package io.gitee.lglbc.easy.security.core.security;

import io.gitee.lglbc.easy.security.core.config.EasySecurityProperties;
import io.gitee.lglbc.easy.security.core.token.EasyPayload;
import io.gitee.lglbc.easy.security.core.token.TokenService;
import io.gitee.lglbc.easy.security.open.DefaultSecurityResultHandler;
import io.gitee.lglbc.easy.security.open.EasySecurityResultHandler;
import jakarta.annotation.PostConstruct;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.CollectionUtils;

@EnableConfigurationProperties({EasySecurityProperties.class})
@Configuration
@EnableMethodSecurity
/* loaded from: input_file:io/gitee/lglbc/easy/security/core/security/EasySecurityConfig.class */
public class EasySecurityConfig {

    @Autowired
    private EasySecurityProperties easySecurityProperties;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private EasySecurityResultHandler easySecurityResultHandler;

    @Autowired
    private TokenService tokenService;
    private List<RequestMatcher> requestMatchers;

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return webSecurity -> {
            webSecurity.ignoring().requestMatchers(new RequestMatcher[]{httpServletRequest -> {
                Iterator<RequestMatcher> it = this.requestMatchers.iterator();
                while (it.hasNext()) {
                    if (it.next().matches(httpServletRequest)) {
                        return true;
                    }
                }
                return false;
            }});
        };
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new String[]{"/security/captcha"})).permitAll().anyRequest()).authenticated();
        }).formLogin(formLoginConfigurer -> {
            formLoginConfigurer.permitAll();
        }).addFilterBefore(easyAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore(easyLoginFilter(), EasyLoginFilter.class).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.accessDeniedHandler((httpServletRequest, httpServletResponse, accessDeniedException) -> {
                this.easySecurityResultHandler.noPermissionHandler(httpServletRequest, httpServletResponse, accessDeniedException);
            });
            exceptionHandlingConfigurer.authenticationEntryPoint((httpServletRequest2, httpServletResponse2, authenticationException) -> {
                this.easySecurityResultHandler.noPermissionHandler(httpServletRequest2, httpServletResponse2, authenticationException);
            });
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public AuthenticationManager authenticationManager() {
        AuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(this.userDetailsService);
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        return new ProviderManager(new AuthenticationProvider[]{daoAuthenticationProvider});
    }

    @Bean
    public EasyLoginFilter easyLoginFilter() {
        EasyLoginFilter easyLoginFilter = new EasyLoginFilter();
        easyLoginFilter.setAuthenticationManager(authenticationManager());
        easyLoginFilter.setAuthenticationSuccessHandler(getSuccessHandler());
        easyLoginFilter.setAuthenticationFailureHandler(getFailureHandler());
        return easyLoginFilter;
    }

    @Bean
    public EasyAuthenticationFilter easyAuthenticationFilter() {
        return new EasyAuthenticationFilter();
    }

    protected AuthenticationFailureHandler getFailureHandler() {
        return (httpServletRequest, httpServletResponse, authenticationException) -> {
            this.easySecurityResultHandler.loginFailedHandler(httpServletRequest, httpServletResponse, authenticationException);
        };
    }

    private AuthenticationSuccessHandler getSuccessHandler() {
        return (httpServletRequest, httpServletResponse, authentication) -> {
            this.easySecurityResultHandler.loginSuccessHandler(httpServletRequest, httpServletResponse, authentication, this.tokenService.generateToken(initPayload(authentication.getName(), authentication.getAuthorities())));
        };
    }

    private EasyPayload initPayload(String str, Collection<? extends GrantedAuthority> collection) {
        EasyPayload easyPayload = new EasyPayload();
        easyPayload.setUsername(str);
        if (!CollectionUtils.isEmpty(collection)) {
            easyPayload.setAuthorities((List) collection.stream().map((v0) -> {
                return v0.getAuthority();
            }).collect(Collectors.toList()));
        }
        return easyPayload;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

    @PostConstruct
    public void init() {
        List<String> ignoreUrls = this.easySecurityProperties.getIgnoreUrls();
        if (CollectionUtils.isEmpty(ignoreUrls)) {
            ignoreUrls = new ArrayList();
        }
        ignoreUrls.add("/security/captcha");
        this.requestMatchers = new ArrayList();
        Iterator<String> it = ignoreUrls.iterator();
        while (it.hasNext()) {
            this.requestMatchers.add(new AntPathRequestMatcher(it.next(), (String) null));
        }
        if (this.easySecurityResultHandler == null) {
            this.easySecurityResultHandler = new DefaultSecurityResultHandler();
        }
    }
}
