package tech.corefinance.common.config;

import java.util.List;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import tech.corefinance.common.entity_author.AnonymousUrlAccess;
import tech.corefinance.common.filter.SessionAuthenticationFilter;
import tech.corefinance.common.repository.AnonymousUrlAccessRepository;

@Configuration
/* loaded from: input_file:tech/corefinance/common/config/WebSecurityConfig.class */
public class WebSecurityConfig {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(WebSecurityConfig.class);

    @Autowired
    private ServiceSecurityConfig serviceSecurityConfig;

    @Autowired(required = false)
    private AnonymousUrlAccessRepository anonymousUrlAccessRepository;

    @Autowired(required = false)
    private UrlBasedCorsConfiguration urlBasedCorsConfiguration;

    @ConditionalOnProperty(prefix = "tech.corefinance.security", name = {"public-key"})
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity, SessionAuthenticationFilter sessionAuthenticationFilter) throws Exception {
        httpSecurity.csrf((v0) -> {
            v0.disable();
        }).cors(corsConfigurer -> {
            corsConfigurer.configurationSource(corsConfigurationSource());
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            this.serviceSecurityConfig.getNoAuthenUrls().forEach(str -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new String[]{str})).permitAll();
            });
        });
        if (this.anonymousUrlAccessRepository != null) {
            List findAll = this.anonymousUrlAccessRepository.findAll();
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry2 -> {
                findAll.forEach(anonymousUrlAccess -> {
                    registerPermitAllAccess(authorizationManagerRequestMatcherRegistry2, anonymousUrlAccess);
                });
            }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry3 -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry3.anyRequest()).authenticated();
            }).addFilterBefore(sessionAuthenticationFilter, AnonymousAuthenticationFilter.class);
        } else {
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry4 -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry4.anyRequest()).permitAll();
            });
        }
        return (SecurityFilterChain) httpSecurity.sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).build();
    }

    private void registerPermitAllAccess(AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry authorizationManagerRequestMatcherRegistry, AnonymousUrlAccess anonymousUrlAccess) {
        HttpMethod httpMethod = null;
        RequestMethod requestMethod = anonymousUrlAccess.getRequestMethod();
        if (requestMethod != null) {
            httpMethod = requestMethod.asHttpMethod();
        }
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(httpMethod, new String[]{anonymousUrlAccess.getUrl()})).permitAll();
    }

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        if (this.urlBasedCorsConfiguration != null) {
            this.urlBasedCorsConfiguration.getCorsConfigurations().forEach(urlPatternCorsConfiguration -> {
                log.debug("CORS Configuration for [{}] is [AllowedOrigins={},AllowedHeaders={}, AllowedMethods={}]", new Object[]{urlPatternCorsConfiguration.getUrlPattern(), urlPatternCorsConfiguration.getAllowedOrigins(), urlPatternCorsConfiguration.getAllowedHeaders(), urlPatternCorsConfiguration.getAllowedMethods()});
                urlBasedCorsConfigurationSource.registerCorsConfiguration(urlPatternCorsConfiguration.getUrlPattern(), urlPatternCorsConfiguration);
            });
        }
        return urlBasedCorsConfigurationSource;
    }
}
