package com.blade.security.web.auth;

import com.blade.kit.StringKit;
import com.blade.mvc.RouteContext;
import com.blade.mvc.hook.WebHook;
import com.blade.server.netty.HttpConst;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/blade/security/web/auth/BasicAuthMiddleware.class */
public class BasicAuthMiddleware implements WebHook {
    private static final Logger log = LoggerFactory.getLogger(BasicAuthMiddleware.class);
    private String realm;
    private List<AuthPair> authPairs = new ArrayList();
    private Set<String> urlStartExclusions;

    public BasicAuthMiddleware(AuthOption authOption) {
        this.urlStartExclusions = authOption.getUrlStartExclusions();
        this.realm = "Basic realm=\"" + authOption.getRealm() + "\"";
        authOption.getAccounts().forEach((str, str2) -> {
            this.authPairs.add(new AuthPair(str, authorizationHeader(str, str2)));
        });
    }

    private String authorizationHeader(String str, String str2) {
        return "Basic " + Base64.getEncoder().encodeToString((str + ":" + str2).getBytes(StandardCharsets.UTF_8));
    }

    private String searchCredential(String str) {
        if (StringKit.isEmpty(str)) {
            return null;
        }
        return (String) this.authPairs.stream().filter(authPair -> {
            return authPair.getValue().equals(str);
        }).map((v0) -> {
            return v0.getUser();
        }).findFirst().orElse(null);
    }

    @Override // com.blade.mvc.hook.WebHook
    public boolean before(RouteContext routeContext) {
        boolean z = false;
        for (String str : this.urlStartExclusions) {
            if (HttpConst.SLASH.equals(str) || routeContext.uri().startsWith(str)) {
                z = true;
                break;
            }
        }
        if (!z || null != searchCredential(routeContext.header("Authorization"))) {
            return true;
        }
        routeContext.header("WWW-Authenticate", this.realm).status(401);
        return false;
    }
}
