package org.jooby.handlers;

import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.jooby.Request;
import org.jooby.Response;
import org.jooby.Route;
import org.jooby.Status;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jooby/handlers/CorsHandler.class */
public class CorsHandler implements Route.Filter {
    private static final String ORIGIN = "Origin";
    private static final String ANY_ORIGIN = "*";
    private static final String AC_REQUEST_METHOD = "Access-Control-Request-Method";
    private static final String AC_REQUEST_HEADERS = "Access-Control-Request-Headers";
    private static final String AC_MAX_AGE = "Access-Control-Max-Age";
    private static final String AC_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
    private static final String AC_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String AC_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private static final String AC_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    private static final String AC_ALLOW_METHODS = "Access-Control-Allow-Methods";
    private final Logger log;
    private Optional<Cors> cors;

    public CorsHandler(Cors cors) {
        this.log = LoggerFactory.getLogger((Class<?>) Cors.class);
        this.cors = Optional.empty();
        this.cors = Optional.of(Objects.requireNonNull(cors, "Cors is required."));
    }

    public CorsHandler() {
        this.log = LoggerFactory.getLogger((Class<?>) Cors.class);
        this.cors = Optional.empty();
    }

    @Override // org.jooby.Route.Filter
    public void handle(Request request, Response response, Route.Chain chain) throws Throwable {
        Optional<String> optional = request.header("Origin").toOptional();
        Cors orElseGet = this.cors.orElseGet(() -> {
            return (Cors) request.require(Cors.class);
        });
        if (orElseGet.enabled() && optional.isPresent()) {
            cors(orElseGet, request, response, optional.get());
        }
        chain.next(request, response);
    }

    private void cors(Cors cors, Request request, Response response, String str) throws Exception {
        if (cors.allowOrigin(str)) {
            this.log.debug("allowed origin: {}", str);
            if (preflight(request)) {
                this.log.debug("handling preflight for: {}", str);
                preflight(cors, request, response, str);
                return;
            }
            this.log.debug("handling simple cors for: {}", str);
            if ("null".equals(str)) {
                response.header("Access-Control-Allow-Origin", "*");
                return;
            }
            response.header("Access-Control-Allow-Origin", str);
            if (!cors.anyOrigin()) {
                response.header("Vary", "Origin");
            }
            if (cors.credentials()) {
                response.header("Access-Control-Allow-Credentials", (Object) true);
            }
            if (cors.exposedHeaders().isEmpty()) {
                return;
            }
            response.header("Access-Control-Expose-Headers", join(cors.exposedHeaders()));
        }
    }

    private boolean preflight(Request request) {
        return request.method().equals(Route.OPTIONS) && request.header("Access-Control-Request-Method").isSet();
    }

    private void preflight(Cors cors, Request request, Response response, String str) {
        Optional<String> optional = request.header("Access-Control-Request-Method").toOptional();
        cors.getClass();
        if (((Boolean) optional.map(cors::allowMethod).orElse(false)).booleanValue()) {
            List<String> list = (List) request.header("Access-Control-Request-Headers").toOptional().map(str2 -> {
                return Splitter.on(',').trimResults().omitEmptyStrings().splitToList(str2);
            }).orElse(Collections.emptyList());
            if (cors.allowHeaders(list)) {
                response.header("Access-Control-Allow-Methods", join(cors.allowedMethods()));
                response.header("Access-Control-Allow-Headers", join(cors.anyHeader() ? list : cors.allowedHeaders()));
                if (cors.credentials()) {
                    response.header("Access-Control-Allow-Credentials", (Object) true);
                }
                if (cors.maxAge() > 0) {
                    response.header("Access-Control-Max-Age", Integer.valueOf(cors.maxAge()));
                }
                response.header("Access-Control-Allow-Origin", str);
                if (!cors.anyOrigin()) {
                    response.header("Vary", "Origin");
                }
                response.status(Status.OK).end();
            }
        }
    }

    private String join(List<String> list) {
        return Joiner.on(',').join(list);
    }
}
