package at.damudo.flowy.core.config;

import at.damudo.flowy.core.globalsettings.InstanceGlobalSettingAccessor;
import at.damudo.flowy.core.globalsettings.models.InstanceGlobalSettingValues;
import at.damudo.flowy.core.handlers.FlowyAccessDeniedHandler;
import at.damudo.flowy.core.handlers.FlowyAuthenticationEntryPoint;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import lombok.Generated;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.security.web.util.matcher.IpAddressMatcher;

@Configuration
@EnableMethodSecurity
/* loaded from: input_file:BOOT-INF/lib/flowy-core-0.0.1.jar:at/damudo/flowy/core/config/CoreWebSecurityConfig.class */
public class CoreWebSecurityConfig {
    private static final String LOCALHOST_IPV4 = "127.0.0.1";
    private static final String LOCALHOST_IPV6 = "::1";
    private final FlowyAuthenticationEntryPoint flowyAuthenticationEntryPoint;
    private final FlowyAccessDeniedHandler flowyAccessDeniedHandler;
    private final InstanceGlobalSettingAccessor settingAccessor;

    public HttpSecurity httpSecurity(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.httpBasic((v0) -> {
            v0.disable();
        }).csrf((v0) -> {
            v0.disable();
        }).logout((v0) -> {
            v0.disable();
        }).requestCache((v0) -> {
            v0.disable();
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.requestMatchers("/actuator/prometheus").access((supplier, requestAuthorizationContext) -> {
                return accessByIp(requestAuthorizationContext);
            });
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.accessDeniedHandler(this.flowyAccessDeniedHandler).authenticationEntryPoint(this.flowyAuthenticationEntryPoint);
        });
        return httpSecurity;
    }

    private AuthorizationDecision accessByIp(RequestAuthorizationContext requestAuthorizationContext) {
        InstanceGlobalSettingValues.Security security = this.settingAccessor.getCommonValues().getSecurity();
        List<String> arrayList = (security == null || security.getPrometheusMetricsWhitelist() == null) ? new ArrayList<>() : security.getPrometheusMetricsWhitelist();
        arrayList.add(LOCALHOST_IPV4);
        arrayList.add(LOCALHOST_IPV6);
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            if (new IpAddressMatcher(it.next()).matches(requestAuthorizationContext.getRequest())) {
                return new AuthorizationDecision(true);
            }
        }
        return new AuthorizationDecision(false);
    }

    @Generated
    public CoreWebSecurityConfig(FlowyAuthenticationEntryPoint flowyAuthenticationEntryPoint, FlowyAccessDeniedHandler flowyAccessDeniedHandler, InstanceGlobalSettingAccessor instanceGlobalSettingAccessor) {
        this.flowyAuthenticationEntryPoint = flowyAuthenticationEntryPoint;
        this.flowyAccessDeniedHandler = flowyAccessDeniedHandler;
        this.settingAccessor = instanceGlobalSettingAccessor;
    }
}
