package pl.edu.icm.jupiter.web.config;

import com.auth0.spring.security.api.JwtAuthenticationProvider;
import com.auth0.spring.security.api.JwtWebSecurityConfigurer;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import pl.edu.icm.jupiter.services.api.user.JupiterUserService;
import pl.edu.icm.jupiter.web.security.JwtLoginFilterConfigurer;
import pl.edu.icm.jupiter.web.util.ManagementSecurityProperties;

@Configuration
@EnableWebSecurity
@ComponentScan({"pl.edu.icm.jupiter.security"})
/* loaded from: input_file:pl/edu/icm/jupiter/web/config/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private ManagementSecurityProperties managementSecurityProperties;

    @Autowired
    private JwtAuthenticationProvider authenticationProvider;

    @Autowired
    private JupiterUserService authProvider;

    @Autowired
    private JwtLoginFilterConfigurer<HttpSecurity> jwtConfigurer;

    @Value("${spring.security.jwt.audience}")
    private String audience;

    @Value("${spring.security.jwt.issuer}")
    private String issuer;

    @Value("${spring.rest.prefix}")
    private String restPrefix;

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }

    @Bean
    public FilterRegistrationBean<CorsFilter> registerCorsFilter(CorsFilter corsFilter) {
        FilterRegistrationBean<CorsFilter> filterRegistrationBean = new FilterRegistrationBean<>(corsFilter, new ServletRegistrationBean[0]);
        filterRegistrationBean.setOrder(Integer.MIN_VALUE);
        return filterRegistrationBean;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        String str = this.restPrefix + "/login";
        jwtWebScurityConfigurer().configure(httpSecurity);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers(new String[]{str})).permitAll().antMatchers(new String[]{this.restPrefix + "/preview/**"})).permitAll().antMatchers(new String[]{this.restPrefix + "/websockets/**"})).permitAll().antMatchers(new String[]{this.restPrefix + "/heartbeat"})).permitAll().antMatchers(new String[]{this.restPrefix + "/resetPassword"})).permitAll().antMatchers(new String[]{this.restPrefix + "/**"})).fullyAuthenticated().antMatchers(new String[]{"/monitoring/**"})).access((String) this.managementSecurityProperties.getIps().stream().map(str2 -> {
            return "hasIpAddress('" + str2 + "')";
        }).collect(Collectors.joining(" or "))).anyRequest()).permitAll().and().formLogin().disable().authenticationProvider(this.authProvider);
        this.jwtConfigurer.loginProcessingUrl(str);
        httpSecurity.apply(this.jwtConfigurer);
    }

    @Bean
    public JwtWebSecurityConfigurer jwtWebScurityConfigurer() {
        return JwtWebSecurityConfigurer.forHS256(this.audience, this.issuer, this.authenticationProvider);
    }
}
