package enkan.middleware;

import enkan.MiddlewareChain;
import enkan.annotation.Middleware;
import enkan.collection.Headers;
import enkan.data.ForgeryDetectable;
import enkan.data.HttpRequest;
import enkan.data.HttpResponse;
import enkan.data.Session;
import enkan.util.BeanBuilder;
import enkan.util.MixinUtils;
import enkan.util.ThreadingUtils;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;

@Middleware(name = "antiForgery", dependencies = {"session"})
/* loaded from: input_file:enkan/middleware/AntiForgeryMiddleware.class */
public class AntiForgeryMiddleware<NRES> extends AbstractWebMiddleware<HttpRequest, NRES> {
    private static final String TOKEN_KEY = AntiForgeryMiddleware.class.getName() + "/antiForgeryToken";

    private String newToken() {
        return UUID.randomUUID().toString();
    }

    protected Optional<String> sessionToken(HttpRequest httpRequest) {
        return ThreadingUtils.some(httpRequest, (v0) -> {
            return v0.getSession();
        }, session -> {
            return session.get(TOKEN_KEY);
        }, (v0) -> {
            return Objects.toString(v0);
        });
    }

    protected void putSessionToken(HttpResponse httpResponse, HttpRequest httpRequest, String str) {
        if (Objects.equals(str, sessionToken(httpRequest).orElse(null))) {
            return;
        }
        Session session = (Session) Optional.ofNullable(httpRequest.getSession()).orElse(new Session());
        session.put(TOKEN_KEY, str);
        httpResponse.setSession(session);
    }

    private Map<String, ?> formParams(HttpRequest httpRequest) {
        return httpRequest.getParams();
    }

    private Optional<String> defaultRequestToken(HttpRequest httpRequest) {
        return ThreadingUtils.some(httpRequest, this::formParams, map -> {
            return map.get("__anti-forgery-token");
        }, (v0) -> {
            return v0.toString();
        });
    }

    private boolean isValidRequest(HttpRequest httpRequest) {
        Optional<String> defaultRequestToken = defaultRequestToken(httpRequest);
        Optional<String> sessionToken = sessionToken(httpRequest);
        return defaultRequestToken.isPresent() && sessionToken.isPresent() && defaultRequestToken.get().equals(sessionToken.get());
    }

    private boolean isGetRequest(HttpRequest httpRequest) {
        String requestMethod = httpRequest.getRequestMethod();
        return "GET".equalsIgnoreCase(requestMethod) || "HEAD".equalsIgnoreCase(requestMethod) || "OPTIONS".equalsIgnoreCase(requestMethod);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public HttpResponse handle(HttpRequest httpRequest, MiddlewareChain<HttpRequest, NRES, ?, ?> middlewareChain) {
        String orElseGet = sessionToken(httpRequest).orElseGet(this::newToken);
        if (!isGetRequest(httpRequest) && !isValidRequest(httpRequest)) {
            return (HttpResponse) BeanBuilder.builder(HttpResponse.of("<h1>Invalid anti-forgery token</h1>")).set((v0, v1) -> {
                v0.setStatus(v1);
            }, 403).set((v0, v1) -> {
                v0.setHeaders(v1);
            }, Headers.of("Content-Type", "text/html")).build();
        }
        HttpRequest httpRequest2 = (HttpRequest) MixinUtils.mixin(httpRequest, new Class[]{ForgeryDetectable.class});
        ((ForgeryDetectable) ForgeryDetectable.class.cast(httpRequest2)).setAntiForgeryToken(orElseGet);
        HttpResponse castToHttpResponse = castToHttpResponse(middlewareChain.next(httpRequest2));
        putSessionToken(castToHttpResponse, httpRequest2, orElseGet);
        return castToHttpResponse;
    }
}
