package io.jooby.handler;

import edu.umd.cs.findbugs.annotations.NonNull;
import io.jooby.Context;
import io.jooby.Route;
import io.jooby.Router;
import io.jooby.StatusCode;
import io.undertow.util.Headers;
import java.lang.invoke.SerializedLambda;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jooby/handler/CorsHandler.class */
public class CorsHandler implements Route.Filter {
    private static final String ORIGIN = "Origin";
    private static final String ANY_ORIGIN = "*";
    private static final String AC_REQUEST_METHOD = "Access-Control-Request-Method";
    private static final String AC_REQUEST_HEADERS = "Access-Control-Request-Headers";
    private static final String AC_MAX_AGE = "Access-Control-Max-Age";
    private static final String AC_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
    private static final String AC_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String AC_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private static final String AC_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    private static final String AC_ALLOW_METHODS = "Access-Control-Allow-Methods";
    private final Cors options;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CorsHandler.class);

    public CorsHandler(@NonNull Cors cors) {
        this.options = cors;
    }

    public CorsHandler() {
        this(new Cors());
    }

    @Override // io.jooby.Route.Filter
    @NonNull
    public Route.Handler apply(@NonNull Route.Handler handler) {
        return context -> {
            String valueOrNull = context.header("Origin").valueOrNull();
            if (valueOrNull != null) {
                if (!this.options.allowOrigin(valueOrNull)) {
                    log.debug("denied origin: {}", valueOrNull);
                    return context.send(StatusCode.FORBIDDEN);
                }
                log.debug("allowed origin: {}", valueOrNull);
                if (context.isPreflight()) {
                    log.debug("handling preflight for: {}", valueOrNull);
                    if (preflight(context, this.options, valueOrNull)) {
                        return context;
                    }
                    log.debug("preflight for {} {} with origin: {} failed", context.header(AC_REQUEST_METHOD), context.getRequestURL(), valueOrNull);
                    return context.send(StatusCode.FORBIDDEN);
                }
                if (handleNormalOptions(context)) {
                    return context;
                }
                log.debug("handling simple cors for: {}", valueOrNull);
                context.setResetHeadersOnError(false);
                simple(context, this.options, valueOrNull);
            }
            return handleNormalOptions(context) ? context : handler.apply(context);
        };
    }

    private boolean handleNormalOptions(Context context) {
        if (!context.getMethod().equalsIgnoreCase("OPTIONS")) {
            return false;
        }
        log.debug("handling {} for: {}", context.getMethod(), context.getRequestPath());
        context.setResponseHeader(Headers.ALLOW_STRING, (String) Router.METHODS.stream().flatMap(str -> {
            return allowMethod(context, str);
        }).collect(Collectors.joining(",")));
        context.send(StatusCode.OK);
        return true;
    }

    private Stream<String> allowMethod(Context context, String str) {
        String method = context.getMethod();
        try {
            context.setMethod(str);
            return context.getRouter().match(context).matches() ? Stream.of(str) : Stream.empty();
        } finally {
            context.setMethod(method);
        }
    }

    private static void simple(Context context, Cors cors, String str) {
        if ("null".equals(str)) {
            context.setResponseHeader(AC_ALLOW_ORIGIN, "*");
            return;
        }
        context.setResponseHeader(AC_ALLOW_ORIGIN, str);
        if (!cors.anyHeader()) {
            context.setResponseHeader(Headers.VARY_STRING, "Origin");
        }
        if (cors.getUseCredentials()) {
            context.setResponseHeader(AC_ALLOW_CREDENTIALS, (Object) true);
        }
        if (cors.getExposedHeaders().isEmpty()) {
            return;
        }
        context.setResponseHeader(AC_EXPOSE_HEADERS, (String) cors.getExposedHeaders().stream().collect(Collectors.joining()));
    }

    @Override // io.jooby.Route.Aware
    @NonNull
    public void setRoute(@NonNull Route route) {
        route.setHttpOptions(true);
    }

    private boolean preflight(Context context, Cors cors, String str) {
        Optional<String> optional = context.header(AC_REQUEST_METHOD).toOptional();
        Objects.requireNonNull(cors);
        if (!((Boolean) optional.map(cors::allowMethod).orElse(false)).booleanValue()) {
            return false;
        }
        List<String> list = (List) context.header(AC_REQUEST_HEADERS).toOptional().map(str2 -> {
            return Arrays.asList(str2.split("\\s*,\\s*"));
        }).orElse(Collections.emptyList());
        if (!cors.allowHeaders(list)) {
            return false;
        }
        context.setResponseHeader(AC_ALLOW_METHODS, (String) cors.getMethods().stream().collect(Collectors.joining(",")));
        context.setResponseHeader(AC_ALLOW_HEADERS, (String) (cors.anyHeader() ? list : cors.getHeaders()).stream().collect(Collectors.joining(",")));
        if (cors.getUseCredentials()) {
            context.setResponseHeader(AC_ALLOW_CREDENTIALS, (Object) true);
        }
        long seconds = cors.getMaxAge().getSeconds();
        if (seconds > 0) {
            context.setResponseHeader(AC_MAX_AGE, Long.valueOf(seconds));
        }
        context.setResponseHeader(AC_ALLOW_ORIGIN, str);
        if (!cors.anyOrigin()) {
            context.setResponseHeader(Headers.VARY_STRING, "Origin");
        }
        context.send(StatusCode.OK);
        return true;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -661357898:
                if (implMethodName.equals("lambda$apply$e67b40fd$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("io/jooby/Route$Handler") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lio/jooby/Context;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("io/jooby/handler/CorsHandler") && serializedLambda.getImplMethodSignature().equals("(Lio/jooby/Route$Handler;Lio/jooby/Context;)Ljava/lang/Object;")) {
                    CorsHandler corsHandler = (CorsHandler) serializedLambda.getCapturedArg(0);
                    Route.Handler handler = (Route.Handler) serializedLambda.getCapturedArg(1);
                    return context -> {
                        String valueOrNull = context.header("Origin").valueOrNull();
                        if (valueOrNull != null) {
                            if (!this.options.allowOrigin(valueOrNull)) {
                                log.debug("denied origin: {}", valueOrNull);
                                return context.send(StatusCode.FORBIDDEN);
                            }
                            log.debug("allowed origin: {}", valueOrNull);
                            if (context.isPreflight()) {
                                log.debug("handling preflight for: {}", valueOrNull);
                                if (preflight(context, this.options, valueOrNull)) {
                                    return context;
                                }
                                log.debug("preflight for {} {} with origin: {} failed", context.header(AC_REQUEST_METHOD), context.getRequestURL(), valueOrNull);
                                return context.send(StatusCode.FORBIDDEN);
                            }
                            if (handleNormalOptions(context)) {
                                return context;
                            }
                            log.debug("handling simple cors for: {}", valueOrNull);
                            context.setResetHeadersOnError(false);
                            simple(context, this.options, valueOrNull);
                        }
                        return handleNormalOptions(context) ? context : handler.apply(context);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
