package io.github.mpecan.pmt.security.ratelimit;

import io.github.bucket4j.Bandwidth;
import io.github.bucket4j.Bucket;
import io.github.bucket4j.Refill;
import io.github.mpecan.pmt.security.core.AuditService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.time.Duration;
import java.util.concurrent.ConcurrentHashMap;
import kotlin.Metadata;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

/* compiled from: RateLimitFilter.kt */
@Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��F\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018��2\u00020\u0001:\u0001\u0018B-\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0014\b\u0002\u0010\u0006\u001a\u000e\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\t0\u0007¢\u0006\u0004\b\n\u0010\u000bJ \u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0013H\u0014J\u0014\u0010\u0014\u001a\u00060\u0015R\u00020��2\u0006\u0010\u000e\u001a\u00020\u000fH\u0002J\u0010\u0010\u0016\u001a\u00020\b2\u0006\u0010\u000e\u001a\u00020\u000fH\u0002J\b\u0010\u0017\u001a\u00020\tH\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u001a\u0010\u0006\u001a\u000e\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\t0\u0007X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0019"}, d2 = {"Lio/github/mpecan/pmt/security/ratelimit/RateLimitFilter;", "Lorg/springframework/web/filter/OncePerRequestFilter;", "properties", "Lio/github/mpecan/pmt/security/ratelimit/RateLimitProperties;", "auditService", "Lio/github/mpecan/pmt/security/core/AuditService;", "buckets", "Ljava/util/concurrent/ConcurrentHashMap;", "", "Lio/github/bucket4j/Bucket;", "<init>", "(Lio/github/mpecan/pmt/security/ratelimit/RateLimitProperties;Lio/github/mpecan/pmt/security/core/AuditService;Ljava/util/concurrent/ConcurrentHashMap;)V", "doFilterInternal", "", "request", "Ljakarta/servlet/http/HttpServletRequest;", "response", "Ljakarta/servlet/http/HttpServletResponse;", "filterChain", "Ljakarta/servlet/FilterChain;", "getRequestKey", "Lio/github/mpecan/pmt/security/ratelimit/RateLimitFilter$RequestKey;", "getClientIP", "createBucket", "RequestKey", "pushpin-security-ratelimit"})
/* loaded from: input_file:io/github/mpecan/pmt/security/ratelimit/RateLimitFilter.class */
public final class RateLimitFilter extends OncePerRequestFilter {

    @NotNull
    private final RateLimitProperties properties;

    @NotNull
    private final AuditService auditService;

    @NotNull
    private final ConcurrentHashMap<String, Bucket> buckets;

    /* compiled from: RateLimitFilter.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0010\u000e\n\u0002\b\b\b\u0086\u0004\u0018��2\u00020\u0001B\u0019\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\b\u0010\u0004\u001a\u0004\u0018\u00010\u0003¢\u0006\u0004\b\u0005\u0010\u0006J\b\u0010\n\u001a\u00020\u0003H\u0016R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\bR\u0013\u0010\u0004\u001a\u0004\u0018\u00010\u0003¢\u0006\b\n��\u001a\u0004\b\t\u0010\b¨\u0006\u000b"}, d2 = {"Lio/github/mpecan/pmt/security/ratelimit/RateLimitFilter$RequestKey;", "", "ip", "", "username", "<init>", "(Lio/github/mpecan/pmt/security/ratelimit/RateLimitFilter;Ljava/lang/String;Ljava/lang/String;)V", "getIp", "()Ljava/lang/String;", "getUsername", "toString", "pushpin-security-ratelimit"})
    /* loaded from: input_file:io/github/mpecan/pmt/security/ratelimit/RateLimitFilter$RequestKey.class */
    public final class RequestKey {

        @NotNull
        private final String ip;

        @Nullable
        private final String username;
        final /* synthetic */ RateLimitFilter this$0;

        public RequestKey(@NotNull RateLimitFilter rateLimitFilter, @Nullable String str, String str2) {
            Intrinsics.checkNotNullParameter(str, "ip");
            this.this$0 = rateLimitFilter;
            this.ip = str;
            this.username = str2;
        }

        @NotNull
        public final String getIp() {
            return this.ip;
        }

        @Nullable
        public final String getUsername() {
            return this.username;
        }

