package org.http4s.server.middleware;

import cats.Applicative;
import cats.Monad;
import cats.data.Kleisli;
import cats.data.Kleisli$;
import cats.data.OptionT$;
import cats.effect.SyncIO;
import cats.kernel.Eq$;
import cats.syntax.ApplicativeIdOps$;
import cats.syntax.package$all$;
import java.io.Serializable;
import org.http4s.Header;
import org.http4s.Header$Raw$;
import org.http4s.Header$Select$;
import org.http4s.Header$ToRaw$;
import org.http4s.Headers$;
import org.http4s.Method;
import org.http4s.Method$;
import org.http4s.Platform$;
import org.http4s.Request;
import org.http4s.Response;
import org.http4s.Response$;
import org.http4s.Status$;
import org.http4s.headers.Access;
import org.http4s.headers.Access$minusControl$minusAllow$minusMethods$;
import org.http4s.headers.Access$minusControl$minusMax$minusAge$;
import org.http4s.headers.Access$minusControl$minusRequest$minusMethod$;
import org.http4s.headers.Origin;
import org.http4s.headers.Origin$;
import org.http4s.syntax.package$header$;
import org.typelevel.ci.CIString$;
import org.typelevel.ci.package$;
import org.typelevel.log4cats.SelfAwareStructuredLogger;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.StringContext$;
import scala.Tuple3;
import scala.Tuple3$;
import scala.collection.immutable.Set;
import scala.concurrent.duration.package;
import scala.runtime.BoxesRunTime;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;

/* compiled from: CORS.scala */
/* loaded from: input_file:org/http4s/server/middleware/CORS$.class */
public final class CORS$ implements Serializable {
    public static final CORS$ MODULE$ = new CORS$();
    private static final SelfAwareStructuredLogger logger = Platform$.MODULE$.loggerFactory().getLogger("org.http4s.server.middleware.CORS");
    private static final CORSPolicy policy = new CORSPolicy(CORSPolicy$AllowOrigin$All$.MODULE$, CORSPolicy$AllowCredentials$Deny$.MODULE$, CORSPolicy$ExposeHeaders$None$.MODULE$, CORSPolicy$AllowMethods$In$.MODULE$.apply((Set) Predef$.MODULE$.Set().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Method[]{Method$.MODULE$.GET(), Method$.MODULE$.HEAD(), Method$.MODULE$.PUT(), Method$.MODULE$.PATCH(), Method$.MODULE$.POST(), Method$.MODULE$.DELETE()}))), CORSPolicy$AllowHeaders$Reflect$.MODULE$, CORSPolicy$MaxAge$Default$.MODULE$);
    private static final Header.Raw defaultVaryHeader = Header$Raw$.MODULE$.apply(package$.MODULE$.CIStringSyntax(StringContext$.MODULE$.apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"Vary"}))).ci(ScalaRunTime$.MODULE$.genericWrapArray(new Object[0])), "Origin,Access-Control-Request-Method");

    private CORS$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(CORS$.class);
    }

    public SelfAwareStructuredLogger<SyncIO> logger() {
        return logger;
    }

    public CORSPolicy policy() {
        return policy;
    }

    public Header.Raw defaultVaryHeader() {
        return defaultVaryHeader;
    }

    public CORSConfig DefaultCORSConfig() {
        return CORSConfig$.MODULE$.m41default().withAnyOrigin(true).withAllowCredentials(true).withMaxAge(new package.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).day());
    }

