package com.homihq.db2rest.auth;

import ch.qos.logback.classic.encoder.JsonEncoder;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.homihq.db2rest.auth.common.AbstractAuthProvider;
import com.homihq.db2rest.auth.common.UserDetail;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.time.Instant;
import java.util.LinkedHashMap;
import java.util.Objects;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.servlet.tags.BindTag;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:BOOT-INF/lib/auth-1.6.0.jar:com/homihq/db2rest/auth/AuthFilter.class */
public class AuthFilter extends OncePerRequestFilter {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthFilter.class);
    private final AbstractAuthProvider authProvider;
    private final ObjectMapper objectMapper;
    private final UrlPathHelper urlPathHelper = new UrlPathHelper();

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        log.debug("Handling Auth");
        String requestUri = this.urlPathHelper.getRequestUri(httpServletRequest);
        String method = httpServletRequest.getMethod();
        log.debug("Request URI - {}", requestUri);
        if (this.authProvider.isExcluded(requestUri, method)) {
            log.debug("URI in whitelist. Security checks not applied.");
        } else {
            UserDetail authenticate = this.authProvider.authenticate(httpServletRequest);
            log.debug("user detail - {}", authenticate);
            if (Objects.isNull(authenticate)) {
                addError("Authentication failure.", httpServletRequest, httpServletResponse);
                return;
            } else if (!this.authProvider.authorize(authenticate, requestUri, method)) {
                addError("Authorization failure.", httpServletRequest, httpServletResponse);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        this.logger.debug("Completed Auth Filter");
    }

    private void addError(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("type", "https://db2rest/unauthorized");
        linkedHashMap.put("title", "Auth Error");
        linkedHashMap.put(BindTag.STATUS_VARIABLE_NAME, 401);
        linkedHashMap.put("detail", str);
        linkedHashMap.put("instance", httpServletRequest.getRequestURI());
        linkedHashMap.put("errorCategory", "Invalid-Auth");
        linkedHashMap.put(JsonEncoder.TIMESTAMP_ATTR_NAME, Instant.now());
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentType("application/json");
        this.objectMapper.writeValue(httpServletResponse.getWriter(), linkedHashMap);
    }

    @Generated
    public AuthFilter(AbstractAuthProvider abstractAuthProvider, ObjectMapper objectMapper) {
        this.authProvider = abstractAuthProvider;
        this.objectMapper = objectMapper;
    }
}
