package com.atlassian.bitbucket.internal.ratelimit.settings;

import com.atlassian.bitbucket.AuthorisationException;
import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.dmz.features.RequireFeature;
import com.atlassian.bitbucket.dmz.ratelimit.DmzRateLimitSettingsService;
import com.atlassian.bitbucket.dmz.ratelimit.RateLimitingDisabledEvent;
import com.atlassian.bitbucket.dmz.ratelimit.RateLimitingEnabledEvent;
import com.atlassian.bitbucket.dmz.ratelimit.TokenBucketSettings;
import com.atlassian.bitbucket.dmz.ratelimit.UserRateLimitSettings;
import com.atlassian.bitbucket.dmz.ratelimit.UserRateLimitSettingsSearchRequest;
import com.atlassian.bitbucket.dmz.ratelimit.UserRateLimitSettingsUpdateRequest;
import com.atlassian.bitbucket.event.user.UserCleanupEvent;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.ratelimit.RateLimitConstants;
import com.atlassian.bitbucket.internal.ratelimit.analytics.AnalyticsUserRateLimitSettingsCreatedEvent;
import com.atlassian.bitbucket.internal.ratelimit.analytics.AnalyticsUserRateLimitSettingsDeletedEvent;
import com.atlassian.bitbucket.internal.ratelimit.analytics.AnalyticsUserRateLimitSettingsModifiedEvent;
import com.atlassian.bitbucket.internal.ratelimit.dao.UserRateLimitSettingsDao;
import com.atlassian.bitbucket.internal.ratelimit.model.InternalUserRateLimitSettings;
import com.atlassian.bitbucket.permission.Permission;
import com.atlassian.bitbucket.permission.PermissionValidationService;
import com.atlassian.bitbucket.server.FeatureManager;
import com.atlassian.bitbucket.server.StandardFeature;
import com.atlassian.bitbucket.topic.Topic;
import com.atlassian.bitbucket.topic.TopicService;
import com.atlassian.bitbucket.topic.TopicSettings;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.ApplicationUserEquality;
import com.atlassian.bitbucket.user.NoSuchUserException;
import com.atlassian.bitbucket.user.UserType;
import com.atlassian.bitbucket.util.Page;
import com.atlassian.bitbucket.util.PageRequest;
import com.atlassian.bitbucket.util.PageUtils;
import com.atlassian.event.api.EventListener;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.plugin.spring.AvailableToPlugins;
import com.atlassian.stash.internal.ratelimit.InternalRateLimitSettingsService;
import com.atlassian.stash.internal.server.InternalApplicationPropertiesService;
import com.atlassian.stash.internal.spring.TransactionSynchronizer;
import com.google.common.base.Preconditions;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.support.TransactionSynchronizationAdapter;

@RequireFeature(StandardFeature.RATE_LIMITING)
@Service("rateLimitSettingsService")
@Transactional(readOnly = true)
@AvailableToPlugins(DmzRateLimitSettingsService.class)
/* loaded from: input_file:com/atlassian/bitbucket/internal/ratelimit/settings/DefaultRateLimitSettingsService.class */
public class DefaultRateLimitSettingsService implements InternalRateLimitSettingsService {
    private static final Logger log = LoggerFactory.getLogger(DefaultRateLimitSettingsService.class);
    private final AuthenticationContext authenticationContext;
    private final EventPublisher eventPublisher;
    private final FeatureManager featureManager;
    private final I18nService i18nService;
    private final PermissionValidationService permissionValidationService;
    private final InternalApplicationPropertiesService propertiesService;
    private final Topic<Integer> settingsChangedTopic;
    private final TransactionSynchronizer transactionSynchronizer;
    private final UserRateLimitSettingsDao userSettingsDao;

    @Autowired
    public DefaultRateLimitSettingsService(AuthenticationContext authenticationContext, EventPublisher eventPublisher, FeatureManager featureManager, I18nService i18nService, PermissionValidationService permissionValidationService, InternalApplicationPropertiesService internalApplicationPropertiesService, TopicService topicService, TransactionSynchronizer transactionSynchronizer, UserRateLimitSettingsDao userRateLimitSettingsDao) {
        this.authenticationContext = authenticationContext;
        this.eventPublisher = eventPublisher;
        this.featureManager = featureManager;
        this.i18nService = i18nService;
        this.permissionValidationService = permissionValidationService;
        this.propertiesService = internalApplicationPropertiesService;
        this.transactionSynchronizer = transactionSynchronizer;
        this.userSettingsDao = userRateLimitSettingsDao;
        this.settingsChangedTopic = topicService.getTopic(RateLimitConstants.SETTINGS_CHANGED_TOPIC, new TopicSettings.Builder(Integer.class).dedupePendingMessages(true).build());
    }

