package xyz.raylab.apigateway.security.interception.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpMethod;
import org.springframework.stereotype.Component;
import xyz.raylab.apigateway.security.interception.Context;
import xyz.raylab.apigateway.security.interception.Result;
import xyz.raylab.apigateway.security.interception.interceptor.Interceptor;

@Component("corsInterceptorForSecurity")
/* loaded from: input_file:xyz/raylab/apigateway/security/interception/interceptor/CORSInterceptor.class */
public class CORSInterceptor implements Interceptor {
    @Override // xyz.raylab.apigateway.security.interception.interceptor.Interceptor
    public Result intercept(Interceptor.Chain chain) {
        Context context = chain.context();
        HttpServletRequest request = context.getRequest();
        HttpServletResponse response = context.getResponse();
        if (isCorsRequest(request)) {
            response.setHeader("Access-Control-Allow-Origin", "*");
            response.setHeader("Access-Control-Allow-Methods", "*");
            response.setHeader("Access-Control-Allow-Headers", "*");
            response.setHeader("Access-Control-Allow-Credentials", "true");
            response.setHeader("Access-Control-Max-Age", "1728000");
            if (isPreFlightRequest(request)) {
                return Result.CORS;
            }
        }
        return chain.proceed(context);
    }

    private boolean isCorsRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("Origin") != null;
    }

    private boolean isPreFlightRequest(HttpServletRequest httpServletRequest) {
        return isCorsRequest(httpServletRequest) && HttpMethod.OPTIONS.matches(httpServletRequest.getMethod()) && httpServletRequest.getHeader("Access-Control-Request-Method") != null;
    }
}