        @NotNull
        public String toString() {
            return this.username != null ? "user:" + this.username : "ip:" + this.ip;
        }
    }

    public RateLimitFilter(@NotNull RateLimitProperties rateLimitProperties, @NotNull AuditService auditService, @NotNull ConcurrentHashMap<String, Bucket> concurrentHashMap) {
        Intrinsics.checkNotNullParameter(rateLimitProperties, "properties");
        Intrinsics.checkNotNullParameter(auditService, "auditService");
        Intrinsics.checkNotNullParameter(concurrentHashMap, "buckets");
        this.properties = rateLimitProperties;
        this.auditService = auditService;
        this.buckets = concurrentHashMap;
    }

    public /* synthetic */ RateLimitFilter(RateLimitProperties rateLimitProperties, AuditService auditService, ConcurrentHashMap concurrentHashMap, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(rateLimitProperties, auditService, (i & 4) != 0 ? new ConcurrentHashMap() : concurrentHashMap);
    }

    protected void doFilterInternal(@NotNull HttpServletRequest httpServletRequest, @NotNull HttpServletResponse httpServletResponse, @NotNull FilterChain filterChain) {
        Intrinsics.checkNotNullParameter(httpServletRequest, "request");
        Intrinsics.checkNotNullParameter(httpServletResponse, "response");
        Intrinsics.checkNotNullParameter(filterChain, "filterChain");
        if (!this.properties.getEnabled()) {
            filterChain.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse);
            return;
        }
        RequestKey requestKey = getRequestKey(httpServletRequest);
        ConcurrentHashMap<String, Bucket> concurrentHashMap = this.buckets;
        String requestKey2 = requestKey.toString();
        Function1 function1 = (v1) -> {
            return doFilterInternal$lambda$0(r2, v1);
        };
        Bucket computeIfAbsent = concurrentHashMap.computeIfAbsent(requestKey2, (v1) -> {
            return doFilterInternal$lambda$1(r2, v1);
        });
        Intrinsics.checkNotNullExpressionValue(computeIfAbsent, "computeIfAbsent(...)");
        if (computeIfAbsent.tryConsume(1L)) {
            filterChain.doFilter((ServletRequest) httpServletRequest, (ServletResponse) httpServletResponse);
            return;
        }
        this.auditService.logRateLimitExceeded(requestKey.getUsername(), requestKey.getIp());
        httpServletResponse.setStatus(HttpStatus.TOO_MANY_REQUESTS.value());
        httpServletResponse.setHeader("X-Rate-Limit-Exceeded", "true");
        httpServletResponse.setContentType("application/json");
        httpServletResponse.getWriter().write("{\"error\":\"Rate limit exceeded. Please try again later.\"}");
    }

    private final RequestKey getRequestKey(HttpServletRequest httpServletRequest) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return new RequestKey(this, getClientIP(httpServletRequest), (authentication == null || !authentication.isAuthenticated() || Intrinsics.areEqual(authentication.getName(), "anonymousUser")) ? null : authentication.getName());
    }

    private final String getClientIP(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        String str = header;
        if (!(str == null || StringsKt.isBlank(str))) {
            return StringsKt.trim((String) StringsKt.split$default(header, new String[]{","}, false, 0, 6, (Object) null).get(0)).toString();
        }
        String header2 = httpServletRequest.getHeader("X-Real-IP");
        String str2 = header2;
        if (!(str2 == null || StringsKt.isBlank(str2))) {
            return StringsKt.trim(header2).toString();
        }
        String remoteAddr = httpServletRequest.getRemoteAddr();
        Intrinsics.checkNotNullExpressionValue(remoteAddr, "getRemoteAddr(...)");
        return remoteAddr;
    }

    private final Bucket createBucket() {
        long capacity = this.properties.getCapacity();
        Bucket build = Bucket.builder().addLimit(Bandwidth.classic(capacity, Refill.intervally(capacity, Duration.ofMillis(this.properties.getRefillTimeInMillis())))).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return build;
    }

    private static final Bucket doFilterInternal$lambda$0(RateLimitFilter rateLimitFilter, String str) {
        Intrinsics.checkNotNullParameter(str, "it");
        return rateLimitFilter.createBucket();
    }

    private static final Bucket doFilterInternal$lambda$1(Function1 function1, Object obj) {
        return (Bucket) function1.invoke(obj);
    }
}
