package com.alibaba.nacos.console.config;

import com.alibaba.nacos.auth.config.NacosAuthConfigHolder;
import com.alibaba.nacos.console.filter.NacosConsoleAuthFilter;
import com.alibaba.nacos.console.filter.XssFilter;
import com.alibaba.nacos.core.auth.InnerApiAuthEnabled;
import com.alibaba.nacos.core.code.ControllerMethodsCache;
import com.alibaba.nacos.core.controller.compatibility.ApiCompatibilityFilter;
import com.alibaba.nacos.core.exception.NacosApiExceptionHandler;
import com.alibaba.nacos.core.paramcheck.ParamCheckerFilter;
import java.time.ZoneId;
import javax.annotation.PostConstruct;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.jackson.Jackson2ObjectMapperBuilderCustomizer;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
/* loaded from: input_file:com/alibaba/nacos/console/config/ConsoleWebConfig.class */
public class ConsoleWebConfig {
    private final ControllerMethodsCache methodsCache;

    public ConsoleWebConfig(ControllerMethodsCache controllerMethodsCache) {
        this.methodsCache = controllerMethodsCache;
    }

    @PostConstruct
    public void init() {
        this.methodsCache.initClassMethod("com.alibaba.nacos.console.controller");
    }

    @Bean
    public CorsFilter corsFilter() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.setMaxAge(18000L);
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.addAllowedOriginPattern("*");
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }

    @Bean
    public XssFilter xssFilter() {
        return new XssFilter();
    }

    @Bean
    public FilterRegistrationBean<NacosConsoleAuthFilter> authFilterRegistration(NacosConsoleAuthFilter nacosConsoleAuthFilter) {
        FilterRegistrationBean<NacosConsoleAuthFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(nacosConsoleAuthFilter);
        filterRegistrationBean.addUrlPatterns(new String[]{"/*"});
        filterRegistrationBean.setName("consoleAuthFilter");
        filterRegistrationBean.setOrder(6);
        return filterRegistrationBean;
    }

    @Bean
    public NacosConsoleAuthFilter consoleAuthFilter(ControllerMethodsCache controllerMethodsCache) {
        return new NacosConsoleAuthFilter(NacosAuthConfigHolder.getInstance().getNacosAuthConfigByScope(NacosConsoleAuthConfig.NACOS_CONSOLE_AUTH_SCOPE), controllerMethodsCache);
    }

    @Bean
    public FilterRegistrationBean<ParamCheckerFilter> consoleParamCheckerFilterRegistration(ParamCheckerFilter paramCheckerFilter) {
        FilterRegistrationBean<ParamCheckerFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(paramCheckerFilter);
        filterRegistrationBean.addUrlPatterns(new String[]{"/*"});
        filterRegistrationBean.setName("consoleParamCheckerFilter");
        filterRegistrationBean.setOrder(8);
        return filterRegistrationBean;
    }

    @Bean
    public ParamCheckerFilter consoleParamCheckerFilter(ControllerMethodsCache controllerMethodsCache) {
        return new ParamCheckerFilter(controllerMethodsCache);
    }

    @Bean
    public ApiCompatibilityFilter consoleApiCompatibilityFilter(ControllerMethodsCache controllerMethodsCache) {
        return new ApiCompatibilityFilter(controllerMethodsCache, (InnerApiAuthEnabled) null);
    }

    @Bean
    public FilterRegistrationBean<ApiCompatibilityFilter> consoleApiCompatibilityFilterRegistration(ApiCompatibilityFilter apiCompatibilityFilter) {
        FilterRegistrationBean<ApiCompatibilityFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(apiCompatibilityFilter);
        filterRegistrationBean.addUrlPatterns(new String[]{"/v1/*", "/v2/*"});
        filterRegistrationBean.setName("consoleApiCompatibilityFilter");
        filterRegistrationBean.setOrder(5);
        return filterRegistrationBean;
    }

    @Bean
    public Jackson2ObjectMapperBuilderCustomizer jacksonObjectMapperCustomization() {
        return jackson2ObjectMapperBuilder -> {
            jackson2ObjectMapperBuilder.timeZone(ZoneId.systemDefault().toString());
        };
    }

    @ConditionalOnMissingBean
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new String[]{"/**"})).permitAll();
        });
        httpSecurity.csrf((v0) -> {
            v0.disable();
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public NacosApiExceptionHandler nacosApiExceptionHandler() {
        return new NacosApiExceptionHandler();
    }
}
