package co.bittub.api.core.config;

import co.bittub.api.core.http.consumer.HttpConsumer;
import co.bittub.api.core.service.security.TokenAuthenticationFilter;
import co.bittub.api.core.service.security.TokenAuthenticationService;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:co/bittub/api/core/config/SecurityConfig.class */
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    private final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
    private final TokenAuthenticationService tokenAuthenticationService;
    private final HttpConsumer<Exception, HttpServletRequest, HttpServletResponse> httpExceptionConsumer;
    private Properties properties;

    @ConfigurationProperties("app.security")
    @Configuration
    /* loaded from: input_file:co/bittub/api/core/config/SecurityConfig$Properties.class */
    static class Properties {
        private String jwtSecret;
        private Long jwtTtl;
        private boolean enabled = false;
        private boolean cors = true;
        private boolean crsf = false;
        private String[] allowGets = new String[0];
        private String[] allowPosts = new String[0];
        private String[] allowPuts = new String[0];
        private String[] allowPatches = new String[0];
        private String[] allowDeletes = new String[0];
        private String[] allowOptions = new String[0];

        Properties() {
        }

        public void setJwtSecret(String str) {
            this.jwtSecret = str;
        }

        public void setJwtTtl(Long l) {
            this.jwtTtl = l;
        }

        public void setEnabled(boolean z) {
            this.enabled = z;
        }

        public void setCors(boolean z) {
            this.cors = z;
        }

        public void setCrsf(boolean z) {
            this.crsf = z;
        }

        public void setAllowGets(String[] strArr) {
            this.allowGets = strArr;
        }

        public void setAllowPosts(String[] strArr) {
            this.allowPosts = strArr;
        }

        public void setAllowPuts(String[] strArr) {
            this.allowPuts = strArr;
        }

        public void setAllowPatches(String[] strArr) {
            this.allowPatches = strArr;
        }

        public void setAllowDeletes(String[] strArr) {
            this.allowDeletes = strArr;
        }

        public void setAllowOptions(String[] strArr) {
            this.allowOptions = strArr;
        }

        public String getJwtSecret() {
            return this.jwtSecret;
        }

        public Long getJwtTtl() {
            return this.jwtTtl;
        }

        public boolean isEnabled() {
            return this.enabled;
        }

        public boolean isCors() {
            return this.cors;
        }

        public boolean isCrsf() {
            return this.crsf;
        }

        public String[] getAllowGets() {
            return this.allowGets;
        }

        public String[] getAllowPosts() {
            return this.allowPosts;
        }

        public String[] getAllowPuts() {
            return this.allowPuts;
        }

        public String[] getAllowPatches() {
            return this.allowPatches;
        }

        public String[] getAllowDeletes() {
            return this.allowDeletes;
        }

        public String[] getAllowOptions() {
            return this.allowOptions;
        }
    }

    @Autowired
    public SecurityConfig(TokenAuthenticationService tokenAuthenticationService, HttpConsumer<Exception, HttpServletRequest, HttpServletResponse> httpConsumer, Properties properties) {
        this.tokenAuthenticationService = tokenAuthenticationService;
        this.httpExceptionConsumer = httpConsumer;
        this.properties = properties;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (!this.properties.isEnabled()) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().cors().disable().authorizeRequests().anyRequest()).permitAll();
            this.logger.info("[Security] Disabled");
            return;
        }
        if (this.properties.isCrsf()) {
            httpSecurity.csrf();
            this.logger.info("[Security] Enabled CSRF");
        } else {
            httpSecurity.csrf().disable();
            this.logger.info("[Security] Disabled CSRF");
        }
        if (this.properties.isCors()) {
            httpSecurity.cors();
            this.logger.info("[Security] Enabled CORS");
        } else {
            httpSecurity.cors().disable();
            this.logger.info("[Security] Disabled CORS");
        }
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
        getAllowUrls().forEach((httpMethod, strArr) -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(httpMethod, (String[]) Arrays.stream(strArr).filter(str -> {
                return !str.isEmpty();
            }).toArray(i -> {
                return new String[i];
            }))).permitAll();
            this.logger.info("[Security] Allow [{}] {}", httpMethod, strArr);
        });
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated().and().addFilterBefore(new TokenAuthenticationFilter(this.tokenAuthenticationService, this.httpExceptionConsumer), UsernamePasswordAuthenticationFilter.class);
    }

    private Map<HttpMethod, String[]> getAllowUrls() {
        return new HashMap<HttpMethod, String[]>() { // from class: co.bittub.api.core.config.SecurityConfig.1
            {
                put(HttpMethod.GET, SecurityConfig.this.properties.getAllowGets());
                put(HttpMethod.POST, SecurityConfig.this.properties.getAllowPosts());
                put(HttpMethod.PUT, SecurityConfig.this.properties.getAllowPuts());
                put(HttpMethod.PATCH, SecurityConfig.this.properties.getAllowPatches());
                put(HttpMethod.DELETE, SecurityConfig.this.properties.getAllowDeletes());
                put(HttpMethod.OPTIONS, SecurityConfig.this.properties.getAllowOptions());
            }
        };
    }
}
