package step.framework.server;

import ch.exense.commons.app.Configuration;
import jakarta.annotation.PostConstruct;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.ContainerResponseContext;
import jakarta.ws.rs.container.ContainerResponseFilter;
import jakarta.ws.rs.container.PreMatching;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;

@PreMatching
@Provider
/* loaded from: input_file:step/framework/server/CORSRequestResponseFilter.class */
public class CORSRequestResponseFilter extends AbstractServices implements ContainerRequestFilter, ContainerResponseFilter {
    private String origin;

    @PostConstruct
    public void init() throws Exception {
        this.origin = ((Configuration) getAbstractContext().require(Configuration.class)).getProperty("frontend.baseUrl", "*");
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (isPreflightRequest(containerRequestContext)) {
            containerRequestContext.abortWith(Response.ok().build());
        }
    }

    private static boolean isPreflightRequest(ContainerRequestContext containerRequestContext) {
        return containerRequestContext.getHeaderString("Origin") != null && containerRequestContext.getMethod().equalsIgnoreCase("OPTIONS");
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString("Origin");
        if (headerString == null) {
            return;
        }
        if (isPreflightRequest(containerRequestContext)) {
        }
        containerResponseContext.getHeaders().add("Access-Control-Allow-Credentials", "true");
        containerResponseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
        containerResponseContext.getHeaders().add("Access-Control-Allow-Headers", "X-Requested-With, Authorization, Accept-Version, Content-MD5, CSRF-Token, Content-Type, Cache-Control, If-Modified-Since, Pragma");
        containerResponseContext.getHeaders().add("Access-Control-Allow-Origin", headerString);
    }
}
