package org.skr.security;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import org.skr.common.exception.AuthException;
import org.skr.common.exception.ErrorInfo;
import org.skr.common.util.Checker;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.util.matcher.IpAddressMatcher;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:org/skr/security/JwtAuthenticationFilter.class */
public class JwtAuthenticationFilter extends GenericFilterBean {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
    private final SkrSecurityProperties skrSecurityProperties;
    private final List<String> whitelistIps;

    public JwtAuthenticationFilter(SkrSecurityProperties skrSecurityProperties) {
        this.skrSecurityProperties = skrSecurityProperties;
        this.whitelistIps = (List) Optional.ofNullable(skrSecurityProperties.getGhostWhitelistIps()).orElse(List.of());
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (servletResponse instanceof HttpServletResponse) {
                if (httpServletRequest.getHeader("sec-websocket-protocol") == null && httpServletRequest.getHeader("sec-websocket-key") == null) {
                    String header = httpServletRequest.getHeader(this.skrSecurityProperties.getAccessToken().getHeader());
                    if (header == null && !Checker.isEmpty(httpServletRequest.getCookies())) {
                        header = (String) Arrays.stream(httpServletRequest.getCookies()).filter(cookie -> {
                            return cookie.getName().equals(this.skrSecurityProperties.getAccessToken().getHeader());
                        }).map((v0) -> {
                            return v0.getValue();
                        }).findAny().orElse(null);
                    }
                    if (!Checker.isEmpty(header) && header.startsWith(this.skrSecurityProperties.getGhostToken().getPrefix()) && !validateRemoteIp(servletRequest.getRemoteAddr())) {
                        throw new AuthException(ErrorInfo.CLIENT_IP_NOT_ALLOWED.msgArgs(new Object[]{servletRequest.getRemoteAddr()}));
                    }
                    JwtAuthenticationToken.authenticate(header, this.skrSecurityProperties);
                }
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
        }
        throw new ServletException("OncePerRequestFilter only supports HTTP requests");
    }

    public boolean validateRemoteIp(String str) {
        return this.whitelistIps.stream().map(IpAddressMatcher::new).anyMatch(ipAddressMatcher -> {
            return ipAddressMatcher.matches(str);
        });
    }
}
