package com.mendmix.security;

import com.mendmix.common.ThreadLocalContext;
import com.mendmix.common.exception.ForbiddenAccessException;
import com.mendmix.common.exception.UnauthorizedException;
import com.mendmix.common.model.WrapperResponse;
import com.mendmix.common.util.JsonUtils;
import com.mendmix.security.context.ReactiveRequestContextAdapter;
import com.mendmix.security.model.UserSession;
import java.net.URI;
import java.util.Arrays;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/mendmix/security/ReactiveSecurityDelegatingFilter.class */
public class ReactiveSecurityDelegatingFilter implements WebFilter {
    private static Logger logger = LoggerFactory.getLogger("com.mendmix.security");
    private static final String XML_HTTP_REQUEST = "XMLHttpRequest";
    private List<String> matchUriPrefixs;
    private String matchUriPrefix;
    private ReactiveCustomAuthnHandler customAuthnHandler;

    public ReactiveSecurityDelegatingFilter(ReactiveCustomAuthnHandler reactiveCustomAuthnHandler, String... strArr) {
        this.customAuthnHandler = reactiveCustomAuthnHandler;
        if (strArr.length > 1) {
            this.matchUriPrefixs = Arrays.asList(strArr);
        } else {
            this.matchUriPrefix = strArr[0];
        }
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        try {
            if ((this.matchUriPrefix != null && !request.getPath().value().startsWith(this.matchUriPrefix)) || (this.matchUriPrefixs != null && !this.matchUriPrefixs.stream().anyMatch(str -> {
                return request.getPath().value().startsWith(str);
            }))) {
                return webFilterChain.filter(serverWebExchange);
            }
            if (request.getMethod().equals(HttpMethod.OPTIONS)) {
                return webFilterChain.filter(serverWebExchange);
            }
            serverWebExchange.getAttributes().clear();
            ReactiveRequestContextAdapter.init(request);
            if (this.customAuthnHandler != null) {
                this.customAuthnHandler.beforeAuthentication(serverWebExchange);
            }
            ServerHttpResponse response = serverWebExchange.getResponse();
            UserSession userSession = null;
            try {
                try {
                    if (this.customAuthnHandler == null || !this.customAuthnHandler.customAuthentication(serverWebExchange)) {
                        userSession = SecurityDelegating.doAuthorization(request.getMethodValue(), request.getPath().value());
                    }
                    if (this.customAuthnHandler != null) {
                        this.customAuthnHandler.afterAuthentication(serverWebExchange, userSession);
                    }
                    return webFilterChain.filter(serverWebExchange).doFinally(signalType -> {
                        serverWebExchange.getAttributes().clear();
                    });
                } catch (ForbiddenAccessException e) {
                    if (isAjax(request) || SecurityDelegating.decisionProvider().error403Page() == null) {
                        return response.writeWith(Mono.just(response.bufferFactory().wrap(JsonUtils.toJsonBytes(WrapperResponse.fail(e)))));
                    }
                    response.getHeaders().setLocation(URI.create(SecurityDelegating.decisionProvider().error403Page()));
                    return webFilterChain.filter(serverWebExchange);
                }
            } catch (UnauthorizedException e2) {
                if (isAjax(request) || SecurityDelegating.decisionProvider().error401Page() == null) {
                    return response.writeWith(Mono.just(response.bufferFactory().wrap(JsonUtils.toJsonBytes(WrapperResponse.fail(e2)))));
                }
                response.getHeaders().setLocation(URI.create(SecurityDelegating.decisionProvider().error401Page()));
                return webFilterChain.filter(serverWebExchange);
            }
        } catch (Exception e3) {
            logger.error("_global_filter_error", e3);
            ThreadLocalContext.unset();
            serverWebExchange.getAttributes().clear();
            return serverWebExchange.getResponse().writeWith(Mono.just(serverWebExchange.getResponse().bufferFactory().wrap(JsonUtils.toJsonBytes(WrapperResponse.fail(e3)))));
        }
    }

    private static boolean isAjax(ServerHttpRequest serverHttpRequest) {
        return serverHttpRequest.getHeaders().containsKey("x-requested-with") && XML_HTTP_REQUEST.equalsIgnoreCase(serverHttpRequest.getHeaders().getFirst("x-requested-with").toString());
    }
}
