package com.sysranger.server.api;

import com.sysranger.common.database.QueryResult;
import com.sysranger.common.srjson.SRJson;
import com.sysranger.common.utils.Crypto;
import com.sysranger.common.utils.Debugger;
import com.sysranger.common.utils.JsonUtils;
import com.sysranger.common.utils.Utils;
import com.sysranger.server.RequestContainer;
import com.sysranger.server.Translate;
import com.sysranger.server.Web;
import com.sysranger.server.database.SRAvailabilityType;
import com.sysranger.server.user.DefaultUserSettings;
import com.sysranger.server.user.User;
import com.sysranger.server.user.UserRights;

/* loaded from: input_file:com/sysranger/server/api/SAPILogin.class */
public class SAPILogin {
    private RequestContainer api;

    public String get(RequestContainer requestContainer) {
        this.api = requestContainer;
        String parameterString = Web.getParameterString(this.api.request, "op");
        boolean z = -1;
        switch (parameterString.hashCode()) {
            case -1153305347:
                if (parameterString.equals("setpassword")) {
                    z = 2;
                    break;
                }
                break;
            case -1147589652:
                if (parameterString.equals("adduser")) {
                    z = 6;
                    break;
                }
                break;
            case -1097329270:
                if (parameterString.equals("logout")) {
                    z = 4;
                    break;
                }
                break;
            case 3526476:
                if (parameterString.equals("self")) {
                    z = 9;
                    break;
                }
                break;
            case 94627080:
                if (parameterString.equals("check")) {
                    z = true;
                    break;
                }
                break;
            case 103149417:
                if (parameterString.equals("login")) {
                    z = false;
                    break;
                }
                break;
            case 111578632:
                if (parameterString.equals("users")) {
                    z = 5;
                    break;
                }
                break;
            case 1099563599:
                if (parameterString.equals("removeuser")) {
                    z = 7;
                    break;
                }
                break;
            case 1416934445:
                if (parameterString.equals("setadmin")) {
                    z = 3;
                    break;
                }
                break;
            case 1557721666:
                if (parameterString.equals("details")) {
                    z = 8;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return login();
            case true:
                return check();
            case true:
                return setPassword();
            case true:
                return setAdmin();
            case true:
                return logout();
            case true:
                return users();
            case true:
                return addUser();
            case SRAvailabilityType.PORT_OPEN /* 7 */:
                return removeUser();
            case SRAvailabilityType.SERVICE /* 8 */:
                return details();
            case SRAvailabilityType.SAP_SCHEMA_CONNECTION /* 9 */:
                return self();
            default:
                return JsonUtils.error("Incorrect Operation");
        }
    }

    private String addUser() {
        if (!this.api.opAllowed(UserRights.CREATE_USER)) {
            return JsonUtils.error(Translate.t("Insufficient user privileges"));
        }
        String parameterString = Web.getParameterString(this.api.request, "name");
        String parameterString2 = Web.getParameterString(this.api.request, "fullname");
        String parameterString3 = Web.getParameterString(this.api.request, "pass");
        for (String str : new String[]{"sysranger", "automatic", "unknown"}) {
            if (parameterString.equalsIgnoreCase(str)) {
                return JsonUtils.error("This username is reserved");
            }
        }
        if (parameterString3.length() < 8) {
            return JsonUtils.error("Password must be at least 8 characters");
        }
        if (this.api.db.doesExist("select id from sr_users where user=?", parameterString)) {
            return JsonUtils.error("User already exist");
        }
        long currentTimeMillis = System.currentTimeMillis();
        QueryResult execute = this.api.db.execute("insert into sr_users(user,fullname,type,created,pass) values(?,?,?,?,?)", parameterString, parameterString2, (byte) 1, Long.valueOf(currentTimeMillis), new Crypto().encrpyt(Utils.longtoBytes(currentTimeMillis + 49187), parameterString3));
        if (execute.error) {
            return JsonUtils.error(execute.errorMessage);
        }
        DefaultUserSettings.set(this.api.db, parameterString, currentTimeMillis);
        SRJson sRJson = new SRJson();
        sRJson.add("user", parameterString);
        return sRJson.toString();
    }

