package ee.datel.dogis.security;

import ee.datel.dogis.utils.CommonUtils;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Set;
import org.owasp.encoder.Encode;
import org.slf4j.LoggerFactory;
import org.springframework.core.Ordered;
import org.springframework.http.HttpMethod;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
/* loaded from: input_file:ee/datel/dogis/security/CorsResponseFilter.class */
public class CorsResponseFilter extends OncePerRequestFilter implements Ordered {
    private int order = Integer.MIN_VALUE;
    private static final String METHODSLIST = "GET, POST, OPTIONS, PUT, DELETE";
    private static final Set<String> METHODS = Set.of((Object[]) CommonUtils.split(METHODSLIST, ','));

    public int getOrder() {
        return this.order;
    }

    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        LoggerFactory.getLogger(CorsResponseFilter.class).info("Cors Response Filter initiated");
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!METHODS.contains(httpServletRequest.getMethod())) {
            httpServletResponse.sendError(405);
            return;
        }
        String header = httpServletRequest.getHeader("Origin");
        if (header != null) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", Encode.forHtmlContent(header));
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
            httpServletResponse.setHeader("Vary", "Origin");
            if (HttpMethod.OPTIONS.name().equals(httpServletRequest.getMethod())) {
                if (httpServletRequest.getHeader("Access-Control-Request-Headers") != null) {
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", Encode.forHtmlContent(httpServletRequest.getHeader("Access-Control-Request-Headers")));
                }
                if (httpServletRequest.getHeader("Access-Control-Request-Method") != null) {
                    httpServletResponse.setHeader("Access-Control-Allow-Methods", METHODSLIST);
                }
                httpServletResponse.setHeader("Access-Control-Max-Age", "86400");
                httpServletResponse.setStatus(200);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
