lti-demo/src/main/java/riomhaire/lti/business/actions/ProcessLtiMessage.java

package riomhaire.lti.business.actions;

import com.auth0.jwt.JWT;
import lombok.Builder;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.servlet.ModelAndView;
import riomhaire.lti.adapters.token.JWKBasedJwtToMapAdapter;
import riomhaire.lti.infrastructure.Registry;
import riomhaire.lti.model.interfaces.Action;
import riomhaire.lti.model.interfaces.DecodeException;

import java.util.HashMap;
import java.util.Map;

/**
 * This is the router for lti type messages - lti launch and create deep link .. this action will delegate to the
 * appropriate sub handler
 */
@Slf4j
@Builder
public class ProcessLtiMessage implements Action<ModelAndView> {
    public static final String CLAIM_MESSAGE_TYPE = "https://purl.imsglobal.org/spec/lti/claim/message_type";
    public static final String LTI_RESOURCE_LINK_REQUEST = "LtiResourceLinkRequest";
    public static final String LTI_DEEP_LINKING_REQUEST = "LtiDeepLinkingRequest";
    Registry registry;
    Map<String, String> queryParams;
    Map<String, Object> metadata;


    @Override
    public ModelAndView execute() {
        var idToken = queryParams.get("id_token");
        var jwtToken = queryParams.get("JWT");
        // Crack open so we can find the config
        String token = (idToken != null) ? idToken : jwtToken;
        var jwt = JWT.decode(token);
        // Lookup client id and issuer
        var issuer = jwt.getClaim("iss").asString();
        var clientId = jwt.getClaim("aud").asString();

        var toolRegistration = registry.clientRegistrationResolver().lookupClient(issuer, clientId);
        var claims = new HashMap<>();

        if (toolRegistration.isPresent()) {
            // Validate JWT to verify its by who they say they are
            var clientConfiguration = toolRegistration.get();
            var adapter = JWKBasedJwtToMapAdapter.builder()
                    .jwksUrl(clientConfiguration.getJwksUrl())
                    .skipVerification(clientConfiguration.isSkipVerification())
                    .build();
            try {
                claims.putAll(adapter.decode(token));
            } catch (DecodeException e) {
                // OK not valid
                claims.put("error", "cannot verify token because of: " + e.toString());
            }
        } else {
            claims.put("error", "cannot find client for " + issuer + "  client-id " + clientId);
        }
//
        // OK based off of the message delegate to the right sub-action
        var messageType = String.valueOf(claims.get(CLAIM_MESSAGE_TYPE));
        return switch (messageType) {
            case LTI_RESOURCE_LINK_REQUEST:
                //noinspection unchecked
                yield LaunchContent.builder()
                        .registry(registry)
                        .metadata(metadata)
                        .queryParams(queryParams)
                        .claims((Map) claims)
                        .build()
                        .execute();
            case LTI_DEEP_LINKING_REQUEST:
                //noinspection unchecked
                yield SelectDeepLinkContent.builder()
                        .registry(registry)
                        .metadata(metadata)
                        .queryParams(queryParams)
                        .claims((Map) claims)
                        .build()
                        .execute();
            default:
                throw new IllegalStateException("Unexpected value: " + messageType);
        };
    }
}