    private String removeUser() {
        if (!this.api.opAllowed(UserRights.CREATE_USER)) {
            return JsonUtils.error(Translate.t("Insufficient user privileges"));
        }
        int parameterInteger = Web.getParameterInteger(this.api.request, "id");
        String parameterString = Web.getParameterString(this.api.request, "name");
        QueryResult execute = this.api.db.execute("update sr_users set removed=? where id=?", Long.valueOf(System.currentTimeMillis()), Integer.valueOf(parameterInteger));
        if (execute.error) {
            return JsonUtils.error(execute.errorMessage);
        }
        SRJson sRJson = new SRJson();
        sRJson.add("name", parameterString);
        return sRJson.toString();
    }

    private String setAdmin() {
        if (!this.api.opAllowed(UserRights.CREATE_USER)) {
            return JsonUtils.error(Translate.t("Insufficient user privileges"));
        }
        int parameterInteger = Web.getParameterInteger(this.api.request, "id");
        String parameterString = Web.getParameterString(this.api.request, "name");
        QueryResult execute = this.api.db.execute("update sr_users set type=? where id=?", Integer.valueOf(Web.getParameterBoolean(this.api.request, "admin") ? 20 : 1), Integer.valueOf(parameterInteger));
        if (execute.error) {
            return JsonUtils.error(execute.errorMessage);
        }
        SRJson sRJson = new SRJson();
        sRJson.add("name", parameterString);
        return sRJson.toString();
    }

    private boolean setUserRights(User user) {
        QueryResult select = this.api.db.select("select permissions,allowedgroups from sr_users where id=?", Long.valueOf(user.id));
        if (select.error) {
            return Debugger.error("SAPILogin.setUserRights:Database Error");
        }
        select.next();
        String string = select.getString("permissions");
        user.setGroups(select.getString("allowedgroups"));
        if (string.isEmpty() && user.admin) {
            user.addRight(UserRights.ADD);
            user.addRight(UserRights.REMOVE);
            user.addRight(UserRights.REMOVE_ALERT);
            user.addRight(UserRights.ADD_HOST);
            user.addRight(UserRights.ADD_SYSTEM);
            user.addRight(UserRights.SET);
        }
        if (user.superAdmin) {
            user.supervisor();
        }
        user.setRights(string);
        return true;
    }

    private String login() {
        User user = new User();
        user.name = Web.getParameterString(this.api.request, "user");
        String parameterString = Web.getParameterString(this.api.request, "pass");
        user.created = this.api.db.selectID("select created from sr_users where user=? and removed=0", user.name);
        QueryResult select = this.api.db.select("select id,type,fullname,permissions,allowedgroups from sr_users where user=? and pass=? and removed=0", user.name, new Crypto().encrpyt(Utils.longtoBytes(user.created + 49187), parameterString));
        if (select.error) {
            return JsonUtils.error("Database Error");
        }
        select.next();
        user.id = select.getLong("id").longValue();
        user.type = select.getByte("type");
        if (user.id < 1) {
            return JsonUtils.error("Invalid login credentials");
        }
        user.admin = user.type == 20;
        user.superAdmin = user.type == 99;
        user.fullName = select.getString("fullname");
        setUserRights(user);
        this.api.request.getSession().setAttribute("user", user);
        SRJson sRJson = new SRJson();
        sRJson.add("userid", Long.valueOf(user.id));
        sRJson.add("username", user.name);
        sRJson.add("admin", Boolean.valueOf(user.admin));
        sRJson.add("super", Boolean.valueOf(user.superAdmin));
        sRJson.add("type", Byte.valueOf(user.type));
        sRJson.add("fullname", user.fullName);
        sRJson.add("permissions", user.rightsAsCSV());
        sRJson.add("allowedgroups", user.groupsAsCSV());
        this.api.db.execute("update sr_users set lastlogin=? where id=?", Long.valueOf(System.currentTimeMillis()), Long.valueOf(user.id));
        return sRJson.toString();
    }

