package top.zenyoung.security.webflux.filter;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedList;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.WebFilterChainServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.util.CollectionUtils;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
import top.zenyoung.security.model.LoginReqBody;
import top.zenyoung.security.model.TokenAuthentication;
import top.zenyoung.security.webflux.JwtAuthenticationManager;
import top.zenyoung.security.webflux.TopSecurityContext;

/* loaded from: input_file:top/zenyoung/security/webflux/filter/JwtTokenFilter.class */
public class JwtTokenFilter implements WebFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtTokenFilter.class);
    private final JwtAuthenticationManager<? extends LoginReqBody> manager;
    private final ServerAuthenticationFailureHandler authenticationFailureHandler;
    private final ServerSecurityContextRepository securityContextRepository = NoOpServerSecurityContextRepository.getInstance();
    private final ServerWebExchangeMatcher whiteMatchers = buildExchangeMatchers();
    private final ServerAuthenticationSuccessHandler authenticationSuccessHandler = new WebFilterChainServerAuthenticationSuccessHandler();

    public JwtTokenFilter(@Nonnull JwtAuthenticationManager<? extends LoginReqBody> jwtAuthenticationManager) {
        this.manager = jwtAuthenticationManager;
        this.authenticationFailureHandler = new ServerAuthenticationEntryPointFailureHandler((serverWebExchange, authenticationException) -> {
            return jwtAuthenticationManager.unsuccessfulAuthentication(serverWebExchange.getResponse(), authenticationException);
        });
    }

    @Nonnull
    public Mono<Void> filter(@Nonnull ServerWebExchange serverWebExchange, @Nonnull WebFilterChain webFilterChain) {
        return ServerWebExchangeMatchers.anyExchange().matches(serverWebExchange).flatMap(matchResult -> {
            ServerHttpRequest request = serverWebExchange.getRequest();
            return this.whiteMatchers != null ? this.whiteMatchers.matches(serverWebExchange).filter(matchResult -> {
                return !matchResult.isMatch();
            }).map(matchResult2 -> {
                return this.manager.parseAuthenticationToken(request);
            }).switchIfEmpty(Mono.empty()).onErrorResume(th -> {
                return fallback(request, th);
            }) : Mono.just(this.manager.parseAuthenticationToken(request)).onErrorResume(th2 -> {
                return fallback(request, th2);
            });
        }).switchIfEmpty(webFilterChain.filter(serverWebExchange).then(Mono.empty())).flatMap(tokenAuthentication -> {
            return authenticate(serverWebExchange, webFilterChain, tokenAuthentication);
        }).onErrorResume(AuthenticationException.class, authenticationException -> {
            return this.authenticationFailureHandler.onAuthenticationFailure(new WebFilterExchange(serverWebExchange, webFilterChain), authenticationException);
        });
    }

    private Mono<Void> authenticate(@Nonnull ServerWebExchange serverWebExchange, @Nonnull WebFilterChain webFilterChain, @Nonnull Authentication authentication) {
        SecurityContextImpl securityContextImpl = new SecurityContextImpl();
        securityContextImpl.setAuthentication(authentication);
        SecurityContextHolder.setContext(new TopSecurityContext(securityContextImpl, serverWebExchange.getRequest()));
        return this.securityContextRepository.save(serverWebExchange, securityContextImpl).then(this.authenticationSuccessHandler.onAuthenticationSuccess(new WebFilterExchange(serverWebExchange, webFilterChain), authentication)).contextWrite(context -> {
            return ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContextImpl));
        });
    }

    private ServerWebExchangeMatcher buildExchangeMatchers() {
        LinkedList newLinkedList = Lists.newLinkedList();
        String[] loginUrls = this.manager.getLoginUrls();
        if (loginUrls.length > 0) {
            newLinkedList.addAll((Collection) Arrays.stream(loginUrls).filter(str -> {
                return !Strings.isNullOrEmpty(str);
            }).collect(Collectors.toList()));
        }
        String[] whiteUrls = this.manager.getWhiteUrls();
        if (whiteUrls != null && whiteUrls.length > 0) {
            newLinkedList.addAll((Collection) Arrays.stream(whiteUrls).filter(str2 -> {
                return !Strings.isNullOrEmpty(str2);
            }).collect(Collectors.toList()));
        }
        if (CollectionUtils.isEmpty(newLinkedList)) {
            return null;
        }
        return ServerWebExchangeMatchers.pathMatchers((String[]) newLinkedList.toArray(new String[0]));
    }

    protected <R extends LoginReqBody> Mono<TokenAuthentication<R>> fallback(@Nonnull ServerHttpRequest serverHttpRequest, @Nonnull Throwable th) {
        log.debug("fallback(request-path: {})-exp: {}", serverHttpRequest.getPath(), th.getMessage());
        return th instanceof AuthenticationException ? Mono.error(th) : Mono.error(new AuthenticationException(th.getMessage(), th) { // from class: top.zenyoung.security.webflux.filter.JwtTokenFilter.1
        });
    }
}
