package io.camunda.tasklist.webapp.security;

import jakarta.servlet.http.HttpServletRequest;
import java.util.regex.Pattern;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:io/camunda/tasklist/webapp/security/CsrfRequireMatcher.class */
public class CsrfRequireMatcher implements RequestMatcher {
    private static final Pattern ALLOWED_METHODS = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
    private static final Pattern ALLOWED_PATHS = Pattern.compile("/api/login|/api/logout");

    public boolean matches(HttpServletRequest httpServletRequest) {
        if (ALLOWED_METHODS.matcher(httpServletRequest.getMethod()).matches() || ALLOWED_PATHS.matcher(httpServletRequest.getServletPath()).matches()) {
            return false;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication != null && authentication.isAuthenticated())) {
            return false;
        }
        String header = httpServletRequest.getHeader("Referer");
        if (header != null && header.matches(".*/swagger-ui.*")) {
            return false;
        }
        String header2 = httpServletRequest.getHeader("Authorization");
        return !(header2 != null && header2.startsWith("Bearer "));
    }
}
