package foundation.cmo.opensales.graphql.security;

import foundation.cmo.opensales.graphql.security.dto.MUser;
import java.io.IOException;
import java.util.Objects;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.filter.OncePerRequestFilter;

@Configuration
/* loaded from: input_file:foundation/cmo/opensales/graphql/security/MGraphQLSecurity.class */
public class MGraphQLSecurity {
    private static final Logger log = LoggerFactory.getLogger(MGraphQLSecurity.class);
    private MGraphQLJwtService jwt;
    private final OncePerRequestFilter jwtAuthFilter = getJwtAuthFilter();
    private final OncePerRequestFilter basicAuthFilter = getBasicAuthFilter();
    private AuthenticationProvider getAuthenticationProvider = new AuthenticationProvider(this) { // from class: foundation.cmo.opensales.graphql.security.MGraphQLSecurity.3
        public boolean supports(Class<?> cls) {
            return true;
        }

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            return null;
        }
    };

    public SecurityFilterChain getSecurityFilterChain(HttpSecurity httpSecurity, MGraphQLJwtService mGraphQLJwtService) throws Exception {
        this.jwt = mGraphQLJwtService;
        return (SecurityFilterChain) httpSecurity.cors(corsConfigurer -> {
            corsConfigurer.disable();
        }).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).authenticationProvider(this.getAuthenticationProvider).addFilterBefore(this.basicAuthFilter, UsernamePasswordAuthenticationFilter.class).addFilterBefore(this.jwtAuthFilter, UsernamePasswordAuthenticationFilter.class).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.regexMatchers(HttpMethod.GET, new String[]{"/gui", "/graphql"})).permitAll();
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.regexMatchers(HttpMethod.POST, new String[]{"/graphql"})).authenticated();
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).denyAll();
        }).build();
    }

    private OncePerRequestFilter getBasicAuthFilter() {
        return new OncePerRequestFilter() { // from class: foundation.cmo.opensales.graphql.security.MGraphQLSecurity.1
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                String header = httpServletRequest.getHeader("Authorization");
                if (Objects.isNull(header) || !header.startsWith("Basic")) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                try {
                    MUser mUser = (MUser) MGraphQLSecurity.this.jwt.userFromToken(header.replace("Basic", "").trim(), MUser.class);
                    if (MGraphQLSecurity.this.jwt.isValidateUser(mUser)) {
                        SecurityContextHolder.getContext().setAuthentication(new MAuthToken(mUser));
                    }
                } catch (Exception e) {
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        };
    }

    @Bean
    MGraphQLJwtService getMGraphQLJwtService() {
        return new MGraphQLJwtService();
    }

    private OncePerRequestFilter getJwtAuthFilter() {
        return new OncePerRequestFilter(this) { // from class: foundation.cmo.opensales.graphql.security.MGraphQLSecurity.2
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                String header = httpServletRequest.getHeader("Authorization");
                if (header == null || !header.startsWith("Bearer")) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } else {
                    MGraphQLSecurity.log.info(header);
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                }
            }
        };
    }
}
