package org.zodiac.actuate.security;

import javax.validation.constraints.NotNull;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import org.zodiac.actuate.util.ActuatorHelper;
import org.zodiac.commons.util.Strings;
import org.zodiac.commons.util.web.HttpBasicAuthUtil;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/zodiac/actuate/security/ActuatorSecurityWebFilter.class */
public class ActuatorSecurityWebFilter implements WebFilter {
    private String user;
    private ActuatorHelper actuatorHelper;
    private String token;

    public ActuatorSecurityWebFilter(@NotNull ActuatorHelper actuatorHelper, @NotNull String str) {
        this(actuatorHelper, ManagementEnpointsSecurityInfo.DEFAULT_ACTUATOR_SECURITY_USER, str);
    }

    public ActuatorSecurityWebFilter(@NotNull ActuatorHelper actuatorHelper, @NotNull String str, @NotNull String str2) {
        String trimToNull = Strings.trimToNull(str);
        if (null != trimToNull) {
            this.user = trimToNull;
        }
        this.actuatorHelper = actuatorHelper;
        this.token = str2;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        ServerHttpResponse response = serverWebExchange.getResponse();
        String obj = request.getPath().toString();
        if (!obj.startsWith(this.actuatorHelper.getActuatorPath())) {
            return webFilterChain.filter(serverWebExchange);
        }
        if (request.getHeaders().containsKey("X-Real-IP")) {
            String format = String.format("<html><head><title>%s</title></head><body><h2>%s %s</h2></body></html>", HttpStatus.NOT_FOUND.getReasonPhrase(), Integer.valueOf(HttpStatus.NOT_FOUND.value()), HttpStatus.NOT_FOUND.getReasonPhrase());
            response.setStatusCode(HttpStatus.NOT_FOUND);
            response.getHeaders().setContentType(MediaType.TEXT_HTML);
            return response.writeWith(Mono.just(response.bufferFactory().wrap(format.getBytes())));
        }
        if (obj.startsWith("/actuator/health") || obj.startsWith("/actuator/prometheus")) {
            return webFilterChain.filter(serverWebExchange);
        }
        String[] parseAuthorization = HttpBasicAuthUtil.parseAuthorization(request.getHeaders().getFirst("Authorization"));
        if (parseAuthorization != null && parseAuthorization.length == 2 && this.user.equals(parseAuthorization[0]) && parseAuthorization[1].equals(this.token)) {
            return webFilterChain.filter(serverWebExchange);
        }
        String format2 = String.format("<html><head><title>%s</title></head><body><h2>%s</h2><p>%s %s request</p></body></html>", HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpStatus.UNAUTHORIZED.getReasonPhrase(), Integer.valueOf(HttpStatus.UNAUTHORIZED.value()), HttpStatus.UNAUTHORIZED.getReasonPhrase());
        response.setStatusCode(HttpStatus.UNAUTHORIZED);
        response.getHeaders().set("WWW-Authenticate", "Basic Realm=\"token\"");
        response.getHeaders().setContentType(MediaType.TEXT_HTML);
        return response.writeWith(Mono.just(response.bufferFactory().wrap(format2.getBytes())));
    }
}