    public <F, G> Kleisli<F, Request<G>, Response<G>> apply(Kleisli<F, Request<G>, Response<G>> kleisli, CORSConfig cORSConfig, Applicative<F> applicative) {
        if (cORSConfig.anyOrigin() && cORSConfig.allowCredentials()) {
            ((SyncIO) logger().warn(this::apply$$anonfun$1)).unsafeRunSync();
        }
        return Kleisli$.MODULE$.apply(request -> {
            Tuple3 apply = Tuple3$.MODULE$.apply(request.method(), Headers$.MODULE$.get$extension(request.headers(), Header$Select$.MODULE$.singleHeaders(Origin$.MODULE$.headerInstance())), Headers$.MODULE$.get$extension(request.headers(), Header$Select$.MODULE$.singleHeaders(Access$minusControl$minusRequest$minusMethod$.MODULE$.headerInstance())));
            if (apply != null) {
                Some some = (Option) apply._2();
                Some some2 = (Option) apply._3();
                Method OPTIONS = Method$.MODULE$.OPTIONS();
                Object _1 = apply._1();
                if (OPTIONS != null ? OPTIONS.equals(_1) : _1 == null) {
                    if (some instanceof Some) {
                        Origin origin = (Origin) some.value();
                        if (some2 instanceof Some) {
                            Access.minusControl.minusRequest.minusMethod minusmethod = (Access.minusControl.minusRequest.minusMethod) some2.value();
                            if (allowCORS$1(cORSConfig, origin, minusmethod.method())) {
                                ((SyncIO) logger().debug(() -> {
                                    return r1.apply$$anonfun$2$$anonfun$1(r2, r3);
                                })).unsafeRunSync();
                                return ApplicativeIdOps$.MODULE$.pure$extension((Response) package$all$.MODULE$.catsSyntaxApplicativeId(createOptionsResponse$1(cORSConfig, origin, minusmethod)), applicative);
                            }
                        }
                    }
                }
                if (some instanceof Some) {
                    Origin origin2 = (Origin) some.value();
                    if (allowCORS$1(cORSConfig, origin2, request.method())) {
                        return package$all$.MODULE$.toFunctorOps(kleisli.apply(request), applicative).map(response -> {
                            ((SyncIO) logger().debug(() -> {
                                return r1.apply$$anonfun$2$$anonfun$2$$anonfun$1(r2);
                            })).unsafeRunSync();
                            return corsHeaders$1(cORSConfig, origin2, request.method(), false, response);
                        });
                    }
                    ((SyncIO) logger().debug(() -> {
                        return r1.apply$$anonfun$2$$anonfun$3(r2);
                    })).unsafeRunSync();
                    return ApplicativeIdOps$.MODULE$.pure$extension((Response) package$all$.MODULE$.catsSyntaxApplicativeId(Response$.MODULE$.apply(Status$.MODULE$.Forbidden(), Response$.MODULE$.apply$default$2(), Response$.MODULE$.apply$default$3(), Response$.MODULE$.apply$default$4(), Response$.MODULE$.apply$default$5())), applicative);
                }
            }
            return kleisli.apply(request);
        });
    }

    public <F, G> CORSConfig apply$default$2() {
        return CORSConfig$.MODULE$.m41default();
    }

    public <F> Kleisli<?, Request<F>, Response<F>> httpRoutes(Kleisli<?, Request<F>, Response<F>> kleisli, Monad<F> monad) {
        return apply(kleisli, CORSConfig$.MODULE$.m41default(), OptionT$.MODULE$.catsDataMonadErrorMonadForOptionT(monad));
    }

    public <F> Kleisli<F, Request<F>, Response<F>> httpApp(Kleisli<F, Request<F>, Response<F>> kleisli, Applicative<F> applicative) {
        return apply(kleisli, CORSConfig$.MODULE$.m41default(), applicative);
    }

    private final String apply$$anonfun$1() {
        return "Insecure CORS config detected: `anyOrigin=true` and `allowCredentials=true` are mutually exclusive. `Access-Control-Allow-Credentials` header will not be sent. Change either flag to false to remove this warning.";
    }

    private final Response createOptionsResponse$1(CORSConfig cORSConfig, Origin origin, Access.minusControl.minusRequest.minusMethod minusmethod) {
        return corsHeaders$1(cORSConfig, origin, minusmethod.method(), true, Response$.MODULE$.apply(Response$.MODULE$.apply$default$1(), Response$.MODULE$.apply$default$2(), Response$.MODULE$.apply$default$3(), Response$.MODULE$.apply$default$4(), Response$.MODULE$.apply$default$5()));
    }

    private final Option methodBasedHeader$1(CORSConfig cORSConfig, boolean z) {
        return z ? cORSConfig.allowedHeaders().map(set -> {
            return headerFromStrings$1("Access-Control-Allow-Headers", set);
        }) : cORSConfig.exposedHeaders().map(set2 -> {
            return headerFromStrings$1("Access-Control-Expose-Headers", set2);
        });
    }

    private final Response varyHeader$1(Response response) {
        return None$.MODULE$.equals(Headers$.MODULE$.get$extension(response.headers(), package$.MODULE$.CIStringSyntax(StringContext$.MODULE$.apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"Vary"}))).ci(ScalaRunTime$.MODULE$.genericWrapArray(new Object[0])))) ? response.putHeaders(ScalaRunTime$.MODULE$.wrapRefArray(new Header.ToRaw[]{Header$ToRaw$.MODULE$.rawToRaw(defaultVaryHeader())})) : response;
    }

