package io.rocketbase.commons.filter;

import io.rocketbase.commons.dto.authentication.JwtTokenBundle;
import io.rocketbase.commons.handler.LoginSuccessCookieHandler;
import io.rocketbase.commons.model.AppUserToken;
import io.rocketbase.commons.resource.LoginResource;
import io.rocketbase.commons.security.CommonsAuthenticationToken;
import io.rocketbase.commons.security.CustomAuthoritiesProvider;
import io.rocketbase.commons.security.JwtTokenService;
import io.rocketbase.commons.util.JwtTokenStore;
import java.io.IOException;
import java.util.Collection;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:io/rocketbase/commons/filter/LoginCookieFilter.class */
public class LoginCookieFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(LoginCookieFilter.class);
    private final LoginResource loginResource;
    private final JwtTokenService jwtTokenService;
    private final CustomAuthoritiesProvider customAuthoritiesProvider;

    public static void removeAuthCookie(HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(LoginSuccessCookieHandler.AUTH_REMEMBER, "");
        cookie.setMaxAge(0);
        httpServletResponse.addCookie(cookie);
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        Cookie cookie;
        if (SecurityContextHolder.getContext().getAuthentication() == null && (cookie = WebUtils.getCookie(httpServletRequest, LoginSuccessCookieHandler.AUTH_REMEMBER)) != null && !StringUtils.isEmpty(cookie.getValue())) {
            try {
                String value = cookie.getValue();
                this.jwtTokenService.parseToken(value);
                String newAccessToken = this.loginResource.getNewAccessToken(value);
                AppUserToken parseToken = this.jwtTokenService.parseToken(newAccessToken);
                Collection authoritiesFromToken = this.jwtTokenService.getAuthoritiesFromToken(newAccessToken);
                if (this.customAuthoritiesProvider != null) {
                    authoritiesFromToken.addAll(this.customAuthoritiesProvider.getExtraSecurityContextAuthorities(parseToken, httpServletRequest));
                }
                CommonsAuthenticationToken commonsAuthenticationToken = new CommonsAuthenticationToken(authoritiesFromToken, parseToken, new JwtTokenStore(this.loginResource.getBaseAuthApiUrl(), new JwtTokenBundle(newAccessToken, value)));
                commonsAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                if (log.isTraceEnabled()) {
                    log.trace("authenticated user {} with {}, setting security context", parseToken.getUsername(), authoritiesFromToken);
                }
                SecurityContextHolder.getContext().setAuthentication(commonsAuthenticationToken);
            } catch (Exception e) {
                removeAuthCookie(httpServletResponse);
                log.warn("tried to login via cookie. {}", e.getMessage());
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public LoginCookieFilter(LoginResource loginResource, JwtTokenService jwtTokenService, CustomAuthoritiesProvider customAuthoritiesProvider) {
        this.loginResource = loginResource;
        this.jwtTokenService = jwtTokenService;
        this.customAuthoritiesProvider = customAuthoritiesProvider;
    }
}
