package org.zodiac.autoconfigure.security;

import java.util.Iterator;
import java.util.Map;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.http.server.PathContainer;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.web.util.pattern.PathPattern;
import org.springframework.web.util.pattern.PathPatternParser;
import org.zodiac.autoconfigure.security.condition.ConditionalOnSecurityConfigEnabled;
import org.zodiac.commons.logging.SmartSlf4jLogger;
import org.zodiac.commons.logging.SmartSlf4jLoggerFactory;
import org.zodiac.commons.util.Colls;
import org.zodiac.security.config.SecurityCsrfInfo;

@ConditionalOnSecurityConfigEnabled
@EnableWebFluxSecurity
@SpringBootConfiguration
@ConditionalOnClass({Authentication.class, SecurityWebFilterChain.class})
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
@Order(-2147478648)
/* loaded from: input_file:org/zodiac/autoconfigure/security/ReactiveSecurityWebAutoConfiguration.class */
public class ReactiveSecurityWebAutoConfiguration {
    protected SmartSlf4jLogger log = SmartSlf4jLoggerFactory.getLogger(getClass());
    private SecurityConfigProperties securityConfigProperties;

    public ReactiveSecurityWebAutoConfiguration(ObjectProvider<SecurityConfigProperties> objectProvider) {
        this.securityConfigProperties = (SecurityConfigProperties) objectProvider.getIfAvailable();
    }

    @Bean
    protected SecurityWebFilterChain defaultSecurityWebFilterChain(ServerHttpSecurity serverHttpSecurity) {
        this.log.info("Default reactive web http security configure begin");
        if (null != this.securityConfigProperties) {
            if (this.securityConfigProperties.getWeb().isPermitAllUrls()) {
                ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.authorizeExchange().pathMatchers(new String[]{"/**"})).permitAll();
            } else {
                ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.authorizeExchange().pathMatchers(new String[]{"/**"})).authenticated().and().formLogin();
            }
            if (this.securityConfigProperties.getWeb().isBasicEnabled()) {
                serverHttpSecurity.httpBasic();
            } else {
                serverHttpSecurity.httpBasic().disable();
            }
            SecurityCsrfInfo csrf = this.securityConfigProperties.getWeb().getCsrf();
            if (!csrf.isEnabled()) {
                serverHttpSecurity.csrf().disable();
            } else if (Colls.notEmptyColl(csrf.getIgnoredPatterns())) {
                serverHttpSecurity.csrf().requireCsrfProtectionMatcher(serverWebExchange -> {
                    ServerHttpRequest request = serverWebExchange.getRequest();
                    Map map = Colls.map();
                    Iterator it = csrf.getIgnoredPatterns().iterator();
                    while (it.hasNext()) {
                        PathPattern parse = new PathPatternParser().parse((String) it.next());
                        PathContainer pathWithinApplication = request.getPath().pathWithinApplication();
                        if (parse.matches(pathWithinApplication)) {
                            return ServerWebExchangeMatcher.MatchResult.notMatch();
                        }
                        map.putAll(parse.matchAndExtract(pathWithinApplication).getUriVariables());
                    }
                    return ServerWebExchangeMatcher.MatchResult.match(map);
                });
            }
        }
        SecurityWebFilterChain build = serverHttpSecurity.build();
        this.log.info("Default reactive web http security configure end");
        return build;
    }
}
