.gadgetUrlChecker = directoryConfigurationPermissionChecker;
        this.i18n = i18nResolver;
    }

    @GET
    @AnonymousAllowed
    @Produces({"application/xml", "application/json"})
    public Response getDirectory(@Context HttpServletRequest httpServletRequest) {
        this.log.debug("DirectoryResource: GET received and answered (all users allowed)");
        return Response.ok(JAXBDirectoryContents.getDirectoryContents(this.directory, this.gadgetRequestContextFactory.get(httpServletRequest))).build();
    }

    @POST
    @Consumes({"application/json"})
    public Response putGadgetInDirectory(@Context HttpServletRequest httpServletRequest, Reader reader) {
        try {
            String trim = new JSONObject(IOUtils.toString(reader)).getString("url").trim();
            if (StringUtils.isEmpty(trim)) {
                this.log.error("DirectoryResource: POST rejected due to missing 'url' parameter");
                return Response.status(Response.Status.BAD_REQUEST).entity(this.i18n.getText("directoryResource.missing.url.parameter")).type("text/plain").build();
            }
            this.log.debug("DirectoryResource: POST received: url=" + trim);
            this.gadgetUrlChecker.checkForPermissionToConfigureDirectory(httpServletRequest);
            URI create = URI.create(trim);
            this.configurableDirectory.add(create);
            this.log.debug("DirectoryResource: POST complete: new URL=" + create);
            return Response.created(create).build();
        } catch (GadgetSpecUriNotAllowedException e) {
            this.log.error("DirectoryResource: POST rejected:  is an invalid gadget spec", e);
            return Response.status(Response.Status.BAD_REQUEST).entity(this.i18n.getText("directoryResource.invalid.gadget.spec", new Serializable[]{""})).type("text/plain").build();
        } catch (UnavailableFeatureException e2) {
            this.log.info("DirectoryResource: POST rejected: container does not support feature(s) " + e2.getMessage() + " required for gadget at ", e2);
            return Response.status(Response.Status.BAD_REQUEST).entity(this.i18n.getText("directoryResource.unsupported.feature", new Serializable[]{"", e2.getMessage()})).type("text/plain").build();
        } catch (IOException e3) {
            throw new RuntimeException(e3);
        } catch (GadgetParsingException e4) {
            this.log.error("DirectoryResource: POST rejected: could not parse gadget at ", e4);
            String message = e4.getMessage();
            return (message == null || !message.contains("HTTP error 403")) ? Response.status(Response.Status.BAD_REQUEST).entity(this.i18n.getText("directoryResource.could.not.parse.gadget", new Serializable[]{""})).type("text/plain").build() : Response.status(Response.Status.BAD_REQUEST).entity(this.i18n.getText("directoryResource.no.applink.configured")).type("text/plain").build();
        } catch (PermissionException e5) {
            this.log.warn("DirectoryResource: POST rejected: current user not allowed to write to directory", e5);
            return Response.status(Response.Status.FORBIDDEN).entity(this.i18n.getText("directoryResource.no.write.permission")).type("text/plain").build();
        } catch (JSONException e6) {
            this.log.error("DirectoryResource: POST rejected due to missing 'url' parameter");
            return Response.status(Response.Status.BAD_REQUEST).entity(this.i18n.getText("directoryResource.missing.url.parameter")).type("text/plain").build();
        }
    }

    @Path("/gadget/{gadgetId}")
    @DELETE
    public Response deleteGadgetFromDirectory(@Context HttpServletRequest httpServletRequest, @PathParam("gadgetId") ExternalGadgetSpecId externalGadgetSpecId) {
        try {
            this.log.debug("DirectoryResource: DELETE received: gadgetId = " + externalGadgetSpecId);
            this.gadgetUrlChecker.checkForPermissionToConfigureDirectory(httpServletRequest);
            this.configurableDirectory.remove(externalGadgetSpecId);
            this.log.debug("DirectoryResource: DELETE complete: gadgetId = " + externalGadgetSpecId);
            return Response.ok().build();
        } catch (PermissionException e) {
            this.log.warn("DirectoryResource: DELETE rejected: current user not allowed to write to directory", e);
            return Response.status(Response.Status.FORBIDDEN).entity(this.i18n.getText("directoryResource.no.write.permission")).type("text/plain").build();
        }
    }
}
