package site.muyin.lywqPluginAuth.filter;

import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import java.util.Arrays;
import java.util.List;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import run.halo.app.security.AdditionalWebFilter;
import site.muyin.lywqPluginAuth.config.LywqPluginAuthConfig;
import site.muyin.lywqPluginAuth.utils.PluginCacheManager;

@Component
/* loaded from: input_file:site/muyin/lywqPluginAuth/filter/ApiWebFilter.class */
public class ApiWebFilter implements AdditionalWebFilter {
    final ServerWebExchangeMatcher requiresMatcher = ServerWebExchangeMatchers.pathMatchers(new String[]{"/lywqPluginAuth/public/**"});
    private final PluginCacheManager pluginCacheManager;
    private static final String ALL = "*";

    public ApiWebFilter(PluginCacheManager pluginCacheManager) {
        this.pluginCacheManager = pluginCacheManager;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return this.requiresMatcher.matches(serverWebExchange).filter((v0) -> {
            return v0.isMatch();
        }).switchIfEmpty(webFilterChain.filter(serverWebExchange).then(Mono.empty())).flatMap(matchResult -> {
            ServerHttpRequest request = serverWebExchange.getRequest();
            ServerHttpResponse response = serverWebExchange.getResponse();
            LywqPluginAuthConfig lywqPluginAuthConfig = (LywqPluginAuthConfig) this.pluginCacheManager.getConfig(LywqPluginAuthConfig.class);
            if (lywqPluginAuthConfig.getCorsWhiteList().equals(ALL)) {
                response.getHeaders().add("Access-Control-Allow-Origin", ALL);
            } else {
                String first = request.getHeaders().getFirst("Origin");
                List asList = Arrays.asList(lywqPluginAuthConfig.getCorsWhiteList().split(","));
                if (StrUtil.isNotEmpty(first) && !asList.contains(first)) {
                    response.setStatusCode(HttpStatus.UNAUTHORIZED);
                    return response.setComplete();
                }
                response.getHeaders().add("Access-Control-Allow-Origin", first);
                response.getHeaders().add("Access-Control-Allow-Credentials", "true");
            }
            response.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
            response.getHeaders().add("Access-Control-Max-Age", "18000L");
            response.getHeaders().add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
            if (request.getMethod() == HttpMethod.OPTIONS) {
                return Mono.empty();
            }
            String apiAccessSecret = lywqPluginAuthConfig.getApiAccessSecret();
            String first2 = serverWebExchange.getRequest().getHeaders().getFirst("Authorization");
            if (ObjectUtil.isEmpty(apiAccessSecret)) {
                return webFilterChain.filter(serverWebExchange);
            }
            if (!ObjectUtil.isEmpty(first2) && StrUtil.equals(apiAccessSecret, first2)) {
                return webFilterChain.filter(serverWebExchange);
            }
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            return response.setComplete();
        });
    }

    public int getOrder() {
        return SecurityWebFiltersOrder.AUTHORIZATION.getOrder();
    }
}
