package cn.taketoday.web.cors;

import cn.taketoday.http.HttpHeaders;
import cn.taketoday.http.HttpMethod;
import cn.taketoday.http.HttpStatus;
import cn.taketoday.lang.Constant;
import cn.taketoday.lang.Nullable;
import cn.taketoday.logging.Logger;
import cn.taketoday.logging.LoggerFactory;
import cn.taketoday.util.CollectionUtils;
import cn.taketoday.web.RequestContext;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

/* loaded from: input_file:cn/taketoday/web/cors/DefaultCorsProcessor.class */
public class DefaultCorsProcessor implements CorsProcessor {
    private static final Logger log = LoggerFactory.getLogger(DefaultCorsProcessor.class);

    @Override // cn.taketoday.web.cors.CorsProcessor
    public boolean process(@Nullable CorsConfiguration corsConfiguration, RequestContext requestContext) throws IOException {
        HttpHeaders responseHeaders = requestContext.responseHeaders();
        responseHeaders.setVary(HttpHeaders.ORIGIN, HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
        if (!requestContext.isCorsRequest()) {
            return true;
        }
        if (responseHeaders.containsKey(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)) {
            log.trace("Skip: response already contains \"Access-Control-Allow-Origin\"");
            return true;
        }
        boolean isPreFlightRequest = requestContext.isPreFlightRequest();
        if (corsConfiguration != null) {
            return handleInternal(requestContext, corsConfiguration, isPreFlightRequest);
        }
        if (!isPreFlightRequest) {
            return true;
        }
        rejectRequest(requestContext);
        return false;
    }

    protected void rejectRequest(RequestContext requestContext) throws IOException {
        requestContext.setStatus(HttpStatus.FORBIDDEN);
        requestContext.getOutputStream().write("Invalid CORS request".getBytes(Constant.DEFAULT_CHARSET));
        requestContext.flush();
    }

    protected boolean handleInternal(RequestContext requestContext, CorsConfiguration corsConfiguration, boolean z) throws IOException {
        String origin = requestContext.requestHeaders().getOrigin();
        String checkOrigin = checkOrigin(corsConfiguration, origin);
        if (checkOrigin == null) {
            log.debug("Reject: '{}' origin is not allowed", origin);
            rejectRequest(requestContext);
            return false;
        }
        HttpMethod methodToUse = getMethodToUse(requestContext, z);
        List<HttpMethod> checkMethods = checkMethods(corsConfiguration, methodToUse);
        if (checkMethods == null) {
            log.debug("Reject: HTTP '{}' is not allowed", methodToUse);
            rejectRequest(requestContext);
            return false;
        }
        List<String> headersToUse = getHeadersToUse(requestContext, z);
        List<String> checkHeaders = checkHeaders(corsConfiguration, headersToUse);
        if (z && checkHeaders == null) {
            log.debug("Reject: headers '{}' are not allowed", headersToUse);
            rejectRequest(requestContext);
            return false;
        }
        HttpHeaders responseHeaders = requestContext.responseHeaders();
        responseHeaders.setAccessControlAllowOrigin(checkOrigin);
        if (z) {
            responseHeaders.setAccessControlAllowMethods(checkMethods);
        }
        if (z && !checkHeaders.isEmpty()) {
            responseHeaders.setAccessControlAllowHeaders(checkHeaders);
        }
        if (CollectionUtils.isNotEmpty(corsConfiguration.getExposedHeaders())) {
            responseHeaders.setAccessControlExposeHeaders(corsConfiguration.getExposedHeaders());
        }
        if (Boolean.TRUE.equals(corsConfiguration.getAllowCredentials())) {
            responseHeaders.setAccessControlAllowCredentials(Boolean.TRUE.booleanValue());
        }
        if (z && corsConfiguration.getMaxAge() != null) {
            responseHeaders.setAccessControlMaxAge(corsConfiguration.getMaxAge().longValue());
        }
        requestContext.flush();
        return true;
    }

    @Nullable
    protected String checkOrigin(CorsConfiguration corsConfiguration, @Nullable String str) {
        return corsConfiguration.checkOrigin(str);
    }

    @Nullable
    protected List<HttpMethod> checkMethods(CorsConfiguration corsConfiguration, @Nullable HttpMethod httpMethod) {
        return corsConfiguration.checkHttpMethod(httpMethod);
    }

    @Nullable
    private HttpMethod getMethodToUse(RequestContext requestContext, boolean z) {
        return z ? requestContext.getHeaders().getAccessControlRequestMethod() : requestContext.getMethod();
    }

    @Nullable
    protected List<String> checkHeaders(CorsConfiguration corsConfiguration, List<String> list) {
        return corsConfiguration.checkHeaders(list);
    }

    private List<String> getHeadersToUse(RequestContext requestContext, boolean z) {
        return z ? requestContext.requestHeaders().getAccessControlRequestHeaders() : new ArrayList(requestContext.requestHeaders().keySet());
    }
}
