package com.nonononoki.alovoa.config;

import ch.qos.logback.core.joran.JoranConstants;
import com.nonononoki.alovoa.Tools;
import com.nonononoki.alovoa.component.AuthFailureHandler;
import com.nonononoki.alovoa.component.AuthFilter;
import com.nonononoki.alovoa.component.AuthProvider;
import com.nonononoki.alovoa.component.AuthSuccessHandler;
import com.nonononoki.alovoa.component.CustomTokenBasedRememberMeServices;
import com.nonononoki.alovoa.component.CustomUserDetailsService;
import com.nonononoki.alovoa.html.AdminResource;
import jakarta.servlet.Filter;
import java.beans.ConstructorProperties;
import java.util.ArrayList;
import java.util.List;
import lombok.Generated;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.core.env.Profiles;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;
import org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy;
import org.springframework.web.cors.CorsConfiguration;
import org.thymeleaf.standard.processor.StandardRemoveTagProcessor;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:BOOT-INF/classes/com/nonononoki/alovoa/config/SecurityConfig.class */
public class SecurityConfig {

    @Value("${app.text.key}")
    private String key;

    @Value("${app.login.remember.key}")
    private String rememberKey;

    @Value("${app.url.front-end}")
    private String urlFrontEnd;

    @Value("${app.domain}")
    private String domain;

    @Autowired
    private Environment env;

    @Autowired
    private AuthFailureHandler failureHandler;

    @Autowired
    private CustomUserDetailsService customUserDetailsService;
    private final AuthenticationConfiguration configuration;
    public static final String ROLE_USER = "ROLE_USER";
    public static final String ROLE_ADMIN = "ROLE_ADMIN";
    public static final String COOKIE_SESSION = "JSESSIONID";
    public static final String COOKIE_REMEMBER = "remember-me";

    public static String getRoleUser() {
        return ROLE_USER;
    }

    public static String getRoleAdmin() {
        return ROLE_ADMIN;
    }

    @Bean
    SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        ((AuthenticationManagerBuilder) httpSecurity.getSharedObject(AuthenticationManagerBuilder.class)).authenticationProvider((AuthenticationProvider) authProvider());
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            authorizationManagerRequestMatcherRegistry.requestMatchers(AdminResource.URL).hasAnyAuthority(ROLE_ADMIN).requestMatchers("/admin/**").hasAnyAuthority(ROLE_ADMIN).requestMatchers("/css/**").permitAll().requestMatchers("/js/**").permitAll().requestMatchers("/img/**").permitAll().requestMatchers("/font/**").permitAll().requestMatchers("/json/**").permitAll().requestMatchers("/oauth2/**").permitAll().requestMatchers("/").permitAll().requestMatchers("/login/**").permitAll().requestMatchers("/terms-conditions").permitAll().requestMatchers("/imprint").permitAll().requestMatchers("/imprint/*").permitAll().requestMatchers("/privacy").permitAll().requestMatchers("/faq").permitAll().requestMatchers("/tos").permitAll().requestMatchers("/register").permitAll().requestMatchers("/register/**").permitAll().requestMatchers("/captcha/**").permitAll().requestMatchers("/donate-list").permitAll().requestMatchers("/donate/received/**").permitAll().requestMatchers("/password/**").permitAll().requestMatchers("/favicon.ico").permitAll().requestMatchers("/sw.js").permitAll().requestMatchers("/robots.txt").permitAll().requestMatchers("/.well-known/assetlinks.json").permitAll().requestMatchers("/text/*").permitAll().requestMatchers("/manifest/**").permitAll().requestMatchers("/fonts/**").permitAll().requestMatchers("/error").permitAll().requestMatchers("/info").permitAll().requestMatchers("/user/delete-account-confirm").permitAll().requestMatchers("/delete-account/*").permitAll().requestMatchers("/media/*").permitAll().anyRequest().authenticated();
        }).csrf((v0) -> {
            v0.disable();
        }).formLogin(formLoginConfigurer -> {
            formLoginConfigurer.loginPage("/login").permitAll();
        }).logout(logoutConfigurer -> {
            logoutConfigurer.deleteCookies(StandardRemoveTagProcessor.ATTR_NAME).invalidateHttpSession(true).deleteCookies(COOKIE_SESSION, "remember-me").logoutUrl("/logout").logoutSuccessUrl("/?logout");
        }).oauth2Login(oAuth2LoginConfigurer -> {
            oAuth2LoginConfigurer.loginPage("/?auth-error").defaultSuccessUrl("/login/oauth2/success");
        }).addFilterBefore((Filter) authenticationFilter(), UsernamePasswordAuthenticationFilter.class).rememberMe(rememberMeConfigurer -> {
            rememberMeConfigurer.rememberMeServices(oAuthRememberMeServices()).key(this.rememberKey);
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.maximumSessions(10).expiredSessionStrategy(getSessionInformationExpiredStrategy()).sessionRegistry(sessionRegistry());
        }).cors(corsConfigurer -> {
            corsConfigurer.configurationSource(httpServletRequest -> {
                CorsConfiguration corsConfiguration = new CorsConfiguration();
                corsConfiguration.setAllowCredentials(true);
                corsConfiguration.setAllowedOrigins(List.of(this.domain, this.urlFrontEnd));
                corsConfiguration.setAllowedMethods(List.of("*"));
                corsConfiguration.setAllowedHeaders(List.of("*"));
                return corsConfiguration;
            });
        }).securityContext(securityContextConfigurer -> {
            securityContextConfigurer.requireExplicitSave(false);
        });
        if (this.env.acceptsProfiles(Profiles.of(Tools.PROD))) {
            httpSecurity.requiresChannel(channelRequestMatcherRegistry -> {
                channelRequestMatcherRegistry.anyRequest().requiresSecure();
            });
        }
        return httpSecurity.build();
    }

