package tech.simter.rest.jaxrs;

import java.io.IOException;
import javax.annotation.Priority;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import tech.simter.Context;
import tech.simter.jwt.DecodeException;
import tech.simter.jwt.JWT;

@Named
@Singleton
@Provider
@Priority(1000)
/* loaded from: input_file:tech/simter/rest/jaxrs/JwtAuthRequestFilter.class */
public class JwtAuthRequestFilter implements ContainerRequestFilter {
    private static Logger logger = LoggerFactory.getLogger(JwtAuthRequestFilter.class);
    public static final String JWT_HEADER_NAME = "Authorization";
    private final String secretKey;
    private final boolean abortIfUnauthorized;

    public JwtAuthRequestFilter(@Value("${simter.jwt.secret-key:}") String str, @Value("${simter.jwt.abort-if-unauthorized:false}") boolean z) {
        this.secretKey = str;
        this.abortIfUnauthorized = z;
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString(JWT_HEADER_NAME);
        if (headerString == null || headerString.isEmpty() || !headerString.startsWith("Bearer ")) {
            if (this.abortIfUnauthorized) {
                abortWithForbidden(containerRequestContext, "No valid JWT header");
                return;
            }
            return;
        }
        try {
            String substring = headerString.substring(7);
            logger.debug("jwt={}", substring);
            JWT.verify(substring, this.secretKey).payload.getData().forEach((v0, v1) -> {
                Context.set(v0, v1);
            });
        } catch (DecodeException e) {
            if (logger.isDebugEnabled()) {
                logger.debug(e.getMessage(), e);
            } else {
                logger.warn(e.getMessage());
            }
            if (this.abortIfUnauthorized) {
                abortWithForbidden(containerRequestContext, "Invalid JWT");
            }
        }
    }

    private void abortWithForbidden(ContainerRequestContext containerRequestContext, String str) {
        containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).type("text/plain").entity(str).build());
    }
}
