package it.geosolutions.mapstore.controllers.rest.config;

import it.geosolutions.mapstore.controllers.BaseConfigController;
import java.io.IOException;
import java.nio.file.Paths;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.HandlerMapping;

@Controller
/* loaded from: input_file:it/geosolutions/mapstore/controllers/rest/config/LoadAssetsController.class */
public class LoadAssetsController extends BaseConfigController {

    @Value("${allowed.resources:localConfig,pluginsConfig,extensions,config,new}")
    protected String allowedResources = "localConfig,pluginsConfig,extensions,config,new";

    @RequestMapping(value = {"/load/{resource}"}, method = {RequestMethod.GET})
    @ResponseBody
    public byte[] loadResource(@PathVariable("resource") String str, @RequestParam(value = "overrides", defaultValue = "true") boolean z) throws IOException {
        String normalizeResource = normalizeResource(str, "json");
        if (isAllowed(normalizeResource)) {
            return toBytes(readResource(normalizeResource + ".json", z, normalizeResource + ".json.patch"));
        }
        throw new BaseConfigController.ResourceNotAllowedException(this, "Resource is not allowed");
    }

    private String normalizeResource(String str, String str2) {
        return str.toLowerCase().endsWith(new StringBuilder().append(".").append(str2.toLowerCase()).toString()) ? str.substring(0, (str.length() - 1) - str2.length()) : str;
    }

    @RequestMapping(value = {"/loadasset/**"}, method = {RequestMethod.GET})
    public void loadAsset(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String str = ((String) httpServletRequest.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE)).split("/loadasset/")[0];
        if (Paths.get(str, new String[0]).isAbsolute()) {
            throw new IOException("Absolute paths are not allowed!");
        }
        BaseConfigController.Resource readResource = readResource(str, false, "");
        httpServletResponse.setContentType(readResource.type);
        IOUtils.copy(toStream(readResource), httpServletResponse.getOutputStream());
    }

    protected boolean isAllowed(final String str) {
        return Stream.of((Object[]) this.allowedResources.split(",")).anyMatch(new Predicate<String>() { // from class: it.geosolutions.mapstore.controllers.rest.config.LoadAssetsController.1
            @Override // java.util.function.Predicate
            public boolean test(String str2) {
                return str2.equals(str);
            }
        });
    }
}
