package com.github.rexsheng.springboot.faster.system.auth.adapter;

import com.github.rexsheng.springboot.faster.system.auth.application.AuthService;
import com.github.rexsheng.springboot.faster.system.auth.application.security.HttpHeaderAuthorizationConfigurer;
import com.github.rexsheng.springboot.faster.system.auth.application.security.IgnoredUrlsProperties;
import com.github.rexsheng.springboot.faster.system.auth.application.security.MultiLoginParamAuthenticationProvider;
import com.github.rexsheng.springboot.faster.system.auth.application.security.RequestHeaderTokenConverter;
import com.github.rexsheng.springboot.faster.system.auth.application.security.RestHttpAccessDeniedHandler;
import com.github.rexsheng.springboot.faster.system.auth.application.security.RestHttpAuthenticationDetailsSource;
import com.github.rexsheng.springboot.faster.system.auth.application.security.RestHttpAuthenticationEntryPoint;
import com.github.rexsheng.springboot.faster.system.auth.application.security.RestHttpAuthenticationFailureHandler;
import com.github.rexsheng.springboot.faster.system.auth.application.security.RestHttpAuthenticationSuccessHandler;
import com.github.rexsheng.springboot.faster.system.auth.application.security.RestHttpLogoutHandler;
import com.github.rexsheng.springboot.faster.system.auth.application.security.RestHttpLogoutSuccessHandler;
import com.github.rexsheng.springboot.faster.system.auth.application.security.TokenExpireProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

@EnableConfigurationProperties({TokenExpireProperties.class})
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
/* loaded from: input_file:com/github/rexsheng/springboot/faster/system/auth/adapter/SecurityConfig.class */
public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity, IgnoredUrlsProperties ignoredUrlsProperties, AuthService authService, RequestMappingHandlerMapping requestMappingHandlerMapping) throws Exception {
        RequestMatcher urlRequestMatcher = ignoredUrlsProperties.getUrlRequestMatcher();
        RestHttpAuthenticationDetailsSource restHttpAuthenticationDetailsSource = new RestHttpAuthenticationDetailsSource();
        RequestHeaderTokenConverter requestHeaderTokenConverter = new RequestHeaderTokenConverter();
        httpSecurity.csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new RequestMatcher[]{urlRequestMatcher})).permitAll().anyRequest()).authenticated();
        }).httpBasic(Customizer.withDefaults()).securityMatcher(HttpHeaderAuthorizationConfigurer.customizerRequestMatcher(requestMappingHandlerMapping)).with(HttpHeaderAuthorizationConfigurer.instance(), httpHeaderAuthorizationConfigurer -> {
            httpHeaderAuthorizationConfigurer.authenticationDetailsSource(restHttpAuthenticationDetailsSource).requestHeaderTokenConverter(requestHeaderTokenConverter).ignoreUrls(urlRequestMatcher).enableRefreshToken();
        }).formLogin(formLoginConfigurer -> {
            formLoginConfigurer.loginProcessingUrl("/token").usernameParameter("username").passwordParameter("password").successHandler(new RestHttpAuthenticationSuccessHandler()).failureHandler(new RestHttpAuthenticationFailureHandler()).authenticationDetailsSource(restHttpAuthenticationDetailsSource);
        }).logout(logoutConfigurer -> {
            logoutConfigurer.logoutRequestMatcher(new AntPathRequestMatcher("/logout", HttpMethod.POST.name())).logoutSuccessHandler(new RestHttpLogoutSuccessHandler()).addLogoutHandler(new RestHttpLogoutHandler(authService, requestHeaderTokenConverter));
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new RestHttpAuthenticationEntryPoint()).accessDeniedHandler(new RestHttpAccessDeniedHandler());
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthService authService) {
        ProviderManager providerManager = new ProviderManager(new AuthenticationProvider[]{new MultiLoginParamAuthenticationProvider(authService)});
        providerManager.setEraseCredentialsAfterAuthentication(true);
        return providerManager;
    }
}
