package io.soffa.spring.beans;

import io.soffa.commons.exceptions.UnauthorizedException;
import io.soffa.commons.jwt.JwtDecoder;
import io.soffa.commons.lang.TextUtil;
import io.soffa.commons.logging.Logger;
import io.soffa.service.context.GrantedRole;
import io.soffa.service.context.TenantContext;
import io.soffa.service.core.model.Authentication;
import io.soffa.service.core.model.TenantId;
import io.soffa.service.model.DefaultRequestContext;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:io/soffa/spring/beans/RequestFilter.class */
public class RequestFilter extends OncePerRequestFilter {
    private final Logger logger = Logger.create((Class<?>) RequestFilter.class);
    private JwtDecoder jwtDecoder;

    public RequestFilter(@Autowired(required = false) JwtDecoder jwtDecoder) {
        this.jwtDecoder = jwtDecoder;
    }

    protected void doFilterInternal(@NotNull HttpServletRequest httpServletRequest, @NotNull HttpServletResponse httpServletResponse, @NotNull FilterChain filterChain) throws ServletException, IOException {
        DefaultRequestContext defaultRequestContext = new DefaultRequestContext();
        lookupHeader(httpServletRequest, "X-TenantId", "X-Tenant").ifPresent(str -> {
            this.logger.debug("Tenant found in context", str);
            defaultRequestContext.setTenantId(new TenantId(str));
        });
        Optional<String> lookupHeader = lookupHeader(httpServletRequest, "X-ApplicationName", "X-ApplicationId", "X-Application", "X-App");
        Objects.requireNonNull(defaultRequestContext);
        lookupHeader.ifPresent(defaultRequestContext::setApplicationName);
        Optional<String> lookupHeader2 = lookupHeader(httpServletRequest, "X-TraceId", "X-CorrelationId");
        Objects.requireNonNull(defaultRequestContext);
        lookupHeader2.ifPresent(defaultRequestContext::setTraceId);
        Optional<String> lookupHeader3 = lookupHeader(httpServletRequest, "X-SpanId");
        Objects.requireNonNull(defaultRequestContext);
        lookupHeader3.ifPresent(defaultRequestContext::setSpanId);
        Optional<String> lookupHeader4 = lookupHeader(httpServletRequest, "X-RequestId");
        Objects.requireNonNull(defaultRequestContext);
        lookupHeader4.ifPresent(defaultRequestContext::setRequestId);
        SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("guest", defaultRequestContext, Collections.singletonList(new SimpleGrantedAuthority("guest"))));
        if (this.jwtDecoder != null) {
            lookupHeader(httpServletRequest, "Authorization", "X-JWT-Assertion").ifPresent(str2 -> {
                String trim = str2.substring("bearer ".length()).trim();
                this.logger.debug("Bearer authorization header found: {}", trim);
                Optional<Authentication> decode = this.jwtDecoder.decode(trim);
                if (!decode.isPresent()) {
                    throw new UnauthorizedException("jwt.invalid", new Object[0]);
                }
                ArrayList arrayList = new ArrayList();
                if (TextUtil.isNotEmpty(defaultRequestContext.getApplicationName())) {
                    arrayList.add(new SimpleGrantedAuthority(GrantedRole.HAS_APPLICATION));
                }
                if (defaultRequestContext.getTenantId() != null) {
                    arrayList.add(new SimpleGrantedAuthority(GrantedRole.HAS_TENANT_ID));
                }
                defaultRequestContext.setAuthentication(decode.get());
                SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(defaultRequestContext, (Object) null, arrayList));
            });
        }
        if (defaultRequestContext.getTenantId() != null) {
            TenantContext.set(defaultRequestContext.getTenantId().getValue());
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected boolean shouldNotFilter(HttpServletRequest httpServletRequest) {
        if ("OPTIONS".equalsIgnoreCase(httpServletRequest.getMethod())) {
            return true;
        }
        String replace = ("/" + httpServletRequest.getRequestURI().split("\\?")[0].replaceAll("^/|/$", "".toLowerCase())).replace(httpServletRequest.getContextPath(), "");
        if (!replace.startsWith("/")) {
            replace = "/";
        }
        if (replace.matches(".*\\.(css|js|ts|html|htm|map|g?zip|gz|ico|png|gif|svg|woff|ttf|eot|jpe?g2?)$")) {
            return true;
        }
        if (replace.matches("/swagger.*") || replace.matches("/v3/api-docs/?.*?")) {
            return true;
        }
        return replace.matches("/actuator/.*|/healthz");
    }

    private Optional<String> lookupHeader(HttpServletRequest httpServletRequest, String... strArr) {
        for (String str : strArr) {
            String header = httpServletRequest.getHeader(str);
            if (header != null && !header.isEmpty()) {
                return Optional.of(header.trim());
            }
        }
        return Optional.empty();
    }

    public RequestFilter() {
    }
}