    @Transactional
    public boolean delete(@Nonnull ApplicationUser applicationUser) {
        Objects.requireNonNull(applicationUser, "user");
        this.permissionValidationService.validateForGlobal(Permission.ADMIN);
        validateNormalUser(applicationUser);
        Optional<InternalUserRateLimitSettings> deleteInternal = deleteInternal(applicationUser);
        if (!deleteInternal.isPresent()) {
            return false;
        }
        this.eventPublisher.publish(new AnalyticsUserRateLimitSettingsDeletedEvent(deleteInternal.get(), this));
        publishSettingsChangedMessage(applicationUser.getId());
        return true;
    }

    public void forEachUserSettings(@Nonnull Consumer<UserRateLimitSettings> consumer) {
        Objects.requireNonNull(consumer, "consumer");
        this.permissionValidationService.validateForGlobal(Permission.ADMIN);
        Stream<InternalUserRateLimitSettings> stream = this.userSettingsDao.stream();
        Throwable th = null;
        try {
            try {
                stream.forEach(consumer);
                if (stream != null) {
                    if (0 == 0) {
                        stream.close();
                        return;
                    }
                    try {
                        stream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (stream != null) {
                if (th != null) {
                    try {
                        stream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    stream.close();
                }
            }
            throw th4;
        }
    }

    @Nonnull
    public Optional<UserRateLimitSettings> get(@Nonnull ApplicationUser applicationUser) {
        Objects.requireNonNull(applicationUser, "user");
        ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
        if (currentUser == null) {
            throw new AuthorisationException(this.i18nService.createKeyedMessage("bitbucket.service.ratelimit.settings.user.insufficient.permission", new Object[0]));
        }
        if (!ApplicationUserEquality.equals(applicationUser, currentUser)) {
            this.permissionValidationService.validateForUser(applicationUser.getId(), Permission.USER_ADMIN);
        }
        return applicationUser.getType() == UserType.SERVICE ? Optional.empty() : this.userSettingsDao.get(applicationUser.getId()).map(Function.identity());
    }

    @Nonnull
    @Transactional
    public TokenBucketSettings getDefault() {
        this.permissionValidationService.validateForGlobal(Permission.LICENSED_USER);
        return this.propertiesService.getDefaultRateLimitSettings();
    }

    @RequireFeature(value = StandardFeature.RATE_LIMITING, skip = true)
    public boolean isEnabled() {
        return this.propertiesService.isRateLimitEnabled() && this.featureManager.isEnabled(StandardFeature.RATE_LIMITING);
    }

    @EventListener
    public void onUserCleanup(UserCleanupEvent userCleanupEvent) {
        deleteInternal(userCleanupEvent.getDeletedUser()).ifPresent(internalUserRateLimitSettings -> {
            log.debug("Cleaned up custom settings for deleted user: {}", internalUserRateLimitSettings.m9getUser().getName());
        });
    }

    @Nonnull
    public Page<UserRateLimitSettings> search(@Nonnull UserRateLimitSettingsSearchRequest userRateLimitSettingsSearchRequest, @Nonnull PageRequest pageRequest) {
        this.permissionValidationService.validateForGlobal(Permission.ADMIN);
        return PageUtils.asPageOf(UserRateLimitSettings.class, this.userSettingsDao.search((UserRateLimitSettingsSearchRequest) Objects.requireNonNull(userRateLimitSettingsSearchRequest, "request"), (PageRequest) Objects.requireNonNull(pageRequest, "pageRequest")));
    }

    @Transactional
    public void set(@Nonnull Iterable<ApplicationUser> iterable, @Nonnull UserRateLimitSettingsUpdateRequest userRateLimitSettingsUpdateRequest) {
        Objects.requireNonNull(iterable, "users");
        this.permissionValidationService.validateForGlobal(Permission.ADMIN);
        iterable.forEach(this::validateNormalUser);
        iterable.forEach(setCustomSettingsOrWhitelistUser((UserRateLimitSettingsUpdateRequest) Objects.requireNonNull(userRateLimitSettingsUpdateRequest, "request")));
    }

    @Transactional
    public void set(@Nonnull ApplicationUser applicationUser, @Nonnull UserRateLimitSettingsUpdateRequest userRateLimitSettingsUpdateRequest) {
        Objects.requireNonNull(userRateLimitSettingsUpdateRequest, "request");
        this.permissionValidationService.validateForGlobal(Permission.ADMIN);
        validateNormalUser(applicationUser);
        setCustomSettingsOrWhitelistUser(userRateLimitSettingsUpdateRequest).accept(applicationUser);
    }

    @Transactional
    public void setDefault(@Nonnull TokenBucketSettings tokenBucketSettings) {
        if (this.propertiesService.setDefaultRateLimitSettings(tokenBucketSettings)) {
            log.debug("Default rate limit settings updated: capacity={}, fillRate={}", Integer.valueOf(tokenBucketSettings.getCapacity()), Integer.valueOf(tokenBucketSettings.getFillRate()));
            publishSettingsChangedMessage(-1);
        }
    }

