package cn.sliew.carp.module.security.spring.config;

import cn.sliew.carp.framework.common.security.annotations.AnonymousAccess;
import cn.sliew.carp.framework.web.util.RequestParamUtil;
import cn.sliew.carp.framework.web.util.SpringContextUtil;
import cn.sliew.carp.module.security.spring.authentication.CarpAccessDeniedHandler;
import cn.sliew.carp.module.security.spring.authentication.CarpAuthenticationEntryPoint;
import cn.sliew.carp.module.security.spring.authentication.CarpPasswordEncoder;
import cn.sliew.carp.module.security.spring.constant.SecurityConstants;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
/* loaded from: input_file:cn/sliew/carp/module/security/spring/config/CarpSecurityConfig.class */
public class CarpSecurityConfig {

    @Autowired
    private CarpTokenConfigurer carpTokenConfigurer;

    @Autowired
    private CarpAuthenticationEntryPoint carpAuthenticationEntryPoint;

    @Autowired
    private CarpAccessDeniedHandler carpAccessDeniedHandler;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf(this::csrf);
        httpSecurity.headers(this::headers);
        httpSecurity.formLogin(this::formLogin);
        httpSecurity.apply(this.carpTokenConfigurer);
        httpSecurity.authorizeHttpRequests(this::authorizeRequests);
        httpSecurity.sessionManagement(this::sessionManagement);
        httpSecurity.exceptionHandling(this::exceptionHandling);
        return (SecurityFilterChain) httpSecurity.build();
    }

    private void csrf(CsrfConfigurer<HttpSecurity> csrfConfigurer) {
        csrfConfigurer.disable();
    }

    private void headers(HeadersConfigurer<HttpSecurity> headersConfigurer) {
        headersConfigurer.frameOptions(frameOptionsConfig -> {
            frameOptionsConfig.disable();
        });
    }

    private void formLogin(FormLoginConfigurer<HttpSecurity> formLoginConfigurer) {
        formLoginConfigurer.disable();
    }

    private void authorizeRequests(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry authorizationManagerRequestMatcherRegistry) {
        Map handlerMethods = ((RequestMappingHandlerMapping) SpringContextUtil.getApplicationContext().getBean("requestMappingHandlerMapping", RequestMappingHandlerMapping.class)).getHandlerMethods();
        HashSet hashSet = new HashSet();
        for (Map.Entry entry : handlerMethods.entrySet()) {
            RequestMappingInfo requestMappingInfo = (RequestMappingInfo) entry.getKey();
            HandlerMethod handlerMethod = (HandlerMethod) entry.getValue();
            if (handlerMethod.getBeanType().isAnnotationPresent(AnonymousAccess.class) || handlerMethod.hasMethodAnnotation(AnonymousAccess.class)) {
                if (handlerMethod.getBeanType().getAnnotation(AnonymousAccess.class) == null) {
                    handlerMethod.getMethodAnnotation(AnonymousAccess.class);
                }
                hashSet.addAll(requestMappingInfo.getPatternValues());
            }
        }
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers((String[]) hashSet.toArray(new String[0]))).permitAll();
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new RequestMatcher[]{EndpointRequest.toAnyEndpoint()})).permitAll();
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(HttpMethod.GET, new String[]{"/**/*.css", "/**/*.js", "/**/*.png", "/**/*.woff", "/**/*.woff2", "/**/*.svg", "/**/*.json", "/**/*.ttf", "/**/*.ico", "/index.html"})).permitAll();
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers((String[]) RequestParamUtil.getDefaultIgnorePaths().stream().toArray(i -> {
            return new String[i];
        }))).permitAll();
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(HttpMethod.OPTIONS, new String[]{"/**"})).permitAll();
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
    }

    private void sessionManagement(SessionManagementConfigurer<HttpSecurity> sessionManagementConfigurer) {
        sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    private void exceptionHandling(ExceptionHandlingConfigurer<HttpSecurity> exceptionHandlingConfigurer) {
        exceptionHandlingConfigurer.authenticationEntryPoint(this.carpAuthenticationEntryPoint).accessDeniedHandler(this.carpAccessDeniedHandler);
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new CarpPasswordEncoder();
    }

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.addAllowedOriginPattern("*");
        corsConfiguration.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept", "responseType", SecurityConstants.TOKEN_KEY));
        corsConfiguration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "OPTIONS", "DELETE", "PATCH"));
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }
}
