package org.craftercms.engine.controller.rest.preview;

import jakarta.servlet.http.HttpSession;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.bson.types.ObjectId;
import org.craftercms.commons.validation.ValidationException;
import org.craftercms.commons.validation.ValidationResult;
import org.craftercms.commons.validation.annotations.param.EsapiValidationType;
import org.craftercms.core.controller.rest.CrafterRestController;
import org.craftercms.engine.rest.SetProfileRequest;
import org.craftercms.engine.util.ConfigUtils;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Validator;
import org.springframework.http.ResponseEntity;
import org.springframework.lang.NonNull;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@RequestMapping({"${crafter.core.rest.base.uri}/profile"})
@CrafterRestController
/* loaded from: input_file:org/craftercms/engine/controller/rest/preview/ProfileRestController.class */
public class ProfileRestController {
    public static final String URL_ROOT = "/profile";
    public static final int MAXIMUM_PROPERTY_COUNT = 100;
    public static final int MAXIMUM_PROPERTY_KEY_LENGTH = 64;
    public static final int MAXIMUM_PROPERTY_VALUE_LENGTH = 2048;
    public static final String PROFILE_SESSION_ATTRIBUTE = "_cr_profile_state";
    public static final String CLEANSE_ATTRS_CONFIG_KEY = "preview.targeting.cleanseAttributes";
    public static final String ERROR_MESSAGE_MODEL_ATTR_NAME = "message";
    private final Validator validator = ESAPI.validator();

    @RequestMapping(value = {"/get"}, method = {RequestMethod.GET})
    public Map<String, Object> getProfile(HttpSession httpSession) {
        Map<String, Object> map = (Map) httpSession.getAttribute(PROFILE_SESSION_ATTRIBUTE);
        if (map == null) {
            map = new HashMap();
            httpSession.setAttribute(PROFILE_SESSION_ATTRIBUTE, map);
        }
        return map;
    }

    @PostMapping({"/set"})
    public ResponseEntity<Object> setProfile(@RequestBody SetProfileRequest setProfileRequest, HttpSession httpSession) {
        Map<String, Object> parameters = setProfileRequest.getParameters();
        if (parameters.size() > 100) {
            return ResponseEntity.badRequest().body(Map.of("message", String.format("Parameter count should not exceed %d. %d parameters were found.", 100, Integer.valueOf(parameters.size()))));
        }
        HashMap hashMap = new HashMap();
        try {
            for (String str : parameters.keySet()) {
                Object obj = parameters.get(str);
                if (obj instanceof String) {
                    validateParameter(str, (String) obj);
                    hashMap.put(str, cleanProfileParam((String) obj));
                } else if (obj instanceof List) {
                    List list = (List) obj;
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        validateParameter(str, (String) it.next());
                    }
                    hashMap.put(str, list.stream().map(this::cleanProfileParam).collect(Collectors.toList()));
                }
            }
            hashMap.put("id", new ObjectId().toHexString());
            httpSession.setAttribute(PROFILE_SESSION_ATTRIBUTE, hashMap);
            return ResponseEntity.ok(hashMap);
        } catch (Exception e) {
            return ResponseEntity.badRequest().body(Map.of("message", e.getMessage()));
        }
    }

    private String cleanProfileParam(String str) {
        if (StringUtils.isEmpty(str)) {
            return str;
        }
        return (String) ((String) str.transform((v0) -> {
            return v0.trim();
        })).transform(shouldCleanseAttributes() ? StringEscapeUtils::escapeHtml4 : Function.identity());
    }

    private void validateParameter(String str, @NonNull String str2) throws Exception {
        String str3 = EsapiValidationType.HTTPParameterName.typeKey;
        this.validator.getValidInput(str3, str, str3, 64, false);
        if (str2.length() > 2048) {
            throw new ValidationException(new ValidationResult(String.format("Invalid input. The maximum length of %d characters was exceeded", Integer.valueOf(MAXIMUM_PROPERTY_VALUE_LENGTH))));
        }
    }

    protected boolean shouldCleanseAttributes() {
        HierarchicalConfiguration currentConfig = ConfigUtils.getCurrentConfig();
        return currentConfig == null || currentConfig.getBoolean(CLEANSE_ATTRS_CONFIG_KEY, true);
    }
}
