package org.rxjava.security.example.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.function.Function;
import org.apache.commons.lang3.StringUtils;
import org.rxjava.common.core.exception.LoginRuntimeException;
import org.rxjava.security.example.entity.SecurityUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.data.redis.core.ReactiveRedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
import org.springframework.web.reactive.config.WebFluxConfigurer;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2WebFlux;

@EnableSwagger2WebFlux
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
/* loaded from: input_file:org/rxjava/security/example/config/ExplicitWebfluxSecurityConfig.class */
public class ExplicitWebfluxSecurityConfig implements WebFluxConfigurer {

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private ReactiveRedisTemplate<String, String> reactiveRedisTemplate;

    private AuthenticationWebFilter tokenAuthenticationFilter() {
        AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(tokenAuthenticationManager());
        Function<ServerWebExchange, Mono<Authentication>> function = tokenAuthenticationConverter();
        function.getClass();
        authenticationWebFilter.setServerAuthenticationConverter((v1) -> {
            return r1.apply(v1);
        });
        authenticationWebFilter.setAuthenticationFailureHandler((webFilterExchange, authenticationException) -> {
            return Mono.error(authenticationException);
        });
        return authenticationWebFilter;
    }

    private Function<ServerWebExchange, Mono<Authentication>> tokenAuthenticationConverter() {
        return serverWebExchange -> {
            String first = serverWebExchange.getRequest().getHeaders().getFirst("Authorization");
            return StringUtils.isEmpty(first) ? Mono.empty() : Mono.just(new JwtAuthenticationToken(first));
        };
    }

    private ReactiveAuthenticationManager tokenAuthenticationManager() {
        return authentication -> {
            String str = (String) authentication.getCredentials();
            return this.reactiveRedisTemplate.opsForValue().get(str).switchIfEmpty(Mono.defer(() -> {
                return Mono.error(LoginRuntimeException.of("未找到token"));
            })).map(str2 -> {
                SecurityUser securityUser = null;
                try {
                    securityUser = (SecurityUser) this.objectMapper.readValue(str2, SecurityUser.class);
                } catch (IOException e) {
                    e.printStackTrace();
                }
                return securityUser;
            }).map(securityUser -> {
                return new JwtAuthenticationToken(securityUser, str, securityUser.getAuthorities());
            });
        };
    }

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity serverHttpSecurity) {
        return ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.authorizeExchange().pathMatchers(new String[]{"/loginByPhoneSms"})).permitAll().pathMatchers(new String[]{"/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**"})).permitAll().anyExchange().authenticated().and().securityContextRepository(NoOpServerSecurityContextRepository.getInstance()).exceptionHandling().authenticationEntryPoint((serverWebExchange, authenticationException) -> {
            return Mono.fromRunnable(() -> {
                serverWebExchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
            });
        }).accessDeniedHandler((serverWebExchange2, accessDeniedException) -> {
            return Mono.fromRunnable(() -> {
                serverWebExchange2.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
            });
        }).and().headers().cache().disable().and().csrf().disable().formLogin().disable().logout().disable().addFilterAt(tokenAuthenticationFilter(), SecurityWebFiltersOrder.AUTHENTICATION).build();
    }

    @Bean
    public Docket createRestApi() {
        return new Docket(DocumentationType.SWAGGER_2).apiInfo(apiInfo()).select().apis(RequestHandlerSelectors.basePackage("org.rxjava")).paths(PathSelectors.any()).build();
    }

    private ApiInfo apiInfo() {
        return new ApiInfoBuilder().title("Swagger构建RESTful API").description("").termsOfServiceUrl("").version("1.0").build();
    }
}
