package net.takela.common.webflux.security.filter;

import java.nio.file.AccessDeniedException;
import net.takela.common.webflux.security.SecurityConfigProperties;
import net.takela.common.webflux.security.model.AuthUser;
import net.takela.common.webflux.security.service.AuthTokenManager;
import org.springframework.core.Ordered;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

/* loaded from: input_file:net/takela/common/webflux/security/filter/AppAuthenticationWebFilter.class */
public class AppAuthenticationWebFilter implements WebFilter, Ordered, ReactiveAuthenticationFilter {
    private final AuthTokenManager authTokenManager;
    private SecurityConfigProperties securityConfigProperties;
    private static AntPathMatcher antPathMatcher = new AntPathMatcher();

    public AppAuthenticationWebFilter(AuthTokenManager authTokenManager, SecurityConfigProperties securityConfigProperties) {
        this.authTokenManager = authTokenManager;
        this.securityConfigProperties = securityConfigProperties;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        String path = serverWebExchange.getRequest().getURI().getPath();
        if (this.securityConfigProperties.getAnonymousUrls() != null && this.securityConfigProperties.getAnonymousUrls().stream().filter(str -> {
            return antPathMatcher.match(str, path);
        }).findFirst().isPresent()) {
            return webFilterChain.filter(serverWebExchange);
        }
        AuthUser authUser = (AuthUser) this.authTokenManager.parseUserInfoFromRequest(serverWebExchange.getRequest(), AuthUser.class);
        if (authUser == null) {
            return Mono.error(new AccessDeniedException("check token failed"));
        }
        authUser.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("0"));
        return webFilterChain.filter(serverWebExchange).contextWrite(ReactiveSecurityContextHolder.withAuthentication(new UsernamePasswordAuthenticationToken(authUser, (Object) null, authUser.m2getAuthorities())));
    }

    public int getOrder() {
        return -1000000;
    }
}