    @Transactional
    public void setEnabled(boolean z) {
        if (z != this.propertiesService.isRateLimitEnabled()) {
            this.propertiesService.setRateLimitEnabled(z);
            this.eventPublisher.publish(z ? new RateLimitingEnabledEvent(this) : new RateLimitingDisabledEvent(this));
            if (z) {
                return;
            }
            publishSettingsChangedMessage(-1);
        }
    }

    private void createUserSettings(InternalUserRateLimitSettings internalUserRateLimitSettings) {
        this.userSettingsDao.create(internalUserRateLimitSettings);
        this.eventPublisher.publish(new AnalyticsUserRateLimitSettingsCreatedEvent(internalUserRateLimitSettings, this));
    }

    private Optional<InternalUserRateLimitSettings> deleteInternal(ApplicationUser applicationUser) {
        Optional<InternalUserRateLimitSettings> optional = this.userSettingsDao.get(applicationUser.getId());
        UserRateLimitSettingsDao userRateLimitSettingsDao = this.userSettingsDao;
        userRateLimitSettingsDao.getClass();
        optional.ifPresent((v1) -> {
            r1.delete(v1);
        });
        return optional;
    }

    private void publishSettingsChangedMessage(final int i) {
        this.transactionSynchronizer.register(new TransactionSynchronizationAdapter() { // from class: com.atlassian.bitbucket.internal.ratelimit.settings.DefaultRateLimitSettingsService.1
            public void afterCommit() {
                DefaultRateLimitSettingsService.this.settingsChangedTopic.publish(Integer.valueOf(i));
            }
        });
    }

    private void setCustomSettings(ApplicationUser applicationUser, TokenBucketSettings tokenBucketSettings) {
        int id = applicationUser.getId();
        Optional<InternalUserRateLimitSettings> optional = this.userSettingsDao.get(id);
        if (optional.isPresent()) {
            InternalUserRateLimitSettings internalUserRateLimitSettings = optional.get();
            if (internalUserRateLimitSettings.getSettings().filter(tokenBucketSettings2 -> {
                return Objects.equals(tokenBucketSettings2, tokenBucketSettings);
            }).isPresent()) {
                log.debug("User settings have not changed: (userId={}, settings={})", Integer.valueOf(id), internalUserRateLimitSettings.getSettings());
                return;
            }
            updateUserSettings(internalUserRateLimitSettings, internalUserRateLimitSettings.copy().withSettings(tokenBucketSettings).build());
        } else {
            createUserSettings(InternalUserRateLimitSettings.builder(applicationUser).withSettings(tokenBucketSettings).build());
        }
        publishSettingsChangedMessage(id);
    }

    private Consumer<ApplicationUser> setCustomSettingsOrWhitelistUser(UserRateLimitSettingsUpdateRequest userRateLimitSettingsUpdateRequest) {
        Preconditions.checkArgument(userRateLimitSettingsUpdateRequest.isWhitelisted() || userRateLimitSettingsUpdateRequest.getSettings().isPresent(), "Either user is whitelisted or valid token bucket settings must be provided.");
        return userRateLimitSettingsUpdateRequest.isWhitelisted() ? this::whitelistUser : applicationUser -> {
            setCustomSettings(applicationUser, (TokenBucketSettings) userRateLimitSettingsUpdateRequest.getSettings().get());
        };
    }

    private void updateUserSettings(InternalUserRateLimitSettings internalUserRateLimitSettings, InternalUserRateLimitSettings internalUserRateLimitSettings2) {
        InternalUserRateLimitSettings build = internalUserRateLimitSettings.copy().build();
        this.userSettingsDao.update(internalUserRateLimitSettings2);
        this.eventPublisher.publish(new AnalyticsUserRateLimitSettingsModifiedEvent(internalUserRateLimitSettings2, build, this));
    }

    private void validateNormalUser(ApplicationUser applicationUser) {
        if (applicationUser.getType() != UserType.NORMAL) {
            throw new NoSuchUserException(this.i18nService.createKeyedMessage("bitbucket.service.ratelimit.settings.user.not.found", new Object[]{applicationUser.getSlug()}), applicationUser.getSlug());
        }
    }

    private void whitelistUser(ApplicationUser applicationUser) {
        int id = applicationUser.getId();
        Optional<InternalUserRateLimitSettings> optional = this.userSettingsDao.get(id);
        if (optional.isPresent()) {
            InternalUserRateLimitSettings internalUserRateLimitSettings = optional.get();
            if (internalUserRateLimitSettings.isWhitelisted()) {
                log.debug("User was already whitelisted: (userId={})", Integer.valueOf(id));
                return;
            }
            updateUserSettings(internalUserRateLimitSettings, internalUserRateLimitSettings.copy().whitelisted().build());
        } else {
            createUserSettings(InternalUserRateLimitSettings.builder(applicationUser).whitelisted().build());
        }
        publishSettingsChangedMessage(id);
    }
}
