package org.comixedproject.auth;

import jakarta.servlet.Filter;
import org.comixedproject.model.user.ComiXedRole;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
/* loaded from: input_file:BOOT-INF/lib/comixed-auth-2.0.0-1.jar:org/comixedproject/auth/ComiXedSecurityConfiguration.class */
public class ComiXedSecurityConfiguration {

    @Autowired
    private ComiXedAuthenticationFilter authenticationFilter;

    @Autowired
    private ComiXedAuthenticationProvider authenticationProvider;

    @Autowired
    private ComiXedUnauthorizedEntryPoint unauthorizedHandler;

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public SecurityFilterChain restSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors(Customizer.withDefaults()).csrf((v0) -> {
            v0.disable();
        }).authenticationProvider((AuthenticationProvider) this.authenticationProvider).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(this.unauthorizedHandler);
        }).securityMatcher("/api/**").authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.anyRequest().permitAll();
        });
        httpSecurity.addFilterBefore((Filter) this.authenticationFilter, UsernamePasswordAuthenticationFilter.class);
        return httpSecurity.build();
    }

    @Bean
    public SecurityFilterChain opdsSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.securityMatcher("/opds/**").authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.anyRequest().hasRole(ComiXedRole.READER_ROLE);
        }).httpBasic(Customizer.withDefaults());
        httpSecurity.addFilterBefore((Filter) this.authenticationFilter, UsernamePasswordAuthenticationFilter.class);
        return httpSecurity.build();
    }

    @Bean
    public SecurityFilterChain runtimeSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.securityMatcher("/actuator/**").cors(Customizer.withDefaults()).csrf((v0) -> {
            v0.disable();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(this.unauthorizedHandler);
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.anyRequest().hasRole(ComiXedRole.ADMIN_ROLE);
        });
        httpSecurity.addFilterBefore((Filter) this.authenticationFilter, UsernamePasswordAuthenticationFilter.class);
        return httpSecurity.build();
    }
}
