package cool.scx.http.routing.handler;

import cool.scx.http.HttpFieldName;
import cool.scx.http.HttpMethod;
import cool.scx.http.ScxHttpHeaderName;
import cool.scx.http.ScxHttpHeaders;
import cool.scx.http.ScxHttpMethod;
import cool.scx.http.ScxHttpServerRequest;
import cool.scx.http.ScxHttpServerResponse;
import cool.scx.http.exception.ForbiddenException;
import cool.scx.http.routing.RoutingContext;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;

/* loaded from: input_file:cool/scx/http/routing/handler/CorsHandler.class */
public class CorsHandler implements Consumer<RoutingContext> {
    private final Set<String> allowedMethods = new LinkedHashSet();
    private final Set<String> allowedHeaders = new LinkedHashSet();
    private final Set<String> exposedHeaders = new LinkedHashSet();
    private Set<String> origins = null;
    private String allowedMethodsString;
    private String allowedHeadersString;
    private String exposedHeadersString;
    private boolean allowCredentials;
    private String maxAgeSeconds;

    private boolean starOrigin() {
        return this.origins == null;
    }

    public CorsHandler addOrigin(String str) {
        Objects.requireNonNull(str, "'origin' cannot be null");
        if (str.equals("*")) {
            this.origins = null;
            return this;
        }
        if (this.origins == null) {
            this.origins = new LinkedHashSet();
        }
        this.origins.add(str);
        return this;
    }

    public CorsHandler allowedMethod(String... strArr) {
        Collections.addAll(this.allowedMethods, strArr);
        this.allowedMethodsString = String.join(",", this.allowedMethods);
        return this;
    }

    public CorsHandler allowedHeader(String... strArr) {
        Collections.addAll(this.allowedHeaders, strArr);
        this.allowedHeadersString = String.join(",", this.allowedHeaders);
        return this;
    }

    public CorsHandler exposedHeader(String... strArr) {
        Collections.addAll(this.exposedHeaders, strArr);
        this.exposedHeadersString = String.join(",", this.exposedHeaders);
        return this;
    }

    public CorsHandler allowedMethod(ScxHttpMethod... scxHttpMethodArr) {
        return allowedMethod((String[]) Arrays.stream(scxHttpMethodArr).map((v0) -> {
            return v0.value();
        }).toArray(i -> {
            return new String[i];
        }));
    }

    public CorsHandler allowedHeader(ScxHttpHeaderName... scxHttpHeaderNameArr) {
        return allowedHeader((String[]) Arrays.stream(scxHttpHeaderNameArr).map((v0) -> {
            return v0.value();
        }).toArray(i -> {
            return new String[i];
        }));
    }

    public CorsHandler exposedHeader(ScxHttpHeaderName... scxHttpHeaderNameArr) {
        return allowedHeader((String[]) Arrays.stream(scxHttpHeaderNameArr).map((v0) -> {
            return v0.value();
        }).toArray(i -> {
            return new String[i];
        }));
    }

    public CorsHandler allowCredentials(boolean z) {
        this.allowCredentials = z;
        return this;
    }

    public CorsHandler maxAgeSeconds(int i) {
        this.maxAgeSeconds = i == -1 ? null : String.valueOf(i);
        return this;
    }

    @Override // java.util.function.Consumer
    public void accept(RoutingContext routingContext) {
        ScxHttpServerRequest request = routingContext.request();
        ScxHttpServerResponse response = routingContext.response();
        String header = routingContext.request().getHeader(HttpFieldName.ORIGIN);
        if (header == null) {
            routingContext.next();
            return;
        }
        if (!isValidOrigin(header)) {
            throw new ForbiddenException("CORS Rejected - Invalid origin");
        }
        String str = request.headers().get((ScxHttpHeaders) HttpFieldName.ACCESS_CONTROL_REQUEST_METHOD);
        if (request.method() != HttpMethod.OPTIONS || str == null) {
            addCredentialsAndOriginHeader(response, header);
            if (this.exposedHeadersString != null) {
                response.setHeader(HttpFieldName.ACCESS_CONTROL_EXPOSE_HEADERS, this.exposedHeadersString);
            }
            routingContext.next();
            return;
        }
        addCredentialsAndOriginHeader(response, header);
        if (this.allowedMethodsString != null) {
            response.setHeader(HttpFieldName.ACCESS_CONTROL_ALLOW_METHODS, this.allowedMethodsString);
        }
        if (this.allowedHeadersString != null) {
            response.setHeader(HttpFieldName.ACCESS_CONTROL_ALLOW_HEADERS, this.allowedHeadersString);
        } else if (request.headers().contains((ScxHttpHeaders) HttpFieldName.ACCESS_CONTROL_REQUEST_HEADERS)) {
            response.setHeader(HttpFieldName.ACCESS_CONTROL_ALLOW_HEADERS, request.getHeader(HttpFieldName.ACCESS_CONTROL_REQUEST_HEADERS));
        }
        if (this.maxAgeSeconds != null) {
            response.setHeader(HttpFieldName.ACCESS_CONTROL_MAX_AGE, this.maxAgeSeconds);
        }
        response.status(204).send();
    }

    private void addCredentialsAndOriginHeader(ScxHttpServerResponse scxHttpServerResponse, String str) {
        if (!this.allowCredentials) {
            scxHttpServerResponse.setHeader(HttpFieldName.ACCESS_CONTROL_ALLOW_ORIGIN, getAllowedOrigin(str));
        } else {
            scxHttpServerResponse.setHeader(HttpFieldName.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            scxHttpServerResponse.setHeader(HttpFieldName.ACCESS_CONTROL_ALLOW_ORIGIN, str);
        }
    }

    private boolean isValidOrigin(String str) {
        if (starOrigin()) {
            return true;
        }
        Iterator<String> it = this.origins.iterator();
        while (it.hasNext()) {
            if (it.next().equals(str)) {
                return true;
            }
        }
        return false;
    }

    private String getAllowedOrigin(String str) {
        return starOrigin() ? "*" : str;
    }
}
