package org.beangle.webmvc.execution.interceptors;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.beangle.commons.bean.Initializing;
import org.beangle.commons.lang.annotation.description;
import org.beangle.web.servlet.intercept.Interceptor;
import scala.MatchError;
import scala.Predef$;
import scala.collection.immutable.Set;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;

/* compiled from: CorsInterceptor.scala */
@description("支持跨域调用CORS的拦截器")
/* loaded from: input_file:org/beangle/webmvc/execution/interceptors/CorsInterceptor.class */
public class CorsInterceptor implements Interceptor, Initializing {
    private boolean anyOriginAllowed;
    private Set allowedOrigins = (Set) Predef$.MODULE$.Set().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{CorsInterceptor$.MODULE$.AnyOrigin()}));
    private Set allowedMethods = (Set) Predef$.MODULE$.Set().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"GET", "POST", "HEAD", "OPTIONS"}));
    private Set allowedHeaders = (Set) Predef$.MODULE$.Set().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"X-Requested-With", "Content-Type", "Accept", "Origin"}));
    private Set exposedHeaders = Predef$.MODULE$.Set().empty();
    private int preflightMaxAge = 1800;
    private boolean allowCredentials = false;
    private boolean chainPreflight = true;

    public static String AllowCredentialsHeader() {
        return CorsInterceptor$.MODULE$.AllowCredentialsHeader();
    }

    public static String AllowHeadersHeader() {
        return CorsInterceptor$.MODULE$.AllowHeadersHeader();
    }

    public static String AllowMethodsHeader() {
        return CorsInterceptor$.MODULE$.AllowMethodsHeader();
    }

    public static String AllowOriginHeader() {
        return CorsInterceptor$.MODULE$.AllowOriginHeader();
    }

    public static String AnyOrigin() {
        return CorsInterceptor$.MODULE$.AnyOrigin();
    }

    public static Set<String> ComplexHttpMethods() {
        return CorsInterceptor$.MODULE$.ComplexHttpMethods();
    }

    public static String ExposeHeadersHeader() {
        return CorsInterceptor$.MODULE$.ExposeHeadersHeader();
    }

    public static String MaxAgeHeader() {
        return CorsInterceptor$.MODULE$.MaxAgeHeader();
    }

    public static String OriginHeader() {
        return CorsInterceptor$.MODULE$.OriginHeader();
    }

    public static String RequestHeadersHeader() {
        return CorsInterceptor$.MODULE$.RequestHeadersHeader();
    }

    public static String RequestMethodHeader() {
        return CorsInterceptor$.MODULE$.RequestMethodHeader();
    }

    public static Set<String> SimpleHttpContentTypes() {
        return CorsInterceptor$.MODULE$.SimpleHttpContentTypes();
    }

    public boolean anyOriginAllowed() {
        return this.anyOriginAllowed;
    }

    public void anyOriginAllowed_$eq(boolean z) {
        this.anyOriginAllowed = z;
    }

    public Set<String> allowedOrigins() {
        return this.allowedOrigins;
    }

    public void allowedOrigins_$eq(Set<String> set) {
        this.allowedOrigins = set;
    }

    public Set<String> allowedMethods() {
        return this.allowedMethods;
    }

    public void allowedMethods_$eq(Set<String> set) {
        this.allowedMethods = set;
    }

    public Set<String> allowedHeaders() {
        return this.allowedHeaders;
    }

    public void allowedHeaders_$eq(Set<String> set) {
        this.allowedHeaders = set;
    }

    public Set<String> exposedHeaders() {
        return this.exposedHeaders;
    }

    public void exposedHeaders_$eq(Set<String> set) {
        this.exposedHeaders = set;
    }

    public int preflightMaxAge() {
        return this.preflightMaxAge;
    }

    public void preflightMaxAge_$eq(int i) {
        this.preflightMaxAge = i;
    }

    public boolean allowCredentials() {
        return this.allowCredentials;
    }

    public void allowCredentials_$eq(boolean z) {
        this.allowCredentials = z;
    }

    public boolean chainPreflight() {
        return this.chainPreflight;
    }

    public void chainPreflight_$eq(boolean z) {
        this.chainPreflight = z;
    }

    public void init() {
        anyOriginAllowed_$eq(allowedOrigins().contains(CorsInterceptor$.MODULE$.AnyOrigin()));
    }

