package biz.devstack.springframework.boot.config.security;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Component
@Order(Integer.MIN_VALUE)
/* loaded from: input_file:biz/devstack/springframework/boot/config/security/CorsConfig.class */
public class CorsConfig implements Filter {

    @Value("${app.cors.allowedOrigins:http://localhost:3000}")
    protected List<String> allowedOrigins;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Origin");
        if (header == null || !isAllowedOrigin(header)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, Authorization, Origin");
        httpServletResponse.setHeader("Access-Control-Expose-Headers", "X-Api-Version");
        if (httpServletRequest.getMethod() == null || !httpServletRequest.getMethod().equalsIgnoreCase("OPTIONS")) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            httpServletResponse.setStatus(200);
        }
    }

    private boolean isAllowedOrigin(String str) {
        Iterator<String> it = this.allowedOrigins.iterator();
        while (it.hasNext()) {
            if (str.equals(it.next())) {
                return true;
            }
        }
        return false;
    }
}
