package cn.kduck.security.oauth2.configuration;

import cn.kduck.core.web.json.JsonObject;
import cn.kduck.security.oauth2.matcher.OAuthRequestMatcher;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

@Configuration
@ConditionalOnClass({OAuth2AuthorizedClientService.class})
@ConditionalOnProperty(prefix = "kduck.security.oauth2", name = {"spring-client"}, havingValue = "true")
@Order(300)
/* loaded from: input_file:cn/kduck/security/oauth2/configuration/OAuthClientConfiguration.class */
public class OAuthClientConfiguration extends WebSecurityConfigurerAdapter {

    @Configuration
    @RestController
    /* loaded from: input_file:cn/kduck/security/oauth2/configuration/OAuthClientConfiguration$ClientUserRest.class */
    public class ClientUserRest {

        @Autowired
        private OAuth2AuthorizedClientService authorizedClientService;

        public ClientUserRest() {
        }

        @RequestMapping({"/user_info"})
        @ResponseBody
        public JsonObject userInfo(OAuth2AuthenticationToken oAuth2AuthenticationToken) {
            return new JsonObject(this.authorizedClientService.loadAuthorizedClient(oAuth2AuthenticationToken.getAuthorizedClientRegistrationId(), oAuth2AuthenticationToken.getName()).getAccessToken());
        }
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.requestMatcher(new OAuthRequestMatcher(new String[]{"!/oauth/**", "!/currentUser", "any"}));
        httpSecurity.csrf().disable();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors().and().authorizeRequests().anyRequest()).authenticated().and().oauth2Login().and().oauth2Client();
    }
}
