package com.jdroid.javaweb.filter;

import com.jdroid.java.collections.Lists;
import com.jdroid.java.utils.LoggerUtils;
import com.jdroid.javaweb.api.ApiExceptionHandler;
import com.jdroid.javaweb.application.Application;
import com.jdroid.javaweb.exception.CommonErrorCode;
import com.jdroid.javaweb.exception.InvalidAuthenticationException;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/jdroid/javaweb/filter/AbstractAuthenticationFilter.class */
public class AbstractAuthenticationFilter extends OncePerRequestFilter {
    private static final Logger LOGGER = LoggerUtils.getLogger(AbstractAuthenticationFilter.class);
    private static final String USER_TOKEN_HEADER = "x-user-token";

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (requiresAuthentication(httpServletRequest).booleanValue() && !isAuthenticated(httpServletRequest).booleanValue()) {
            httpServletResponse.setHeader(ApiExceptionHandler.STATUS_CODE_HEADER, CommonErrorCode.INVALID_USER_TOKEN.getStatusCode());
            httpServletResponse.sendError(401);
        } else {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            Application.get().getSecurityContext().invalidate();
            httpServletRequest.getSession().invalidate();
        }
    }

    private Boolean requiresAuthentication(HttpServletRequest httpServletRequest) {
        Iterator<String> it = getAllowedPaths().iterator();
        while (it.hasNext()) {
            if (httpServletRequest.getPathInfo().startsWith(it.next())) {
                return false;
            }
        }
        return true;
    }

    private Boolean isAuthenticated(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(USER_TOKEN_HEADER);
        try {
            Application.get().getSecurityContext().authenticateUser(header);
            return true;
        } catch (InvalidAuthenticationException e) {
            LOGGER.warn("User with token " + header + " NOT authenticated.");
            return false;
        }
    }

    public List<String> getAllowedPaths() {
        return Lists.newArrayList();
    }
}
