package com.blade.security.web.csrf;

import com.blade.kit.PasswordKit;
import com.blade.kit.StringKit;
import com.blade.kit.UUID;
import com.blade.mvc.RouteContext;
import com.blade.mvc.hook.WebHook;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/blade/security/web/csrf/CsrfMiddleware.class */
public class CsrfMiddleware implements WebHook {
    private static final Logger log = LoggerFactory.getLogger(CsrfMiddleware.class);
    private CsrfOption csrfOption;
    private final String sessionToken = "_csrf_token_session";

    public CsrfMiddleware(CsrfOption csrfOption) {
        this.csrfOption = CsrfOption.builder().build();
        this.sessionToken = "_csrf_token_session";
        this.csrfOption = csrfOption;
    }

    @Override // com.blade.mvc.hook.WebHook
    public boolean before(RouteContext routeContext) {
        if (this.csrfOption.isIgnoreMethod(routeContext.method())) {
            if (this.csrfOption.isStartExclusion(routeContext.uri())) {
                return true;
            }
            genToken(routeContext);
            return true;
        }
        if (this.csrfOption.isExclusion(routeContext.uri())) {
            return true;
        }
        String str = (String) routeContext.session().attribute("_csrf_token_session");
        if (StringKit.isEmpty(str)) {
            this.csrfOption.getErrorHandler().accept(routeContext);
            return false;
        }
        String apply = this.csrfOption.getTokenGetter().apply(routeContext.request());
        if (StringKit.isEmpty(apply)) {
            this.csrfOption.getErrorHandler().accept(routeContext);
            return false;
        }
        if (PasswordKit.checkPassword(str, new String(Base64.getDecoder().decode(apply)))) {
            return true;
        }
        this.csrfOption.getErrorHandler().accept(routeContext);
        return false;
    }

    public String genToken(RouteContext routeContext) {
        String str = (String) routeContext.session().attribute("_csrf_token_session");
        if (StringKit.isEmpty(str)) {
            str = UUID.UU64();
            routeContext.session().attribute("_csrf_token_session", str);
        }
        String encodeToString = Base64.getEncoder().encodeToString(PasswordKit.hashPassword(str).getBytes());
        routeContext.attribute("_csrf_token", encodeToString);
        routeContext.attribute("_csrf_token_input", "<input type='hidden' name='_token' value='" + encodeToString + "'/>");
        return encodeToString;
    }

    public CsrfMiddleware() {
        this.csrfOption = CsrfOption.builder().build();
        this.sessionToken = "_csrf_token_session";
    }
}
