package xyz.shodown.upms.config;

import java.util.Iterator;
import javax.annotation.Resource;
import javax.sql.DataSource;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;

@EnableResourceServer
@Configuration
/* loaded from: input_file:xyz/shodown/upms/config/ResourceServerConfig.class */
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Resource
    private DataSource dataSource;

    @Resource
    private TokenStore tokenStore;

    @Resource
    private AdditionalProperties additionalProperties;

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        resourceServerSecurityConfigurer.resourceId("res").tokenStore(this.tokenStore);
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.antMatcher("/resource/**").authorizeRequests();
        Iterator<String> it = this.additionalProperties.getAccess().getIgnoreUrls().iterator();
        while (it.hasNext()) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{it.next()})).permitAll();
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(HttpMethod.GET, new String[]{"/resource/**"})).access("#oauth2.hasScope('read')");
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(HttpMethod.POST, new String[]{"/resource/**"})).access("#oauth2.hasScope('write')");
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(HttpMethod.PATCH, new String[]{"/resource/**"})).access("#oauth2.hasScope('write')");
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(HttpMethod.PUT, new String[]{"/resource/**"})).access("#oauth2.hasScope('write')");
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(HttpMethod.DELETE, new String[]{"/resource/**"})).access("#oauth2.hasScope('write')");
        authorizeRequests.and().headers().addHeaderWriter((httpServletRequest, httpServletResponse) -> {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
            if ("OPTIONS".equals(httpServletRequest.getMethod())) {
                httpServletResponse.setHeader("Access-Control-Allow-Methods", httpServletRequest.getHeader("Access-Control-Request-Method"));
                httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
            }
        });
    }
}
