package io.github.lishangbu.avalon.security.autoconfiguration;

import io.github.lishangbu.avalon.security.filter.AuthTokenFilter;
import io.github.lishangbu.avalon.security.properties.SecurityProperties;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@AutoConfiguration
@EnableWebSecurity
@EnableMethodSecurity
/* loaded from: input_file:io/github/lishangbu/avalon/security/autoconfiguration/WebSecurityAutoConfiguration.class */
public class WebSecurityAutoConfiguration {
    private final AuthTokenFilter authTokenFilter;
    private final SecurityProperties securityProperties;
    private final AuthenticationProvider authenticationProvider;

    public WebSecurityAutoConfiguration(AuthTokenFilter authTokenFilter, SecurityProperties securityProperties, AuthenticationProvider authenticationProvider) {
        this.authTokenFilter = authTokenFilter;
        this.securityProperties = securityProperties;
        this.authenticationProvider = authenticationProvider;
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        });
        httpSecurity.authenticationProvider(this.authenticationProvider);
        for (String str : this.securityProperties.getIgnoreUrls()) {
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new String[]{str})).permitAll();
            });
        }
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry2 -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry2.anyRequest()).authenticated();
        });
        httpSecurity.addFilterBefore(this.authTokenFilter, UsernamePasswordAuthenticationFilter.class);
        return (SecurityFilterChain) httpSecurity.build();
    }
}
