package xyz.migoo.framework.security.config;

import jakarta.annotation.Resource;
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import xyz.migoo.framework.security.core.filter.JWTAuthenticationTokenFilter;
import xyz.migoo.framework.security.core.service.SecurityAuthFrameworkService;
import xyz.migoo.framework.web.config.WebProperties;

@Configuration
@AutoConfigureOrder(-100)
@EnableMethodSecurity(securedEnabled = true)
/* loaded from: input_file:xyz/migoo/framework/security/config/MiGooWebSecurityConfigurerAdapter.class */
public class MiGooWebSecurityConfigurerAdapter {

    @Resource
    private WebProperties webProperties;

    @Resource
    private SecurityAuthFrameworkService userDetailsService;

    @Resource
    private PasswordEncoder passwordEncoder;

    @Resource
    private AuthenticationEntryPoint authenticationEntryPoint;

    @Resource
    private AccessDeniedHandler accessDeniedHandler;

    @Resource
    private LogoutSuccessHandler logoutSuccessHandler;

    @Resource
    private JWTAuthenticationTokenFilter authenticationTokenFilter;

    @Resource
    private Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry> authorizeRequestsCustomizer;

    @ConditionalOnMissingBean({AuthenticationManager.class})
    @Bean
    public AuthenticationManager authenticationManagerBean(ObjectPostProcessor<Object> objectPostProcessor) throws Exception {
        return (AuthenticationManager) new AuthenticationManagerBuilder(objectPostProcessor).userDetailsService(this.userDetailsService).passwordEncoder(this.passwordEncoder).and().build();
    }

    @Bean
    public SecurityFilterChain configure(HttpSecurity httpSecurity) throws Exception {
        return (SecurityFilterChain) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) httpSecurity.cors().and().csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().headers().frameOptions().disable().and().exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint).accessDeniedHandler(this.accessDeniedHandler).and().logout().logoutUrl(api("/sign-out")).logoutSuccessHandler(this.logoutSuccessHandler).and().authorizeHttpRequests().requestMatchers(new String[]{api("/sign-in"), api("/captcha")})).permitAll().requestMatchers(HttpMethod.GET, new String[]{"/*.html", "/*/*.html", "/*.css", "/*/*.css", "/*.js", "/*/*.js", "/*.jpg", "/*/*.jpg", "/*.png", "/*/*.png", "/*.gif", "/*/*.gif"})).permitAll().requestMatchers(new String[]{"/*/druid/*", "/druid/*"})).permitAll().requestMatchers(new String[]{api("/file/*")})).anonymous().requestMatchers(new String[]{"/actuator", "/*/actuator"})).anonymous().requestMatchers(new String[]{"/actuator/*", "/*/actuator/*"})).anonymous().requestMatchers(new String[]{"/actuator/*/*", "/*/actuator/*/*"})).anonymous().requestMatchers(new String[]{"/actuator/*/*/*", "/*/actuator/*/*/*"})).anonymous().requestMatchers(new String[]{"/actuator/*/*/*/*", "/*/actuator/*/*/*/*"})).anonymous().and().authorizeHttpRequests(this.authorizeRequestsCustomizer).authorizeHttpRequests().anyRequest()).authenticated().and().addFilterBefore(this.authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class).build();
    }

    private String api(String str) {
        return this.webProperties.getApiPrefix() + str;
    }
}
