package fathom.rest.route;

import com.google.common.base.Joiner;
import com.google.common.base.Optional;
import com.google.common.base.Strings;
import fathom.rest.Context;
import fathom.utils.Util;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ro.pippo.core.route.RouteHandler;

/* loaded from: input_file:fathom-rest-0.8.1.jar:fathom/rest/route/CORSFilter.class */
public class CORSFilter implements RouteHandler<Context> {
    public static final String HEADER_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    public static final String HEADER_ALLOW_METHODS = "Access-Control-Allow-Methods";
    public static final String HEADER_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    public static final String HEADER_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
    public static final String HEADER_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    public static final String HEADER_MAX_AGE = "Access-Control-Max-Age";
    public static final String HEADER_ORIGIN = "Origin";
    public static final String HEADER_REQUEST_METHOD = "Access-Control-Request-Method";
    public static final String HEADER_REQUEST_HEADERS = "Access-Control-Request-Headers";
    protected String allowOrigin;
    protected String allowMethods;
    protected String allowHeaders;
    protected Integer maxAge;
    protected String exposeHeaders;
    protected Boolean allowCredentials;
    private final Logger log = LoggerFactory.getLogger((Class<?>) CORSFilter.class);
    protected Set<String> allowOriginSet = new HashSet();
    protected Set<String> allowMethodsSet = new HashSet();
    protected Set<String> allowHeadersSet = new HashSet();
    protected Set<String> exposeHeadersSet = new HashSet();
    protected int corsErrorStatus = 200;

    public void setAllowOrigin(String... strArr) {
        this.allowOriginSet.clear();
        this.allowOriginSet.addAll(Arrays.asList(strArr));
        this.allowOrigin = Joiner.on(",").join(strArr);
    }

    public void setAllowMethods(String... strArr) {
        this.allowMethodsSet.clear();
        for (String str : strArr) {
            this.allowMethodsSet.add(str.toUpperCase());
        }
        this.allowMethods = Joiner.on(",").join(this.allowMethodsSet);
    }

    public void setAllowHeaders(String... strArr) {
        this.allowHeadersSet.clear();
        for (String str : strArr) {
            this.allowHeadersSet.add(str.toLowerCase());
        }
        this.allowHeaders = Joiner.on(",").join(strArr);
    }

    public void setExposeHeaders(String... strArr) {
        this.exposeHeadersSet.addAll(Arrays.asList(strArr));
        this.exposeHeaders = Joiner.on(",").join(strArr);
    }

    public void setAllowCredentials(boolean z) {
        this.allowCredentials = Boolean.valueOf(z);
    }

    public void setPreflightMaxAge(int i) {
        this.maxAge = Integer.valueOf(i);
    }

    public void setCorsErrorStatus(int i) {
        this.corsErrorStatus = i;
    }

    @Override // ro.pippo.core.route.RouteHandler
    public void handle(Context context) {
        String emptyToNull = Strings.emptyToNull(context.getHeader("Origin"));
        String emptyToNull2 = Strings.emptyToNull(context.getHeader("Access-Control-Request-Method"));
        if (!"OPTIONS".equals(context.getRequestMethod()) || emptyToNull2 == null) {
            if (!isValidRequest(context, emptyToNull, context.getRequestMethod(), null)) {
                context.status(this.corsErrorStatus).getResponse().commit();
                return;
            }
            setHeader(context, "Access-Control-Allow-Origin", Optional.fromNullable(emptyToNull).or((Optional) this.allowOrigin));
            setHeader(context, "Access-Control-Allow-Credentials", this.allowCredentials);
            setHeader(context, "Access-Control-Expose-Headers", this.exposeHeaders);
            context.next();
            return;
        }
        Set<String> set = null;
        String emptyToNull3 = Strings.emptyToNull(context.getHeader("Access-Control-Request-Headers"));
        if (emptyToNull3 != null) {
            set = Util.splitToSet(emptyToNull3.toLowerCase(), ",");
            set.remove("accept");
            set.remove("accept-language");
            set.remove("content-language");
            set.remove("content-type");
        }
        if (!isValidRequest(context, emptyToNull, emptyToNull2, set)) {
            context.status(this.corsErrorStatus).getResponse().commit();
            return;
        }
        setHeader(context, "Access-Control-Allow-Origin", Optional.fromNullable(emptyToNull).or((Optional) this.allowOrigin));
        setHeader(context, "Access-Control-Allow-Methods", this.allowMethods);
        setHeader(context, "Access-Control-Allow-Headers", this.allowHeaders);
        setHeader(context, "Access-Control-Allow-Credentials", this.allowCredentials);
        setHeader(context, "Access-Control-Max-Age", this.maxAge);
        context.status(200).getResponse().commit();
    }

    protected void setHeader(Context context, String str, Object obj) {
        if (obj != null) {
            context.setHeader(str, (String) obj);
        }
    }

    protected boolean isValidRequest(Context context, String str, String str2, Set<String> set) {
        if (!"*".equals(this.allowOrigin) && str != null && !this.allowOriginSet.contains(str)) {
            this.log.debug("Prohibited origin {} for {} {}", str, str2, context.getRequestUri());
            return false;
        }
        if (str2 != null && !this.allowMethodsSet.contains(str2)) {
            this.log.debug("Prohibited request method {} for {}", str2, context.getRequestUri());
            return false;
        }
        if (set == null || this.allowHeadersSet.containsAll(set)) {
            return true;
        }
        this.log.debug("Unexpected request headers {} for {}", set.toString(), context.getRequestUri());
        return false;
    }
}
