package org.shoulder.security.authentication;

import jakarta.annotation.Nullable;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Iterator;
import org.shoulder.core.dto.response.BaseResult;
import org.shoulder.core.exception.CommonErrorCodeEnum;
import org.shoulder.core.log.ShoulderLoggers;
import org.shoulder.core.util.StringUtils;
import org.shoulder.security.SecurityConst;
import org.slf4j.Logger;
import org.springframework.http.HttpStatus;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:org/shoulder/security/authentication/BeforeAuthEndpoint.class */
public class BeforeAuthEndpoint {
    private final Logger log = ShoulderLoggers.SHOULDER_SECURITY;
    private final String signInPage;
    private final RequestCache requestCache;
    private final RedirectStrategy redirectStrategy;

    public BeforeAuthEndpoint(@Nullable String str) {
        this.signInPage = str;
        if (str == null) {
            this.requestCache = null;
            this.redirectStrategy = null;
        } else {
            if (SecurityConst.URL_REQUIRE_AUTHENTICATION.equalsIgnoreCase(str)) {
                throw new IllegalArgumentException("invalid loginPage!");
            }
            this.requestCache = new HttpSessionRequestCache();
            this.redirectStrategy = new DefaultRedirectStrategy();
        }
    }

    @RequestMapping({SecurityConst.URL_REQUIRE_AUTHENTICATION})
    @ResponseStatus(code = HttpStatus.UNAUTHORIZED)
    public BaseResult requireAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.signInPage == null) {
            return new BaseResult(CommonErrorCodeEnum.AUTH_401_NEED_AUTH);
        }
        String str = (String) httpServletRequest.getAttribute(SecurityConst.AUTH_FAIL_PARAM_NAME);
        boolean z = StringUtils.isBlank(str) || "null".equalsIgnoreCase(str);
        if (returnJson(httpServletRequest, httpServletResponse)) {
            this.log.trace("json type");
            return z ? new BaseResult(CommonErrorCodeEnum.AUTH_401_NEED_AUTH) : new BaseResult(CommonErrorCodeEnum.AUTH_401_NEED_AUTH).setData(str);
        }
        this.log.trace("redirect to signInPage({})", this.signInPage);
        this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, z ? this.signInPage : this.signInPage + "?_auth_fail_reason=" + str);
        return new BaseResult(CommonErrorCodeEnum.AUTH_401_NEED_AUTH);
    }

    protected boolean returnJson(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SavedRequest request = this.requestCache.getRequest(httpServletRequest, httpServletResponse);
        if (request == null) {
            return StringUtils.containsAny(httpServletRequest.getHeader("Accept"), new CharSequence[]{"*/*", "json"});
        }
        Iterator it = request.getHeaderValues("Accept").iterator();
        while (it.hasNext()) {
            if (StringUtils.containsAny((String) it.next(), new CharSequence[]{"*/*", "json"})) {
                return true;
            }
        }
        return false;
    }
}
