package site.muyin.lywqPluginAuth.filter;

import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.ServerWebInputException;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import run.halo.app.security.AdditionalWebFilter;
import site.muyin.lywqPluginAuth.config.LywqPluginAuthConfig;
import site.muyin.lywqPluginAuth.utils.PluginCacheManager;

@Component
/* loaded from: input_file:site/muyin/lywqPluginAuth/filter/ApiWebFilter.class */
public class ApiWebFilter implements AdditionalWebFilter {
    final ServerWebExchangeMatcher requiresMatcher = ServerWebExchangeMatchers.pathMatchers(new String[]{"/lywqPluginAuth/public/**"});
    private final PluginCacheManager pluginCacheManager;

    public ApiWebFilter(PluginCacheManager pluginCacheManager) {
        this.pluginCacheManager = pluginCacheManager;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return this.requiresMatcher.matches(serverWebExchange).filter((v0) -> {
            return v0.isMatch();
        }).switchIfEmpty(webFilterChain.filter(serverWebExchange).then(Mono.empty())).flatMap(matchResult -> {
            String apiAccessSecret = ((LywqPluginAuthConfig) this.pluginCacheManager.getConfig(LywqPluginAuthConfig.class)).getApiAccessSecret();
            String first = serverWebExchange.getRequest().getHeaders().getFirst("Authorization");
            return ObjectUtil.isEmpty(apiAccessSecret) ? webFilterChain.filter(serverWebExchange) : (ObjectUtil.isEmpty(first) || !StrUtil.equals(apiAccessSecret, first)) ? Mono.error(new ServerWebInputException("Authorization failed")) : webFilterChain.filter(serverWebExchange);
        });
    }

    public int getOrder() {
        return SecurityWebFiltersOrder.AUTHORIZATION.getOrder();
    }
}
