package top.zenyoung.security.webflux.filter;

import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import top.zenyoung.security.webflux.AuthenticationManager;
import top.zenyoung.security.webflux.converter.JwtTokenAuthenticationConverter;
import top.zenyoung.security.webflux.util.RespJsonUtils;

/* loaded from: input_file:top/zenyoung/security/webflux/filter/JwtTokenFilter.class */
public class JwtTokenFilter implements WebFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtTokenFilter.class);
    private final ServerAuthenticationConverter authenticationConverter;
    private ServerWebExchangeMatcher requiresAuthenticationMatcher = ServerWebExchangeMatchers.anyExchange();
    private ServerAuthenticationSuccessHandler authenticationSuccessHandler = new WebFilterChainServerAuthenticationSuccessHandler();
    private ServerAuthenticationFailureHandler authenticationFailureHandler = new ServerAuthenticationEntryPointFailureHandler((serverWebExchange, authenticationException) -> {
        return RespJsonUtils.buildFailResp(serverWebExchange.getResponse(), HttpStatus.UNAUTHORIZED, authenticationException);
    });
    private final ServerSecurityContextRepository securityContextRepository = NoOpServerSecurityContextRepository.getInstance();

    public void setRequiresAuthenticationMatcher(@Nonnull ServerWebExchangeMatcher serverWebExchangeMatcher) {
        this.requiresAuthenticationMatcher = serverWebExchangeMatcher;
    }

    public void setAuthenticationSuccessHandler(@Nonnull ServerAuthenticationSuccessHandler serverAuthenticationSuccessHandler) {
        this.authenticationSuccessHandler = serverAuthenticationSuccessHandler;
    }

    public void setAuthenticationFailureHandler(@Nonnull ServerAuthenticationFailureHandler serverAuthenticationFailureHandler) {
        this.authenticationFailureHandler = serverAuthenticationFailureHandler;
    }

    public JwtTokenFilter(@Nonnull AuthenticationManager authenticationManager) {
        this.authenticationConverter = new JwtTokenAuthenticationConverter(authenticationManager);
    }

    @Nonnull
    public Mono<Void> filter(@Nonnull ServerWebExchange serverWebExchange, @Nonnull WebFilterChain webFilterChain) {
        return this.requiresAuthenticationMatcher.matches(serverWebExchange).flatMap(matchResult -> {
            return this.authenticationConverter.convert(serverWebExchange);
        }).switchIfEmpty(webFilterChain.filter(serverWebExchange).then(Mono.empty())).flatMap(authentication -> {
            return authenticate(serverWebExchange, webFilterChain, authentication);
        }).onErrorResume(AuthenticationException.class, authenticationException -> {
            return this.authenticationFailureHandler.onAuthenticationFailure(new WebFilterExchange(serverWebExchange, webFilterChain), authenticationException);
        });
    }

    private Mono<Void> authenticate(@Nonnull ServerWebExchange serverWebExchange, @Nonnull WebFilterChain webFilterChain, @Nonnull Authentication authentication) {
        SecurityContextImpl securityContextImpl = new SecurityContextImpl();
        securityContextImpl.setAuthentication(authentication);
        return this.securityContextRepository.save(serverWebExchange, securityContextImpl).then(this.authenticationSuccessHandler.onAuthenticationSuccess(new WebFilterExchange(serverWebExchange, webFilterChain), authentication)).subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContextImpl)));
    }
}
