package net.n2oapp.security.auth.context.account;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.n2oapp.security.admin.api.criteria.AccountCriteria;
import net.n2oapp.security.admin.api.model.Account;
import net.n2oapp.security.admin.rest.client.AccountServiceRestClient;
import net.n2oapp.security.auth.common.OauthUser;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import org.thymeleaf.ITemplateEngine;
import org.thymeleaf.TemplateEngine;
import org.thymeleaf.context.WebContext;
import org.thymeleaf.templatemode.TemplateMode;
import org.thymeleaf.templateresolver.UrlTemplateResolver;

/* loaded from: input_file:BOOT-INF/lib/security-auth-7.0.7.jar:net/n2oapp/security/auth/context/account/ContextFilter.class */
public class ContextFilter extends OncePerRequestFilter {
    private static final String DEFAULT_SELECT_ACCOUNT_TEMPLATE_PATH = "classpath:public/context-page/context-page.html";
    private static final String DEFAULT_SELECT_ACCOUNT_CSS_PATH = "css/context-page.css";
    private static final String DEFAULT_SELECT_ACCOUNT_EMBLEM_PATH = "static/rusEmblem.svg";
    private Set<String> defaultIgnoredUrls;
    private final OrRequestMatcher orRequestMatcher;
    private ContextUserInfoTokenServices userInfoTokenServices;
    private AccountServiceRestClient accountServiceRestClient;
    private ITemplateEngine templateEngine;
    private String selectAccountTemplatePath;
    private String selectAccountCssPath;
    private String selectAccountEmblemPath;

    public ContextFilter(ContextUserInfoTokenServices contextUserInfoTokenServices, AccountServiceRestClient accountServiceRestClient, String str, String str2, String str3, Set<String> set) {
        this.defaultIgnoredUrls = Set.of((Object[]) new String[]{"/static/**", "/public/**", "/dist/**", "/webjars/**", "/lib/**", "/build/**", "/bundle/**", "/error", "/serviceWorker.js", "/css/**", "/manifest.json", "/favicon.ico"});
        this.userInfoTokenServices = contextUserInfoTokenServices;
        this.accountServiceRestClient = accountServiceRestClient;
        this.selectAccountTemplatePath = str;
        this.selectAccountCssPath = str2;
        this.selectAccountEmblemPath = str3;
        this.templateEngine = new TemplateEngine();
        UrlTemplateResolver urlTemplateResolver = new UrlTemplateResolver();
        urlTemplateResolver.setTemplateMode(TemplateMode.HTML);
        urlTemplateResolver.setCharacterEncoding("UTF-8");
        ((TemplateEngine) this.templateEngine).setTemplateResolver(urlTemplateResolver);
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = (CollectionUtils.isEmpty(set) ? this.defaultIgnoredUrls : set).iterator();
        while (it.hasNext()) {
            arrayList.add(new AntPathRequestMatcher(it.next(), HttpMethod.GET.name()));
        }
        this.orRequestMatcher = new OrRequestMatcher(arrayList);
    }

    public ContextFilter(ContextUserInfoTokenServices contextUserInfoTokenServices, AccountServiceRestClient accountServiceRestClient, String str) {
        this(contextUserInfoTokenServices, accountServiceRestClient, DEFAULT_SELECT_ACCOUNT_TEMPLATE_PATH, str, DEFAULT_SELECT_ACCOUNT_EMBLEM_PATH, null);
    }

    public ContextFilter(ContextUserInfoTokenServices contextUserInfoTokenServices, AccountServiceRestClient accountServiceRestClient, String str, String str2) {
        this(contextUserInfoTokenServices, accountServiceRestClient, DEFAULT_SELECT_ACCOUNT_TEMPLATE_PATH, str, str2, null);
    }

    public ContextFilter(ContextUserInfoTokenServices contextUserInfoTokenServices, AccountServiceRestClient accountServiceRestClient, Set<String> set) {
        this(contextUserInfoTokenServices, accountServiceRestClient, DEFAULT_SELECT_ACCOUNT_TEMPLATE_PATH, DEFAULT_SELECT_ACCOUNT_CSS_PATH, DEFAULT_SELECT_ACCOUNT_EMBLEM_PATH, set);
    }

    public ContextFilter(ContextUserInfoTokenServices contextUserInfoTokenServices, AccountServiceRestClient accountServiceRestClient) {
        this(contextUserInfoTokenServices, accountServiceRestClient, DEFAULT_SELECT_ACCOUNT_TEMPLATE_PATH, DEFAULT_SELECT_ACCOUNT_CSS_PATH, DEFAULT_SELECT_ACCOUNT_EMBLEM_PATH, null);
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (Objects.isNull(authentication) || Objects.nonNull(((OauthUser) authentication.getPrincipal()).getAccountId())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        OauthUser oauthUser = (OauthUser) authentication.getPrincipal();
        if (httpServletRequest.getRequestURI().contains("/selectAccount")) {
            selectAccount(Integer.valueOf(httpServletRequest.getParameter("accountId")), authentication);
            httpServletResponse.sendRedirect("/");
            return;
        }
        List<Account> content = this.accountServiceRestClient.findAll(new AccountCriteria(oauthUser.getName())).getContent();
        if (content.size() != 1) {
            writePage(httpServletRequest, httpServletResponse, content);
        } else {
            selectAccount(content.get(0).getId(), authentication);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private void writePage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, List<Account> list) throws IOException {
        httpServletResponse.setStatus(HttpStatus.OK.value());
        httpServletResponse.setContentType("text/html");
        httpServletResponse.setHeader("Content-Type", "text/html;charset=UTF-8");
        WebContext webContext = new WebContext(httpServletRequest, httpServletResponse, httpServletRequest.getServletContext());
        webContext.setVariable("css", this.selectAccountCssPath);
        webContext.setVariable("emblem", this.selectAccountEmblemPath);
        webContext.setVariable("accounts", list);
        httpServletResponse.getWriter().write(this.templateEngine.process(this.selectAccountTemplatePath, webContext));
    }

    private void selectAccount(Integer num, Authentication authentication) {
        OAuth2AuthenticationToken loadAccountAuthentication = this.userInfoTokenServices.loadAccountAuthentication(num, authentication);
        loadAccountAuthentication.setDetails(authentication.getDetails());
        SecurityContextHolder.getContext().setAuthentication(loadAccountAuthentication);
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected boolean shouldNotFilter(HttpServletRequest httpServletRequest) {
        return this.orRequestMatcher.matches(httpServletRequest);
    }

    public void setTemplateEngine(ITemplateEngine iTemplateEngine) {
        this.templateEngine = iTemplateEngine;
    }
}
