package site.muyin.tools.filter;

import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import run.halo.app.security.AdditionalWebFilter;
import site.muyin.tools.config.WechatConfig;
import site.muyin.tools.utils.LywqPluginsUtil;
import site.muyin.tools.utils.PluginCacheManager;

@Component
/* loaded from: input_file:site/muyin/tools/filter/ToolsPluginApiWebFilter.class */
public class ToolsPluginApiWebFilter implements AdditionalWebFilter {
    final ServerWebExchangeMatcher requiresMatcher = ServerWebExchangeMatchers.pathMatchers(new String[]{"/tools/**"});
    final ServerWebExchangeMatcher verificationCodeMatcher = ServerWebExchangeMatchers.pathMatchers(new String[]{"/tools/verificationCode/**", "/tools/pageVisitPassword/**"});
    private final LywqPluginsUtil lywqPluginsUtil;
    private final PluginCacheManager pluginCacheManager;
    private static final String ALL = "*";

    public ToolsPluginApiWebFilter(LywqPluginsUtil lywqPluginsUtil, PluginCacheManager pluginCacheManager) {
        this.lywqPluginsUtil = lywqPluginsUtil;
        this.pluginCacheManager = pluginCacheManager;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return this.requiresMatcher.matches(serverWebExchange).filter((v0) -> {
            return v0.isMatch();
        }).switchIfEmpty(webFilterChain.filter(serverWebExchange).then(Mono.empty())).flatMap(matchResult -> {
            serverWebExchange.getRequest();
            ServerHttpResponse response = serverWebExchange.getResponse();
            if (this.lywqPluginsUtil.checkAuth()) {
                return this.verificationCodeMatcher.matches(serverWebExchange).filter((v0) -> {
                    return v0.isMatch();
                }).switchIfEmpty(webFilterChain.filter(serverWebExchange).then(Mono.empty())).flatMap(matchResult -> {
                    String authToken = ((WechatConfig) this.pluginCacheManager.getConfig(WechatConfig.class)).getAuthToken();
                    String first = serverWebExchange.getRequest().getHeaders().getFirst("Authorization");
                    if (ObjectUtil.isEmpty(authToken)) {
                        return webFilterChain.filter(serverWebExchange);
                    }
                    if (!ObjectUtil.isEmpty(first) && StrUtil.equals(authToken, first)) {
                        return webFilterChain.filter(serverWebExchange);
                    }
                    response.setStatusCode(HttpStatus.UNAUTHORIZED);
                    return response.setComplete();
                });
            }
            response.setStatusCode(HttpStatus.UNAUTHORIZED);
            return response.setComplete();
        });
    }

    public int getOrder() {
        return SecurityWebFiltersOrder.AUTHORIZATION.getOrder();
    }
}
