package io.preboot.auth.core.spring;

import io.preboot.auth.core.service.JwtTokenService;
import io.preboot.auth.core.service.SessionService;
import io.preboot.auth.core.usecase.GetUserAccountUseCase;
import java.util.List;
import java.util.stream.Stream;
import lombok.Generated;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@EnableConfigurationProperties({AuthSecurityProperties.class})
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
/* loaded from: input_file:io/preboot/auth/core/spring/AuthSecurityConfiguration.class */
public class AuthSecurityConfiguration {
    public static final String[] DEFAULT_PERMIT_ALL = {"/api/auth/login", "/api/auth/password/reset-request", "/api/auth/password/reset", "/api/auth/activation", "/api/auth/registration"};
    private final AuthSecurityProperties securityProperties;

    @ConditionalOnMissingBean
    @Bean
    public JwtAuthenticationFilter jwtAuthenticationFilter(JwtTokenService jwtTokenService, SessionService sessionService, GetUserAccountUseCase getUserAccountUseCase) {
        return new JwtAuthenticationFilter(jwtTokenService, sessionService, getUserAccountUseCase, List.of(Stream.concat(Stream.of((Object[]) DEFAULT_PERMIT_ALL), this.securityProperties.getPublicEndpoints().stream()).distinct().toArray(i -> {
            return new String[i];
        })));
    }

    @ConditionalOnMissingBean
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity, JwtAuthenticationFilter jwtAuthenticationFilter, CorsConfigurationSource corsConfigurationSource) throws Exception {
        String[] strArr = (String[]) Stream.concat(Stream.of((Object[]) DEFAULT_PERMIT_ALL), this.securityProperties.getPublicEndpoints().stream()).distinct().toArray(i -> {
            return new String[i];
        });
        return (SecurityFilterChain) httpSecurity.cors(corsConfigurer -> {
            corsConfigurer.configurationSource(corsConfigurationSource);
        }).csrf(csrfConfigurer -> {
            if (this.securityProperties.isEnableCsrf()) {
                return;
            }
            csrfConfigurer.disable();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint((httpServletRequest, httpServletResponse, authenticationException) -> {
                httpServletResponse.setStatus(401);
                httpServletResponse.getWriter().write("Unauthorized");
            }).accessDeniedHandler((httpServletRequest2, httpServletResponse2, accessDeniedException) -> {
                httpServletResponse2.setStatus(403);
                httpServletResponse2.getWriter().write("Access Denied");
            });
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(strArr)).permitAll().anyRequest()).authenticated();
        }).addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class).build();
    }

    @Bean
    @Primary
    CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addExposedHeader("Authorization");
        corsConfiguration.addExposedHeader("Content-Disposition");
        corsConfiguration.addExposedHeader("X-Forwarded-For");
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.applyPermitDefaultValues();
        corsConfiguration.setAllowedOrigins(this.securityProperties.getCorsAllowedOrigins().isEmpty() ? List.of("*") : this.securityProperties.getCorsAllowedOrigins());
        corsConfiguration.addAllowedMethod(HttpMethod.GET);
        corsConfiguration.addAllowedMethod(HttpMethod.POST);
        corsConfiguration.addAllowedMethod(HttpMethod.OPTIONS);
        corsConfiguration.addAllowedMethod(HttpMethod.DELETE);
        corsConfiguration.addAllowedMethod(HttpMethod.PUT);
        corsConfiguration.addAllowedMethod(HttpMethod.PATCH);
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }

    @Generated
    public AuthSecurityConfiguration(AuthSecurityProperties authSecurityProperties) {
        this.securityProperties = authSecurityProperties;
    }
}
