package io.github.censodev.jauthlibspringgateway;

import io.github.censodev.jauthlibcore.AuthFilterHook;
import io.github.censodev.jauthlibcore.CanAuth;
import io.github.censodev.jauthlibcore.TokenProvider;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/github/censodev/jauthlibspringgateway/SpringGatewayAuthFilter.class */
public class SpringGatewayAuthFilter<T extends CanAuth> implements GlobalFilter {
    private final TokenProvider tokenProvider;
    private final Class<T> canAuthConcreteClass;
    private final AuthFilterHook hook;

    public SpringGatewayAuthFilter(TokenProvider tokenProvider, Class<T> cls) {
        this.tokenProvider = tokenProvider;
        this.canAuthConcreteClass = cls;
        this.hook = new AuthFilterHook() { // from class: io.github.censodev.jauthlibspringgateway.SpringGatewayAuthFilter.1
            public void beforeVerify(TokenProvider tokenProvider2, String str) {
            }

            public void onPassed(CanAuth canAuth) {
            }

            public void onFailed(Exception exc) {
            }
        };
    }

    public SpringGatewayAuthFilter(TokenProvider tokenProvider, Class<T> cls, AuthFilterHook authFilterHook) {
        this.tokenProvider = tokenProvider;
        this.canAuthConcreteClass = cls;
        this.hook = authFilterHook;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
        String first = serverWebExchange.getRequest().getHeaders().getFirst(this.tokenProvider.getHeader());
        if (first == null || !first.startsWith(this.tokenProvider.getPrefix())) {
            this.hook.onFailed(new Exception("Invalid HTTP header for authentication"));
            return gatewayFilterChain.filter(serverWebExchange);
        }
        try {
            String replace = first.replace(this.tokenProvider.getPrefix(), "");
            this.hook.beforeVerify(this.tokenProvider, replace);
            this.tokenProvider.validateToken(replace);
            CanAuth credential = this.tokenProvider.getCredential(replace, this.canAuthConcreteClass);
            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(credential.principle(), credential, (List) credential.authorities().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList())));
            this.hook.onPassed(credential);
        } catch (Exception e) {
            this.hook.onFailed(e);
            SecurityContextHolder.clearContext();
        }
        return gatewayFilterChain.filter(serverWebExchange);
    }
}
