package jodd.joy.auth;

import javax.servlet.http.HttpServletRequest;
import jodd.madvoc.ActionRequest;
import jodd.madvoc.interceptor.ActionInterceptor;
import jodd.madvoc.result.JsonResult;
import jodd.net.HttpStatus;
import jodd.servlet.ServletUtil;

/* loaded from: input_file:jodd/joy/auth/AuthInterceptor.class */
public class AuthInterceptor<T> implements ActionInterceptor {
    public static UserAuth userAuth;
    protected boolean return404instead401 = true;
    protected boolean authenticateViaBasicAuth = true;

    private UserAuth<T> userAuth() {
        return userAuth;
    }

    public void setReturn404instead401(boolean z) {
        this.return404instead401 = z;
    }

    public void setAuthenticateViaBasicAuth(boolean z) {
        this.authenticateViaBasicAuth = z;
    }

    public Object intercept(ActionRequest actionRequest) throws Exception {
        if (actionRequest.getActionRuntime().isAuthenticated()) {
            T authenticateUserViaHttpSession = authenticateUserViaHttpSession(actionRequest);
            if (authenticateUserViaHttpSession == null) {
                authenticateUserViaHttpSession = authenticateUserViaToken(actionRequest);
            }
            if (this.authenticateViaBasicAuth && authenticateUserViaHttpSession == null) {
                authenticateUserViaHttpSession = authenticateUserViaBasicAuth(actionRequest);
            }
            if (authenticateUserViaHttpSession == null) {
                return JsonResult.of(this.return404instead401 ? HttpStatus.error404().notFound() : HttpStatus.error401().unauthorized("Not authorized"));
            }
            if (!authorized(actionRequest)) {
                return JsonResult.of(HttpStatus.error403().forbidden());
            }
        }
        return actionRequest.invoke();
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected T authenticateUserViaHttpSession(ActionRequest actionRequest) {
        Object authToken;
        HttpServletRequest httpServletRequest = actionRequest.getHttpServletRequest();
        UserSession userSession = UserSession.get(httpServletRequest);
        if (userSession == null || (authToken = userSession.getAuthToken()) == null) {
            return null;
        }
        T t = (T) userAuth().rotateToken(authToken);
        if (t != authToken) {
            new UserSession(t, userAuth().tokenValue(t)).start(httpServletRequest, actionRequest.getHttpServletResponse());
        }
        return t;
    }

    protected T authenticateUserViaToken(ActionRequest actionRequest) {
        T validateToken;
        String resolveAuthBearerToken = ServletUtil.resolveAuthBearerToken(actionRequest.getHttpServletRequest());
        if (resolveAuthBearerToken == null || (validateToken = userAuth().validateToken(resolveAuthBearerToken)) == null) {
            return null;
        }
        T rotateToken = userAuth().rotateToken(validateToken);
        actionRequest.getHttpServletResponse().setHeader("Authentication", "Bearer: " + userAuth().tokenValue(rotateToken));
        return rotateToken;
    }

    protected T authenticateUserViaBasicAuth(ActionRequest actionRequest) {
        HttpServletRequest httpServletRequest = actionRequest.getHttpServletRequest();
        String resolveAuthUsername = ServletUtil.resolveAuthUsername(httpServletRequest);
        if (resolveAuthUsername == null) {
            return null;
        }
        T login = userAuth().login(resolveAuthUsername, ServletUtil.resolveAuthPassword(httpServletRequest));
        if (login == null) {
            return null;
        }
        return login;
    }

    protected boolean authorized(ActionRequest actionRequest) {
        return true;
    }
}
