package net.unit8.kysymys.config;

import java.util.Objects;
import java.util.Optional;
import net.unit8.kysymys.user.application.CustomOAuth2UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@Order(1)
/* loaded from: input_file:net/unit8/kysymys/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomOAuth2UserService customOAuth2UserService;

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{"/css/**", "/images/**"});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.headers().xssProtection();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/login", "/login/oauth2", "/signup", "/h2/**", "/token/watch/*", "/actuator/health"})).permitAll().antMatchers(new String[]{"/admin/lesson/**"})).hasAuthority("CREATE_PROBLEM").anyRequest()).authenticated();
        httpSecurity.formLogin().loginPage("/login").loginProcessingUrl("/login").usernameParameter("username").passwordParameter("password").successHandler((httpServletRequest, httpServletResponse, authentication) -> {
            Optional map = Optional.ofNullable(httpServletRequest.getSession(false)).map(httpSession -> {
                return httpSession.getAttribute("SPRING_SECURITY_SAVED_REQUEST");
            });
            Class<SavedRequest> cls = SavedRequest.class;
            Objects.requireNonNull(SavedRequest.class);
            Optional filter = map.filter(cls::isInstance);
            Class<SavedRequest> cls2 = SavedRequest.class;
            Objects.requireNonNull(SavedRequest.class);
            httpServletResponse.sendRedirect((String) filter.map(cls2::cast).map((v0) -> {
                return v0.getRedirectUrl();
            }).orElse("/"));
        }).failureUrl("/login?error").permitAll();
        httpSecurity.oauth2Login().loginPage("/login").authorizationEndpoint().baseUri("/oauth2/authorize").and().userInfoEndpoint().userService(this.customOAuth2UserService);
        httpSecurity.logout().logoutUrl("/logout").permitAll().logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
        httpSecurity.csrf().ignoringAntMatchers(new String[]{"/h2/**", "/token/watch/*"});
        httpSecurity.headers().frameOptions().disable();
    }
}
