package org.rxjava.gateway.starter.config;

import org.apache.commons.lang3.StringUtils;
import org.rxjava.common.core.service.DefaultLoginInfoServiceImpl;
import org.rxjava.common.core.service.LoginInfoService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@EnableWebFluxSecurity
/* loaded from: input_file:org/rxjava/gateway/starter/config/RxJavaWebFluxSecurityConfig.class */
public class RxJavaWebFluxSecurityConfig {

    @Autowired
    private LoginInfoService loginInfoService;

    @ConditionalOnMissingBean
    @Bean
    public LoginInfoService loginInfoService() {
        return new DefaultLoginInfoServiceImpl();
    }

    @Bean
    public ReactiveAuthenticationManager reactiveAuthenticationManager() {
        return (v0) -> {
            return Mono.just(v0);
        };
    }

    @Bean
    public AuthenticationWebFilter authenticationFilter(ReactiveAuthenticationManager reactiveAuthenticationManager) {
        AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(reactiveAuthenticationManager);
        authenticationWebFilter.setServerAuthenticationConverter(this::authenticationConverter);
        authenticationWebFilter.setAuthenticationFailureHandler(new CustomServerAuthenticationFailureHandler());
        authenticationWebFilter.setAuthenticationSuccessHandler(new CustomServerAuthenticationSuccessHandler());
        return authenticationWebFilter;
    }

    private Mono<Authentication> authenticationConverter(ServerWebExchange serverWebExchange) {
        String first = serverWebExchange.getRequest().getHeaders().getFirst("Authorization");
        return StringUtils.isEmpty(first) ? Mono.empty() : this.loginInfoService.checkToken(serverWebExchange).map(loginInfo -> {
            return new AuthenticationToken(first, loginInfo);
        });
    }

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity serverHttpSecurity, AuthenticationWebFilter authenticationWebFilter) {
        return ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.authorizeExchange().pathMatchers(new String[]{"/**/inner/**"})).denyAll().pathMatchers(new String[]{"/inner/**"})).denyAll().pathMatchers(new String[]{"/**"})).permitAll().anyExchange().authenticated().and().securityContextRepository(NoOpServerSecurityContextRepository.getInstance()).exceptionHandling().authenticationEntryPoint((serverWebExchange, authenticationException) -> {
            return Mono.fromRunnable(() -> {
                serverWebExchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
            });
        }).accessDeniedHandler((serverWebExchange2, accessDeniedException) -> {
            return Mono.fromRunnable(() -> {
                serverWebExchange2.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
            });
        }).and().csrf().disable().formLogin().disable().logout().disable().addFilterAt(authenticationWebFilter, SecurityWebFiltersOrder.AUTHENTICATION).build();
    }
}