    private final Response allowCredentialsHeader$7(CORSConfig cORSConfig, Response response) {
        return (cORSConfig.anyOrigin() || !cORSConfig.allowCredentials()) ? response : response.putHeaders(ScalaRunTime$.MODULE$.wrapRefArray(new Header.ToRaw[]{Header$ToRaw$.MODULE$.keyValuesToRaw(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc("Access-Control-Allow-Credentials"), "true"))}));
    }

    private final Response $anonfun$1(Response response) {
        return response;
    }

    private final Set corsHeaders$1$$anonfun$1(Method method) {
        return (Set) Predef$.MODULE$.Set().apply(ScalaRunTime$.MODULE$.wrapRefArray(new Method[]{method}));
    }

    private final Response corsHeaders$1(CORSConfig cORSConfig, Origin origin, Method method, boolean z, Response response) {
        return varyHeader$1(allowCredentialsHeader$7(cORSConfig, (Response) methodBasedHeader$1(cORSConfig, z).fold(() -> {
            return r1.$anonfun$1(r2);
        }, raw -> {
            return response.putHeaders(ScalaRunTime$.MODULE$.wrapRefArray(new Header.ToRaw[]{Header$ToRaw$.MODULE$.rawToRaw(raw)}));
        }))).putHeaders(ScalaRunTime$.MODULE$.wrapRefArray(new Header.ToRaw[]{Header$ToRaw$.MODULE$.modelledHeadersToRaw(Access$minusControl$minusAllow$minusMethods$.MODULE$.apply((Set) cORSConfig.allowedMethods().getOrElse(() -> {
            return r8.corsHeaders$1$$anonfun$1(r9);
        })), Access$minusControl$minusAllow$minusMethods$.MODULE$.headerInstance()), Header$ToRaw$.MODULE$.keyValuesToRaw(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension((String) Predef$.MODULE$.ArrowAssoc("Access-Control-Allow-Origin"), package$header$.MODULE$.http4sHeaderSyntax(origin, Origin$.MODULE$.headerInstance()).value())), Header$ToRaw$.MODULE$.modelledHeadersToRaw(Access$minusControl$minusMax$minusAge$.MODULE$.unsafeFromLong(BoxesRunTime.unboxToLong(package$all$.MODULE$.catsSyntaxOrder(BoxesRunTime.boxToLong(cORSConfig.maxAge().toSeconds()), Eq$.MODULE$.catsKernelInstancesForLong()).max(BoxesRunTime.boxToLong(-1L)))), Access$minusControl$minusMax$minusAge$.MODULE$.headerInstance())}));
    }

    private final boolean allowOrigin$14(CORSConfig cORSConfig, Origin origin) {
        return cORSConfig.anyOrigin() || BoxesRunTime.unboxToBoolean(cORSConfig.allowedOrigins().apply(package$header$.MODULE$.http4sHeaderSyntax(origin, Origin$.MODULE$.headerInstance()).value()));
    }

    private final boolean allowMethod$1(CORSConfig cORSConfig, Method method) {
        return cORSConfig.anyMethod() || cORSConfig.allowedMethods().exists(set -> {
            return set.exists(method2 -> {
                return package$all$.MODULE$.catsSyntaxEq(method2, Method$.MODULE$.catsInstancesForHttp4sMethod()).$eq$eq$eq(method);
            });
        });
    }

    private final boolean allowCORS$1(CORSConfig cORSConfig, Origin origin, Method method) {
        return allowOrigin$14(cORSConfig, origin) && allowMethod$1(cORSConfig, method);
    }

    private final Header.Raw headerFromStrings$1(String str, Set set) {
        return Header$Raw$.MODULE$.apply(CIString$.MODULE$.apply(str), set.mkString("", ", ", ""));
    }

    private final String apply$$anonfun$2$$anonfun$1(Request request, Access.minusControl.minusRequest.minusMethod minusmethod) {
        return new StringBuilder(39).append("Serving OPTIONS with CORS headers for ").append(minusmethod).append(" ").append(request.uri()).toString();
    }

    private final String apply$$anonfun$2$$anonfun$2$$anonfun$1(Request request) {
        return new StringBuilder(24).append("Adding CORS headers to ").append(request.method()).append(" ").append(request.uri()).toString();
    }

    private final String apply$$anonfun$2$$anonfun$3(Request request) {
        return new StringBuilder(30).append("CORS headers were denied for ").append(request.method()).append(" ").append(request.uri()).toString();
    }
}
