package org.restheart.security.handlers;

import io.undertow.server.HttpServerExchange;
import java.util.Set;
import org.restheart.exchange.Request;
import org.restheart.handlers.CORSHandler;
import org.restheart.handlers.PipelinedHandler;
import org.restheart.plugins.PluginRecord;
import org.restheart.plugins.security.Authorizer;
import org.restheart.utils.PluginUtils;

/* loaded from: input_file:org/restheart/security/handlers/AuthorizersHandler.class */
public class AuthorizersHandler extends PipelinedHandler {
    private final Set<PluginRecord<Authorizer>> authorizers;

    public AuthorizersHandler(Set<PluginRecord<Authorizer>> set, PipelinedHandler pipelinedHandler) {
        super(pipelinedHandler);
        this.authorizers = set;
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (isAllowed(Request.of(httpServerExchange))) {
            next(httpServerExchange);
            return;
        }
        CORSHandler.injectAccessControlAllowHeaders(httpServerExchange);
        httpServerExchange.setStatusCode(403);
        httpServerExchange.endExchange();
    }

    private boolean isAllowed(Request request) {
        return this.authorizers != null && !this.authorizers.isEmpty() && this.authorizers.stream().filter(pluginRecord -> {
            return pluginRecord.isEnabled();
        }).filter(pluginRecord2 -> {
            return pluginRecord2.getInstance() != null;
        }).map(pluginRecord3 -> {
            return pluginRecord3.getInstance();
        }).filter(authorizer -> {
            return PluginUtils.authorizerType(authorizer) == Authorizer.TYPE.ALLOWER;
        }).filter(authorizer2 -> {
            return !authorizer2.isAuthenticationRequired(request) || request.isAuthenticated();
        }).anyMatch(authorizer3 -> {
            return authorizer3.isAllowed(request);
        }) && this.authorizers.stream().filter(pluginRecord4 -> {
            return pluginRecord4.isEnabled();
        }).filter(pluginRecord5 -> {
            return pluginRecord5.getInstance() != null;
        }).map(pluginRecord6 -> {
            return pluginRecord6.getInstance();
        }).filter(authorizer4 -> {
            return !authorizer4.isAuthenticationRequired(request) || request.isAuthenticated();
        }).filter(authorizer5 -> {
            return PluginUtils.authorizerType(authorizer5) == Authorizer.TYPE.VETOER;
        }).allMatch(authorizer6 -> {
            return authorizer6.isAllowed(request);
        });
    }
}
