package com.atlassian.bitbucket.internal.ratelimit.servlet.filter;

import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.bitbucket.dmz.ratelimit.DmzRateLimitSettingsService;
import com.atlassian.bitbucket.internal.ratelimit.InternalRateLimitService;
import com.atlassian.bitbucket.request.RequestContext;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.util.concurrent.Gate;
import com.atlassian.stash.internal.maintenance.MaintenanceService;
import com.atlassian.stash.internal.maintenance.latch.LatchState;
import java.io.IOException;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/bitbucket/internal/ratelimit/servlet/filter/RateLimitFilter.class */
public class RateLimitFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(RateLimitFilter.class);
    private final AuthenticationContext authenticationContext;
    private final Gate<Integer> gate = new Gate<>(5, TimeUnit.MINUTES);
    private final MaintenanceService maintenanceService;
    private final InternalRateLimitService rateLimitService;
    private final DmzRateLimitSettingsService rateLimitSettingsService;
    private final RequestContext requestContext;

    @Autowired
    public RateLimitFilter(AuthenticationContext authenticationContext, InternalRateLimitService internalRateLimitService, DmzRateLimitSettingsService dmzRateLimitSettingsService, MaintenanceService maintenanceService, RequestContext requestContext) {
        this.authenticationContext = authenticationContext;
        this.rateLimitService = internalRateLimitService;
        this.rateLimitSettingsService = dmzRateLimitSettingsService;
        this.maintenanceService = maintenanceService;
        this.requestContext = requestContext;
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isDatabaseAvailable() && this.rateLimitSettingsService.isEnabled()) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            ApplicationUser currentUser = this.authenticationContext.getCurrentUser();
            if (currentUser != null && isBasicAuthOrToken(httpServletRequest) && !this.rateLimitService.tryAcquire(currentUser)) {
                if (this.requestContext.isActive()) {
                    this.requestContext.addLabel("rate-limited");
                }
                if (log.isDebugEnabled()) {
                    this.gate.callIfNotRecentlyRun(Integer.valueOf(currentUser.getId()), () -> {
                        log.debug("User '{}' has been rate limited", currentUser.getSlug());
                    });
                }
                HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                httpServletResponse.addHeader("Retry-After", "5");
                httpServletResponse.sendError(429, "Rate limit exceeded");
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void init(FilterConfig filterConfig) {
    }

    private static boolean isBasicAuthOrToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return false;
        }
        String lowerCase = header.toLowerCase(Locale.ROOT);
        return lowerCase.startsWith("basic") || lowerCase.startsWith("bearer");
    }

    private boolean isDatabaseAvailable() {
        return this.maintenanceService.getStatus().getDatabaseState() == LatchState.AVAILABLE;
    }
}
