package io.lazyegg.auth.config;

import com.alibaba.cola.exception.SysException;
import io.lazyegg.auth.AuthenticationFactory;
import io.lazyegg.auth.UserDetailsServiceImpl;
import io.lazyegg.auth.filter.GlobalExceptionHandlerFilter;
import io.lazyegg.auth.filter.JwtAuthenticationFilter;
import io.lazyegg.auth.handler.JwtAuthenticationEntryPoint;
import io.lazyegg.auth.handler.JwtLogoutSuccessHandler;
import io.lazyegg.auth.util.SpringUtil;
import io.lazyegg.core.annotation.UrlIgnore;
import java.util.Arrays;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.session.DisableEncodeUrlFilter;
import org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping;

@Configuration
@ComponentScan(basePackages = {"io.lazyegg.auth"})
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
/* loaded from: input_file:io/lazyegg/auth/config/LazyeggSecurityConfig.class */
public class LazyeggSecurityConfig {
    private static final Logger log = LoggerFactory.getLogger(LazyeggSecurityConfig.class);
    private static final String LOGIN_URL = "/auth/login";
    private static final String LOGOUT_URL = "/auth/logout";
    private static String[] URL_WHITELIST = {"/a/**", LOGIN_URL, LOGOUT_URL, LOGOUT_URL, "/doc.html", "/webjars/**", "/swagger-resources", "/v2/**", "/login"};

    @Resource
    private JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;

    @Resource
    private JwtLogoutSuccessHandler logoutSuccessHandler;

    private static void addWhiteList() {
        RequestMappingInfoHandlerMapping requestMappingInfoHandlerMapping = (RequestMappingInfoHandlerMapping) SpringUtil.getBean(RequestMappingInfoHandlerMapping.class);
        if (requestMappingInfoHandlerMapping == null) {
            throw new SysException("放行名单加载失败");
        }
        requestMappingInfoHandlerMapping.getHandlerMethods().forEach((requestMappingInfo, handlerMethod) -> {
            if (handlerMethod.getMethodAnnotation(UrlIgnore.class) == null) {
                return;
            }
            String[] strArr = (String[]) requestMappingInfo.getPatternValues().toArray(new String[0]);
            URL_WHITELIST = (String[]) Arrays.copyOf(URL_WHITELIST, URL_WHITELIST.length + strArr.length);
            System.arraycopy(strArr, 0, URL_WHITELIST, URL_WHITELIST.length - strArr.length, strArr.length);
        });
    }

    @Bean
    SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        addWhiteList();
        httpSecurity.cors().and().csrf().disable().logout(logoutConfigurer -> {
            logoutConfigurer.logoutSuccessHandler(this.logoutSuccessHandler).logoutUrl(LOGOUT_URL);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.mvcMatchers(URL_WHITELIST).permitAll();
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
        }).authenticationManager(authenticationManager()).exceptionHandling().authenticationEntryPoint(this.jwtAuthenticationEntryPoint).and().addFilterBefore(new GlobalExceptionHandlerFilter(), DisableEncodeUrlFilter.class).addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    AuthenticationManager authenticationManager() {
        return new ProviderManager((AuthenticationProvider[]) AuthenticationFactory.getAuthenticationProvider().values().toArray(new AuthenticationProvider[0]));
    }

    @Bean
    UserDetailsService userDetailsService() {
        return new UserDetailsServiceImpl();
    }

    @Bean
    JwtAuthenticationFilter jwtAuthenticationFilter() {
        return new JwtAuthenticationFilter();
    }
}