    private String setPassword() {
        if (!this.api.opAllowed(UserRights.CREATE_USER)) {
            return JsonUtils.error(Translate.t("Insufficient user privileges"));
        }
        User user = this.api.getUser();
        if (user == null) {
            return JsonUtils.error("Permission denied");
        }
        int parameterInteger = Web.getParameterInteger(this.api.request, "id");
        String parameterString = Web.getParameterString(this.api.request, "user");
        String parameterString2 = Web.getParameterString(this.api.request, "password");
        QueryResult select = this.api.db.select("select created,type from sr_users where id=? and removed=0", Integer.valueOf(parameterInteger));
        select.next();
        long longValue = select.getLong("created").longValue();
        byte b = select.getByte("type");
        if (longValue < 1) {
            return JsonUtils.error("No such user");
        }
        if (b == 99 && !user.superAdmin) {
            return JsonUtils.error("Permission denied");
        }
        if (parameterString2.length() < 8) {
            return JsonUtils.error("Password must be at least 8 characters");
        }
        QueryResult execute = this.api.db.execute("update sr_users set pass=? where id=?", Crypto.encrypt(longValue + 49187, parameterString2), Integer.valueOf(parameterInteger));
        if (execute.error) {
            return JsonUtils.error(execute.errorMessage);
        }
        SRJson sRJson = new SRJson();
        sRJson.add("user", parameterString);
        return sRJson.toString();
    }

    private String logout() {
        this.api.request.getSession().setAttribute("user", (Object) null);
        return JsonUtils.success();
    }

    private String check() {
        User user = this.api.getUser();
        if (user == null) {
            return JsonUtils.error("Not logged in");
        }
        setUserRights(user);
        this.api.request.getSession().setAttribute("user", user);
        SRJson sRJson = new SRJson();
        sRJson.add("userid", Long.valueOf(user.id));
        sRJson.add("username", user.name);
        sRJson.add("admin", Boolean.valueOf(user.admin));
        sRJson.add("super", Boolean.valueOf(user.superAdmin));
        sRJson.add("fullname", user.fullName);
        sRJson.add("type", Byte.valueOf(user.type));
        sRJson.add("permissions", user.rightsAsCSV());
        sRJson.add("allowedgroups", user.groupsAsCSV());
        return sRJson.toString();
    }

    private String users() {
        return !this.api.opAllowed(UserRights.SUPER) ? JsonUtils.error(Translate.t("Insufficient user privileges")) : this.api.db.select("select id,user,fullname,lastlogin,type,removed as rm from sr_users where removed=0", new Object[0]).toJSON().toString();
    }

    private String details() {
        QueryResult select = this.api.db.select("select id,user,fullname,lastlogin,type from sr_users where id=?", Long.valueOf(Web.getParameterLong(this.api.request, "id")));
        if (select.error) {
            return JsonUtils.error("User is not found on database");
        }
        SRJson sRJson = new SRJson();
        select.next();
        sRJson.add("name", select.getString("user"));
        sRJson.add("fullname", select.getString("fullname"));
        sRJson.add("type", Integer.valueOf(select.getInt("type")));
        sRJson.add("lastlogin", select.getLong("lastlogin"));
        return sRJson.toString();
    }

    private String self() {
        User user = this.api.getUser();
        if (user == null) {
            return JsonUtils.error("Not logged in");
        }
        SRJson sRJson = new SRJson();
        sRJson.add("name", user.name);
        sRJson.add("fullname", user.fullName);
        sRJson.add("type", Byte.valueOf(user.type));
        sRJson.add("admin", Boolean.valueOf(user.admin));
        sRJson.add("super", Boolean.valueOf(user.superAdmin));
        sRJson.add("permissions", user.rightsAsCSV());
        sRJson.add("allowedgroups", user.groupsAsCSV());
        return sRJson.toString();
    }
}
