package top.zenyoung.security.webflux.filter;

import java.util.Collections;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.ResolvableType;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.codec.HttpMessageReader;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import top.zenyoung.common.model.UserPrincipal;
import top.zenyoung.security.model.LoginReqBody;
import top.zenyoung.security.model.TokenAuthentication;
import top.zenyoung.security.webflux.JwtAuthenticationManager;

/* loaded from: input_file:top/zenyoung/security/webflux/filter/JwtLoginFilter.class */
public class JwtLoginFilter extends AuthenticationWebFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtLoginFilter.class);
    private final JwtAuthenticationManager<? extends LoginReqBody> manager;

    public JwtLoginFilter(@Nonnull JwtAuthenticationManager<? extends LoginReqBody> jwtAuthenticationManager) {
        super(jwtAuthenticationManager);
        this.manager = jwtAuthenticationManager;
        setRequiresAuthenticationMatcher(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, jwtAuthenticationManager.getLoginUrls()));
        setServerAuthenticationConverter(parseReqBody());
        setAuthenticationSuccessHandler((webFilterExchange, authentication) -> {
            log.debug("setAuthenticationSuccessHandler(authen: {})...", authentication);
            if (!(authentication.getPrincipal() instanceof UserPrincipal)) {
                return Mono.error(new IllegalArgumentException("authen.getPrincipal()不能转换为UserPrincipal=>" + authentication.getPrincipal()));
            }
            try {
                ServerWebExchange exchange = webFilterExchange.getExchange();
                return jwtAuthenticationManager.successfulAuthenticationHandler(exchange.getResponse(), new UserPrincipal((UserPrincipal) authentication.getPrincipal()));
            } catch (Throwable th) {
                log.debug("setAuthenticationSuccessHandler(authen: {})-exp: {}", authentication, th.getMessage());
                return Mono.error(th);
            }
        });
        setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler((serverWebExchange, authenticationException) -> {
            return jwtAuthenticationManager.unsuccessfulAuthentication(serverWebExchange.getResponse(), authenticationException);
        }));
    }

    protected ServerAuthenticationConverter parseReqBody() {
        return serverWebExchange -> {
            ServerHttpRequest request = serverWebExchange.getRequest();
            MediaType contentType = request.getHeaders().getContentType();
            if (!MediaType.APPLICATION_JSON.isCompatibleWith(contentType)) {
                return MediaType.APPLICATION_FORM_URLENCODED.isCompatibleWith(contentType) ? this.manager.parseFromData(serverWebExchange.getFormData()).cast(Authentication.class) : Mono.empty();
            }
            ResolvableType forClass = ResolvableType.forClass(this.manager.getLoginReqBodyClass());
            return ((HttpMessageReader) this.manager.getServerCodecConfigurer().getReaders().stream().filter(httpMessageReader -> {
                return httpMessageReader.canRead(forClass, MediaType.APPLICATION_JSON);
            }).findFirst().orElseThrow(() -> {
                return new IllegalStateException("No JSON reader for LoginReqBody");
            })).readMono(forClass, request, Collections.emptyMap()).cast(LoginReqBody.class).map(TokenAuthentication::new);
        };
    }
}
