package com.ohaotian.plugin.security.filter;

import com.ohaotian.plugin.security.entity.UserInfo;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:com/ohaotian/plugin/security/filter/TokenAuthenticationFilter.class */
public class TokenAuthenticationFilter extends GenericFilterBean {
    private static ThreadLocal<Boolean> allowSessionCreation = new ThreadLocal<>();

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (!"123".equals(httpServletRequest.getHeader("auth-token"))) {
            return null;
        }
        UserInfo userInfo = new UserInfo();
        userInfo.setUserId(1L);
        return new UsernamePasswordAuthenticationToken(userInfo, userInfo.getPassword(), userInfo.getAuthorities());
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        allowSessionCreation.set(true);
        if (httpServletRequest.getHeader("auth-token") != null) {
            Authentication attemptAuthentication = attemptAuthentication(httpServletRequest, httpServletResponse);
            if (attemptAuthentication == null) {
                httpServletResponse.sendError(401, "Token 无效，请重新申请 token");
                return;
            } else {
                allowSessionCreation.set(false);
                SecurityContextHolder.getContext().setAuthentication(attemptAuthentication);
            }
        }
        if (!"OPTIONS".equals(httpServletRequest.getMethod())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("Origin");
        if (StringUtils.isNotBlank(header)) {
            httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
        }
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, OPTIONS");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
        httpServletResponse.setStatus(HttpStatus.OK.value());
    }

    public static boolean isAllowSessionCreation() {
        return allowSessionCreation.get().booleanValue();
    }
}
