package br.com.m4rc310.gql.security;

import br.com.m4rc310.gql.dto.MUser;
import br.com.m4rc310.gql.jwt.MGraphQLJwtService;
import br.com.m4rc310.gql.services.MFluxService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:br/com/m4rc310/gql/security/MGraphQLSecurity.class */
public class MGraphQLSecurity {
    private static final Logger log = LoggerFactory.getLogger(MGraphQLSecurity.class);

    @Value("${br.com.m4rc310.gql.security.enable:false}")
    private boolean enableSecurity;
    private final OncePerRequestFilter jwtAuthFilter = getJWTFilter();
    private MGraphQLJwtService jwt;
    private MFluxService flux;

    public SecurityFilterChain getSecurityFilterChain(HttpSecurity httpSecurity, MGraphQLJwtService mGraphQLJwtService, IMAuthUserProvider iMAuthUserProvider, MFluxService mFluxService) throws Exception {
        this.jwt = mGraphQLJwtService;
        this.flux = mFluxService;
        log.debug("enableSecurity -> {}", Boolean.valueOf(this.enableSecurity));
        if (!this.enableSecurity) {
            return (SecurityFilterChain) httpSecurity.cors((v0) -> {
                v0.disable();
            }).csrf((v0) -> {
                v0.disable();
            }).sessionManagement(sessionManagementConfigurer -> {
                sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
            }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).permitAll();
            }).build();
        }
        HttpSecurity authorizeHttpRequests = httpSecurity.cors((v0) -> {
            v0.disable();
        }).csrf((v0) -> {
            v0.disable();
        }).anonymous((v0) -> {
            v0.disable();
        }).sessionManagement(sessionManagementConfigurer2 -> {
            sessionManagementConfigurer2.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).securityContext(securityContextConfigurer -> {
            securityContextConfigurer.requireExplicitSave(false);
        }).addFilterBefore(this.jwtAuthFilter, UsernamePasswordAuthenticationFilter.class).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry2 -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry2.requestMatchers(HttpMethod.GET, new String[]{"/gui/**", "/graphql/**"})).permitAll();
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry2.requestMatchers(HttpMethod.POST, new String[]{"/graphql/**"})).authenticated();
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry2.anyRequest()).denyAll();
        });
        log.debug("getSecurityFilterChain -> {}", authorizeHttpRequests);
        return (SecurityFilterChain) authorizeHttpRequests.build();
    }

    private OncePerRequestFilter getJWTFilter() {
        return new OncePerRequestFilter() { // from class: br.com.m4rc310.gql.security.MGraphQLSecurity.1
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                try {
                    MGraphQLSecurity.this.resetAuthenticate();
                    MUser mUser = MGraphQLSecurity.this.jwt.getMUser(httpServletRequest);
                    if (Objects.isNull(mUser)) {
                        throw new Exception("User not found.");
                    }
                    MGraphQLSecurity.this.authenticate(mUser);
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } catch (Exception e) {
                    MGraphQLSecurity.log.debug(e.getMessage(), e);
                    MGraphQLSecurity.this.resetAuthenticate();
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                }
            }
        };
    }

    public void authenticate(MUser mUser) {
        UserPrincipal create = UserPrincipal.create(mUser);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(create, (Object) null, create.getAuthorities());
        SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
        createEmptyContext.setAuthentication(usernamePasswordAuthenticationToken);
        SecurityContextHolder.setContext(createEmptyContext);
        this.flux.setUser(mUser);
    }

    public void resetAuthenticate() {
        this.flux.setUser(null);
        SecurityContextHolder.setContext(SecurityContextHolder.createEmptyContext());
    }
}
