package leap.web.cors;

import java.util.HashSet;
import java.util.Set;
import leap.core.annotation.Inject;
import leap.lang.Strings;
import leap.lang.http.HTTP;
import leap.lang.intercepting.State;
import leap.web.Request;
import leap.web.Response;

/* loaded from: input_file:leap/web/cors/DefaultCorsHandler.class */
public class DefaultCorsHandler implements CorsHandler {
    private static final String EXPOSE_ANY_HEADERS_ATTR = CorsHandler.class.getName() + "$EXPOSE_ANY_HEADERS";
    private static final Set<String> CORS_RESPONSE_HEADERS = new HashSet();
    private static final Set<String> SIMPLE_RESPONSE_HEADERS = new HashSet();

    @Inject
    protected CorsConfig conf;

    @Override // leap.web.cors.CorsHandler
    public boolean isPreflightRequest(Request request) {
        return "OPTIONS".equals(request.getRawMethod()) && request.hasHeader(CorsHandler.REQUEST_HEADER_ORIGIN);
    }

    @Override // leap.web.cors.CorsHandler
    public State preHandle(Request request, Response response) throws Throwable {
        return !request.hasHeader(CorsHandler.REQUEST_HEADER_ORIGIN) ? State.CONTINUE : doProcess(request, response, this.conf, request.getHeader(CorsHandler.REQUEST_HEADER_ORIGIN));
    }

    @Override // leap.web.cors.CorsHandler
    public void postHandle(Request request, Response response) {
        if (null != request.getAttribute(EXPOSE_ANY_HEADERS_ATTR)) {
            StringBuilder sb = new StringBuilder();
            for (String str : response.getHeaderNames()) {
                if (!CORS_RESPONSE_HEADERS.contains(str) && !SIMPLE_RESPONSE_HEADERS.contains(str.toLowerCase())) {
                    if (sb.length() > 0) {
                        sb.append(',');
                    }
                    sb.append(str);
                }
            }
            response.setHeader(CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, sb.toString());
        }
    }

    protected State doProcess(Request request, Response response, CorsConfig corsConfig, String str) throws Throwable {
        String header;
        String rawMethod = request.getRawMethod();
        return (!"OPTIONS".equals(rawMethod) || null == (header = request.getHeader(CorsHandler.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_METHOD))) ? doProcessSimpleOrActual(request, response, corsConfig, str, rawMethod) : doProcessPreflight(request, response, corsConfig, str, rawMethod, header);
    }

    protected State doProcessSimpleOrActual(Request request, Response response, CorsConfig corsConfig, String str, String str2) throws Throwable {
        if (!checkAndProcessInvalidOrigin(request, response, corsConfig, str)) {
            return State.INTERCEPTED;
        }
        if (!corsConfig.isMethodAllowed(str2)) {
            responseInvalid(request, response, corsConfig, str);
            return State.INTERCEPTED;
        }
        processCorsOrigin(response, str);
        if (corsConfig.isExposeAnyHeaders()) {
            request.setAttribute(EXPOSE_ANY_HEADERS_ATTR, Boolean.TRUE);
        } else if (corsConfig.hasExposedHeaders()) {
            response.addHeader(CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS, corsConfig.getExposedHeadersValue());
        }
        return State.CONTINUE;
    }

    protected State doProcessPreflight(Request request, Response response, CorsConfig corsConfig, String str, String str2, String str3) throws Throwable {
        if (!checkAndProcessInvalidOrigin(request, response, corsConfig, str)) {
            return State.INTERCEPTED;
        }
        if (str3.isEmpty() || !corsConfig.isMethodAllowed(str3)) {
            responseInvalid(request, response, corsConfig, str);
            return State.INTERCEPTED;
        }
        String header = request.getHeader(CorsHandler.REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS);
        if (!corsConfig.isAllowAnyHeader() && null != header && header.length() > 0) {
            for (String str4 : Strings.split(header, ',')) {
                if (!corsConfig.isHeaderAllowedIgnoreCase(str4)) {
                    responseInvalid(request, response, corsConfig, str);
                    return State.INTERCEPTED;
                }
            }
        }
        processCorsOrigin(response, str);
        if (corsConfig.getPreflightMaxAge() > 0) {
            setCorsMaxAge(response, String.valueOf(corsConfig.getPreflightMaxAge()));
        }
        setCorsMethod(response, str3);
        if (header != null && header.length() > 0) {
            setCorsHeaders(response, header);
        }
        return State.INTERCEPTED;
    }

    protected boolean checkAndProcessInvalidOrigin(Request request, Response response, CorsConfig corsConfig, String str) throws Throwable {
        if (null == str || str.isEmpty()) {
            responseInvalid(request, response, corsConfig, str);
            return false;
        }
        if (corsConfig.isOriginAllowed(str)) {
            return true;
        }
        responseInvalid(request, response, corsConfig, str);
        return false;
    }

    protected void responseInvalid(Request request, Response response, CorsConfig corsConfig, String str) throws Throwable {
        response.setContentType("text/plain");
        response.setStatus(HTTP.SC_FORBIDDEN);
    }

    protected void processCorsOrigin(Response response, String str) {
        if (this.conf.isSupportsCredentials()) {
            setCorsOrigin(response, str);
            setCorsCredentials(response, "true");
        } else if (this.conf.isAllowAnyOrigin()) {
            setCorsOrigin(response, "*");
        } else {
            setCorsOrigin(response, str);
        }
    }

    protected void setCorsOrigin(Response response, String str) {
        setHeaderWhenEmpty(response, CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, str);
    }

    protected void setCorsCredentials(Response response, String str) {
        setHeaderWhenEmpty(response, CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, str);
    }

    protected void setCorsMaxAge(Response response, String str) {
        setHeaderWhenEmpty(response, CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE, str);
    }

    protected void setCorsMethod(Response response, String str) {
        setHeaderWhenEmpty(response, CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, str);
    }

    protected void setCorsHeaders(Response response, String str) {
        setHeaderWhenEmpty(response, CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, str);
    }

    protected void setHeaderWhenEmpty(Response response, String str, String str2) {
        if (Strings.isEmpty(response.getServletResponse().getHeader(str))) {
            response.addHeader(str, str2);
        }
    }

    static {
        CORS_RESPONSE_HEADERS.add(CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS);
        CORS_RESPONSE_HEADERS.add(CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS);
        CORS_RESPONSE_HEADERS.add(CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS);
        CORS_RESPONSE_HEADERS.add(CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN);
        CORS_RESPONSE_HEADERS.add(CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS);
        CORS_RESPONSE_HEADERS.add(CorsHandler.RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE);
        SIMPLE_RESPONSE_HEADERS.add("cache-control");
        SIMPLE_RESPONSE_HEADERS.add("content-language");
        SIMPLE_RESPONSE_HEADERS.add("content-type");
        SIMPLE_RESPONSE_HEADERS.add("expires");
        SIMPLE_RESPONSE_HEADERS.add("last-modified");
        SIMPLE_RESPONSE_HEADERS.add("pragma");
    }
}