    public boolean preInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(CorsInterceptor$.MODULE$.OriginHeader());
        if (header == null) {
            return true;
        }
        int checkRequestType = checkRequestType(header, httpServletRequest);
        if (CORSRequestType$.MODULE$.SIMPLE() == checkRequestType || CORSRequestType$.MODULE$.ACTUAL() == checkRequestType) {
            return handleSimpleCors(httpServletRequest, httpServletResponse, header);
        }
        if (CORSRequestType$.MODULE$.PRE_FLIGHT() == checkRequestType) {
            return handlePreflightCors(httpServletRequest, httpServletResponse, header);
        }
        if (CORSRequestType$.MODULE$.INVALID_CORS() == checkRequestType) {
            return handleInvalidCORS(httpServletResponse);
        }
        throw new MatchError(BoxesRunTime.boxToInteger(checkRequestType));
    }

    public void postInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    private boolean handleInvalidCORS(HttpServletResponse httpServletResponse) {
        httpServletResponse.setContentType("text/plain");
        httpServletResponse.setStatus(403);
        httpServletResponse.resetBuffer();
        return false;
    }

    private boolean handleSimpleCors(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (!anyOriginAllowed() || allowCredentials()) {
            httpServletResponse.addHeader(CorsInterceptor$.MODULE$.AllowOriginHeader(), str);
        } else {
            httpServletResponse.addHeader(CorsInterceptor$.MODULE$.AllowOriginHeader(), CorsInterceptor$.MODULE$.AnyOrigin());
        }
        if (allowCredentials()) {
            httpServletResponse.setHeader(CorsInterceptor$.MODULE$.AllowCredentialsHeader(), "true");
        }
        if (!exposedHeaders().nonEmpty()) {
            return true;
        }
        httpServletResponse.setHeader(CorsInterceptor$.MODULE$.ExposeHeadersHeader(), exposedHeaders().mkString(","));
        return true;
    }

    private boolean handlePreflightCors(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (!allowedMethods().contains(httpServletRequest.getHeader(CorsInterceptor$.MODULE$.RequestMethodHeader())) || !areHeadersAllowed(httpServletRequest)) {
            return false;
        }
        httpServletResponse.setHeader(CorsInterceptor$.MODULE$.AllowOriginHeader(), str);
        if (allowCredentials()) {
            httpServletResponse.setHeader(CorsInterceptor$.MODULE$.AllowCredentialsHeader(), "true");
        }
        if (preflightMaxAge() > 0) {
            httpServletResponse.setHeader(CorsInterceptor$.MODULE$.MaxAgeHeader(), String.valueOf(preflightMaxAge()));
        }
        httpServletResponse.setHeader(CorsInterceptor$.MODULE$.AllowMethodsHeader(), allowedMethods().mkString(","));
        httpServletResponse.setHeader(CorsInterceptor$.MODULE$.AllowHeadersHeader(), allowedHeaders().mkString(","));
        return chainPreflight();
    }

    private boolean areHeadersAllowed(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(CorsInterceptor$.MODULE$.RequestHeadersHeader());
        return header == null || Predef$.MODULE$.wrapRefArray(header.split(",")).toSet().subsetOf(allowedHeaders());
    }

    private int checkRequestType(String str, HttpServletRequest httpServletRequest) {
        if (!isOriginAllowed(str)) {
            return CORSRequestType$.MODULE$.INVALID_CORS();
        }
        String method = httpServletRequest.getMethod();
        if (!allowedMethods().contains(method)) {
            return CORSRequestType$.MODULE$.INVALID_CORS();
        }
        if ("OPTIONS".equals(method)) {
            return allowedMethods().contains(httpServletRequest.getHeader(CorsInterceptor$.MODULE$.RequestMethodHeader())) ? CORSRequestType$.MODULE$.PRE_FLIGHT() : CORSRequestType$.MODULE$.INVALID_CORS();
        }
        if ("GET".equals(method) || "HEAD".equals(method)) {
            return CORSRequestType$.MODULE$.SIMPLE();
        }
        if (!"POST".equals(method)) {
            return CorsInterceptor$.MODULE$.ComplexHttpMethods().contains(method) ? CORSRequestType$.MODULE$.ACTUAL() : CORSRequestType$.MODULE$.INVALID_CORS();
        }
        String contentType = httpServletRequest.getContentType();
        return contentType != null ? CorsInterceptor$.MODULE$.SimpleHttpContentTypes().contains(contentType.toLowerCase().trim()) ? CORSRequestType$.MODULE$.SIMPLE() : CORSRequestType$.MODULE$.ACTUAL() : CORSRequestType$.MODULE$.INVALID_CORS();
    }

    private boolean isOriginAllowed(String str) {
        return anyOriginAllowed() ? str.indexOf(37) == -1 : allowedOrigins().contains(str);
    }
}
