package com.blade.security.web.csrf;

import com.blade.kit.StringKit;
import com.blade.kit.UUID;
import com.blade.mvc.WebContext;
import com.blade.mvc.hook.Signature;
import com.blade.mvc.hook.WebHook;
import com.blade.mvc.http.Request;
import com.blade.mvc.http.Response;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import java.util.function.Consumer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/blade/security/web/csrf/CsrfMiddleware.class */
public class CsrfMiddleware implements WebHook {
    private static final Logger log = LoggerFactory.getLogger(CsrfMiddleware.class);
    private Set<String> tokens;
    private CsrfConfig csrfConfig;
    private Consumer<Response> csrfHandle;

    public CsrfMiddleware() {
        this.tokens = new HashSet(64);
        this.csrfConfig = CsrfConfig.builder().build();
        this.csrfHandle = response -> {
            response.badRequest().text("Bad Request.");
        };
    }

    public CsrfMiddleware(Consumer<Response> consumer) {
        this.tokens = new HashSet(64);
        this.csrfConfig = CsrfConfig.builder().build();
        this.csrfHandle = response -> {
            response.badRequest().text("Bad Request.");
        };
        this.csrfHandle = consumer;
    }

    public CsrfMiddleware(CsrfConfig csrfConfig, Consumer<Response> consumer) {
        this.tokens = new HashSet(64);
        this.csrfConfig = CsrfConfig.builder().build();
        this.csrfHandle = response -> {
            response.badRequest().text("Bad Request.");
        };
        this.csrfConfig = csrfConfig;
        this.csrfHandle = consumer;
    }

    @Override // com.blade.mvc.hook.WebHook
    public boolean before(Signature signature) {
        Request request = signature.request();
        CsrfToken csrfToken = (CsrfToken) signature.getAction().getAnnotation(CsrfToken.class);
        if (null == csrfToken) {
            return true;
        }
        if (csrfToken.newToken()) {
            request.attribute(this.csrfConfig.getParam(), this.csrfConfig.getKey());
            request.attribute(this.csrfConfig.getHeader(), this.csrfConfig.getKey());
            String UU64 = UUID.UU64();
            request.attribute(this.csrfConfig.getKey(), UU64);
            log.debug("Generate token [{}]", UU64);
            this.tokens.add(UU64);
        }
        if (csrfToken.valid() || StringKit.equals(Boolean.TRUE.toString(), signature.getRequest().header(this.csrfConfig.getValidId()))) {
            return validation();
        }
        return true;
    }

    public boolean validation() {
        Request request = WebContext.request();
        Response response = WebContext.response();
        Optional<String> query = request.query(this.csrfConfig.getKey());
        if (!query.isPresent()) {
            query = Optional.ofNullable(request.header(this.csrfConfig.getKey()));
        }
        if (!query.isPresent()) {
            this.csrfHandle.accept(response);
            return false;
        }
        if (this.tokens.contains(query.get())) {
            this.tokens.remove(query.get());
            return true;
        }
        this.csrfHandle.accept(response);
        return false;
    }
}
