package enkan.middleware;

import enkan.MiddlewareChain;
import enkan.annotation.Middleware;
import enkan.collection.Headers;
import enkan.data.HttpRequest;
import enkan.data.HttpResponse;
import enkan.util.BeanBuilder;
import enkan.util.HttpResponseUtils;
import enkan.util.ThreadingUtils;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;

@Middleware(name = "cors")
/* loaded from: input_file:enkan/middleware/CorsMiddleware.class */
public class CorsMiddleware<NRES> extends AbstractWebMiddleware<HttpRequest, NRES> {
    private Set<String> methods = new HashSet(Arrays.asList("GET", "POST", "DELETE", "PUT", "PATCH", "HEAD", "OPTIONS"));
    private Set<String> origins = new HashSet(Collections.singletonList("*"));
    private Set<String> headers = new HashSet(Arrays.asList("Origin", "Accept", "X-Requested-With", "Content-Type", "Access-Control-Request-Method", "Access-Control-Request-Headers"));
    private Long maxage = 1800L;
    private boolean credentials = true;

    /* JADX WARN: Multi-variable type inference failed */
    public HttpResponse handle(HttpRequest httpRequest, MiddlewareChain<HttpRequest, NRES, ?, ?> middlewareChain) {
        if (isCORSRequest(httpRequest)) {
            if (!isOriginAllowed(httpRequest) || this.methods.stream().noneMatch(str -> {
                return str.equalsIgnoreCase(httpRequest.getRequestMethod());
            })) {
                return invalidCors(httpRequest);
            }
            if (isPreflightRequest(httpRequest)) {
                Headers empty = Headers.empty();
                if (isAnyOriginAllowed()) {
                    empty.put("Access-Control-Allow-Origin", "*");
                } else {
                    empty.put("Access-Control-Allow-Origin", (String) ThreadingUtils.some(httpRequest.getHeaders(), headers -> {
                        return headers.get("origin");
                    }).orElse("*"));
                }
                if (this.methods != null && !this.methods.isEmpty()) {
                    empty.put("Access-Control-Allow-Methods", String.join(", ", this.methods));
                }
                if (this.headers != null && !this.headers.isEmpty()) {
                    empty.put("Access-Control-Allow-Headers", String.join(", ", this.headers));
                }
                if (this.credentials) {
                    empty.put("Access-Control-Allow-Credentials", "true");
                }
                if (this.maxage.longValue() > 0) {
                    empty.put("Access-Control-Max-Age", String.valueOf(this.maxage));
                }
                return (HttpResponse) BeanBuilder.builder(HttpResponse.of("")).set((v0, v1) -> {
                    v0.setStatus(v1);
                }, 200).set((v0, v1) -> {
                    v0.setHeaders(v1);
                }, empty).build();
            }
        }
        HttpResponse castToHttpResponse = castToHttpResponse(middlewareChain.next(httpRequest));
        if (isCORSRequest(httpRequest)) {
            if (this.origins != null && !this.origins.isEmpty()) {
                HttpResponseUtils.header(castToHttpResponse, "Access-Control-Allow-Origin", String.join(", ", this.origins));
            }
            if (this.credentials) {
                HttpResponseUtils.header(castToHttpResponse, "Access-Control-Allow-Credentials", "true");
            }
        }
        return castToHttpResponse;
    }

    private HttpResponse invalidCors(HttpRequest httpRequest) {
        return (HttpResponse) BeanBuilder.builder(HttpResponse.of("Invalid CORS request; Origin=" + httpRequest.getHeaders().get("origin") + ", Method=" + httpRequest.getRequestMethod())).set((v0, v1) -> {
            v0.setHeaders(v1);
        }, Headers.of("Content-Type", "text/plain")).set((v0, v1) -> {
            v0.setStatus(v1);
        }, 403).build();
    }

    private boolean isOriginAllowed(HttpRequest httpRequest) {
        return ((Boolean) ThreadingUtils.some(httpRequest.getHeaders(), headers -> {
            return headers.get("origin");
        }, str -> {
            return Boolean.valueOf(isAnyOriginAllowed() || this.origins.contains(str));
        }).orElse(false)).booleanValue();
    }

    private boolean isAnyOriginAllowed() {
        return this.origins.contains("*");
    }

    private boolean isPreflightRequest(HttpRequest httpRequest) {
        return Objects.equals(httpRequest.getRequestMethod().toUpperCase(Locale.ENGLISH), "OPTIONS") && httpRequest.getHeaders().containsKey("Access-Control-Request-Method");
    }

    private boolean isCORSRequest(HttpRequest httpRequest) {
        return Objects.nonNull(httpRequest.getHeaders().get("Origin"));
    }

    public void setMethods(Set<String> set) {
        this.methods = set;
    }

    public void setOrigins(Set<String> set) {
        this.origins = set;
    }

    public void setHeaders(Set<String> set) {
        this.headers = set;
    }

    public void setMaxage(Long l) {
        this.maxage = l;
    }

    public void setCredentials(boolean z) {
        this.credentials = z;
    }
}
