package net.croz.nrich.security.csrf.webflux.filter;

import java.beans.ConstructorProperties;
import java.util.List;
import lombok.Generated;
import net.croz.nrich.security.csrf.api.service.CsrfTokenManagerService;
import net.croz.nrich.security.csrf.core.constants.CsrfConstants;
import net.croz.nrich.security.csrf.core.exception.CsrfTokenException;
import net.croz.nrich.security.csrf.core.model.CsrfExcludeConfig;
import net.croz.nrich.security.csrf.core.util.CsrfUriUtil;
import net.croz.nrich.security.csrf.webflux.holder.WebFluxCsrfTokenKeyHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import org.springframework.web.server.WebSession;
import reactor.core.publisher.Mono;

/* loaded from: input_file:net/croz/nrich/security/csrf/webflux/filter/CsrfWebFilter.class */
public class CsrfWebFilter implements WebFilter {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CsrfWebFilter.class);
    private final CsrfTokenManagerService csrfTokenManagerService;
    private final String tokenKeyName;
    private final String initialTokenUrl;
    private final String csrfPingUrl;
    private final List<CsrfExcludeConfig> csrfExcludeConfigList;

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        log.debug("csrfFilter.filter()");
        String value = serverWebExchange.getRequest().getPath().pathWithinApplication().value();
        Mono<Void> filter = webFilterChain.filter(serverWebExchange);
        if (CsrfConstants.EMPTY_PATH.equals(value)) {
            return filter;
        }
        String uri = uri(serverWebExchange);
        return serverWebExchange.getSession().switchIfEmpty(Mono.defer(() -> {
            return returnErrorIfCsrfProtectedUri(uri);
        })).flatMap(webSession -> {
            Mono mono = filter;
            if (CsrfUriUtil.excludeUri(this.csrfExcludeConfigList, uri)) {
                updateLastApiCallAttribute(webSession);
            } else if (uri.endsWith(this.csrfPingUrl)) {
                mono = handleCsrfPingUrl(serverWebExchange, webSession).flatMap(r3 -> {
                    return filter;
                });
            } else {
                this.csrfTokenManagerService.validateAndRefreshToken(new WebFluxCsrfTokenKeyHolder(serverWebExchange, webSession, this.tokenKeyName, CsrfConstants.CSRF_CRYPTO_KEY_NAME));
                updateLastApiCallAttribute(webSession);
            }
            return mono.doOnSuccess(r7 -> {
                addInitialToken(serverWebExchange, webSession);
            });
        });
    }

    private void addInitialToken(ServerWebExchange serverWebExchange, WebSession webSession) {
        if (uri(serverWebExchange).endsWith(this.initialTokenUrl)) {
            serverWebExchange.getAttributes().put(CsrfConstants.CSRF_INITIAL_TOKEN_ATTRIBUTE_NAME, this.csrfTokenManagerService.generateToken(new WebFluxCsrfTokenKeyHolder(serverWebExchange, webSession, this.tokenKeyName, CsrfConstants.CSRF_CRYPTO_KEY_NAME)));
            updateLastApiCallAttribute(webSession);
        }
    }

    private Mono<Void> handleCsrfPingUrl(ServerWebExchange serverWebExchange, WebSession webSession) {
        Long l = (Long) webSession.getAttribute(CsrfConstants.NRICH_LAST_REAL_API_REQUEST_MILLIS);
        log.debug("    lastRealApiRequestMillis: {}", l);
        if (l != null) {
            long currentTimeMillis = System.currentTimeMillis() - l.longValue();
            log.debug("    deltaMillis: {}", Long.valueOf(currentTimeMillis));
            long millis = webSession.getMaxIdleTime().toMillis();
            log.debug("    maxInactiveIntervalMillis: {}", Long.valueOf(millis));
            if (millis > 0 && currentTimeMillis > millis) {
                return webSession.invalidate().doOnSuccess(r9 -> {
                    log.debug("    sessionJustInvalidated");
                    serverWebExchange.getResponse().getHeaders().add(CsrfConstants.CSRF_PING_STOP_HEADER_NAME, "stopPing");
                    log.debug("    sending csrf stop ping header in response");
                    updateLastActiveRequestMillis(serverWebExchange, currentTimeMillis);
                });
            }
        }
        updateLastActiveRequestMillis(serverWebExchange, 0L);
        return Mono.fromRunnable(() -> {
            this.csrfTokenManagerService.validateAndRefreshToken(new WebFluxCsrfTokenKeyHolder(serverWebExchange, webSession, this.tokenKeyName, CsrfConstants.CSRF_CRYPTO_KEY_NAME));
        });
    }

    private void updateLastApiCallAttribute(WebSession webSession) {
        webSession.getAttributes().put(CsrfConstants.NRICH_LAST_REAL_API_REQUEST_MILLIS, Long.valueOf(System.currentTimeMillis()));
    }

    private String uri(ServerWebExchange serverWebExchange) {
        return serverWebExchange.getRequest().getURI().toString();
    }

    private void updateLastActiveRequestMillis(ServerWebExchange serverWebExchange, long j) {
        serverWebExchange.getResponse().getHeaders().add(CsrfConstants.CSRF_AFTER_LAST_ACTIVE_REQUEST_MILLIS_HEADER_NAME, Long.toString(j));
    }

    private Mono<WebSession> returnErrorIfCsrfProtectedUri(String str) {
        return (CsrfUriUtil.excludeUri(this.csrfExcludeConfigList, str) || str.endsWith(this.csrfPingUrl)) ? Mono.empty() : Mono.error(new CsrfTokenException("Can't validate token. There is no session."));
    }

    @Generated
    @ConstructorProperties({"csrfTokenManagerService", "tokenKeyName", "initialTokenUrl", "csrfPingUrl", "csrfExcludeConfigList"})
    public CsrfWebFilter(CsrfTokenManagerService csrfTokenManagerService, String str, String str2, String str3, List<CsrfExcludeConfig> list) {
        this.csrfTokenManagerService = csrfTokenManagerService;
        this.tokenKeyName = str;
        this.initialTokenUrl = str2;
        this.csrfPingUrl = str3;
        this.csrfExcludeConfigList = list;
    }
}
