package cc.vihackerframework.resource.starter.configure;

import cc.vihackerframework.core.auth.util.SecurityUtil;
import cc.vihackerframework.resource.starter.handler.ViHackerAccessDeniedHandler;
import cc.vihackerframework.resource.starter.handler.ViHackerAuthExceptionEntryPoint;
import cc.vihackerframework.resource.starter.properties.ViHackerSecurityProperties;
import feign.RequestInterceptor;
import org.apache.commons.lang3.StringUtils;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Primary;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.util.Base64Utils;

@EnableConfigurationProperties({ViHackerSecurityProperties.class})
@ConditionalOnProperty(value = {"vihacker.security.enable"}, havingValue = "true", matchIfMissing = true)
@Order(6)
@ComponentScan({"cc.vihackerframework.core.auth.*"})
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:cc/vihackerframework/resource/starter/configure/ViHackerCloudSecurityAutoConfigure.class */
public class ViHackerCloudSecurityAutoConfigure extends GlobalMethodSecurityConfiguration {
    @ConditionalOnMissingBean(name = {"accessDeniedHandler"})
    @Bean
    public ViHackerAccessDeniedHandler accessDeniedHandler() {
        return new ViHackerAccessDeniedHandler();
    }

    @ConditionalOnMissingBean(name = {"authenticationEntryPoint"})
    @Bean
    public ViHackerAuthExceptionEntryPoint authenticationEntryPoint() {
        return new ViHackerAuthExceptionEntryPoint();
    }

    @ConditionalOnMissingBean({PasswordEncoder.class})
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public ViHackerCloudSecurityInteceptorConfigure cloudSecurityInteceptorConfigure() {
        return new ViHackerCloudSecurityInteceptorConfigure();
    }

    @ConditionalOnMissingBean({DefaultTokenServices.class})
    @Bean
    @Primary
    public ViHackerUserInfoTokenServices viHackerUserInfoTokenServices(ResourceServerProperties resourceServerProperties) {
        return new ViHackerUserInfoTokenServices(resourceServerProperties.getUserInfoUri(), resourceServerProperties.getClientId());
    }

    @Bean
    public RequestInterceptor oauth2FeignRequestInterceptor() {
        return requestTemplate -> {
            requestTemplate.header("GatewayToken", new String[]{new String(Base64Utils.encode("vihacker:gateway:123456".getBytes()))});
            String currentTokenValue = SecurityUtil.getCurrentTokenValue();
            if (StringUtils.isNotBlank(currentTokenValue)) {
                requestTemplate.header("Authorization", new String[]{"bearer" + currentTokenValue});
            }
        };
    }

    protected MethodSecurityExpressionHandler createExpressionHandler() {
        return new OAuth2MethodSecurityExpressionHandler();
    }
}