    @Bean
    AuthenticationManager authenticationManager() throws Exception {
        return this.configuration.getAuthenticationManager();
    }

    @Bean
    AuthSuccessHandler successHandler() {
        return new AuthSuccessHandler(this);
    }

    @Bean
    AuthFilter authenticationFilter() throws Exception {
        AuthFilter authFilter = new AuthFilter();
        authFilter.setAuthenticationManager(authenticationManager());
        authFilter.setAuthenticationSuccessHandler(successHandler());
        authFilter.setAuthenticationFailureHandler(this.failureHandler);
        authFilter.setRememberMeServices(rememberMeServices());
        authFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy());
        return authFilter;
    }

    public SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new SessionFixationProtectionStrategy());
        arrayList.add(new RegisterSessionAuthenticationStrategy(sessionRegistry()));
        return new CompositeSessionAuthenticationStrategy(arrayList);
    }

    public SessionInformationExpiredStrategy getSessionInformationExpiredStrategy() {
        return new SimpleRedirectSessionInformationExpiredStrategy("/logout");
    }

    @Bean
    SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Bean
    TokenBasedRememberMeServices rememberMeServices() {
        return new TokenBasedRememberMeServices(this.rememberKey, this.customUserDetailsService);
    }

    @Bean
    TokenBasedRememberMeServices oAuthRememberMeServices() {
        CustomTokenBasedRememberMeServices customTokenBasedRememberMeServices = new CustomTokenBasedRememberMeServices(this.rememberKey, this.customUserDetailsService);
        customTokenBasedRememberMeServices.setAlwaysRemember(true);
        return customTokenBasedRememberMeServices;
    }

    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    AuthProvider authProvider() {
        return new AuthProvider();
    }

    public CustomTokenBasedRememberMeServices getOAuthRememberMeServices() {
        return (CustomTokenBasedRememberMeServices) oAuthRememberMeServices();
    }

    @Generated
    @ConstructorProperties({JoranConstants.CONFIGURATION_TAG})
    public SecurityConfig(AuthenticationConfiguration authenticationConfiguration) {
        this.configuration = authenticationConfiguration;
    }
}
