package org.beast.hand.http.passport.filter;

import java.net.URI;
import java.util.Objects;
import org.beast.data.message.StandardErrors;
import org.beast.hand.http.predicate.GatewayRequestPredicates;
import org.beast.hand.http.resolver.AppResolver;
import org.beast.hand.http.support.BeastWebExchangeUtils;
import org.beast.security.core.UserToken;
import org.beast.security.core.codec.UserTokenCodec;
import org.beast.security.core.exception.TokenExpiredException;
import org.springframework.http.HttpCookie;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.web.reactive.function.server.RequestPredicates;
import org.springframework.web.reactive.function.server.RouterFunctions;
import org.springframework.web.reactive.function.server.ServerRequest;
import org.springframework.web.reactive.function.server.ServerResponse;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/beast/hand/http/passport/filter/UserWebAuthenticateFilter.class */
public abstract class UserWebAuthenticateFilter extends AbstractAppAuthenticateFilter<UserToken> {
    private final UserTokenCodec codec;

    public UserWebAuthenticateFilter(AppResolver appResolver) {
        super(appResolver);
        this.codec = new UserTokenCodec();
    }

    @Override // org.beast.hand.http.passport.filter.AbstractAppAuthenticateFilter
    public Mono<UserToken> authenticate(String str, ServerWebExchange serverWebExchange) {
        HttpCookie httpCookie = (HttpCookie) serverWebExchange.getRequest().getCookies().getFirst("u-token");
        if (Objects.isNull(httpCookie)) {
            return Mono.error(new InsufficientAuthenticationException("missing token"));
        }
        UserToken decode = this.codec.decode(httpCookie.getValue());
        if (!Objects.equals(str, decode.getAppId())) {
            return Mono.error(new InsufficientAuthenticationException("token app wrong"));
        }
        try {
            decode.verify();
            return Mono.just(decode);
        } catch (TokenExpiredException e) {
            return Mono.error(new InsufficientAuthenticationException("token verify failed", e));
        }
    }

    public abstract String getAuthenticateUriTemplate(String str, ServerRequest serverRequest);

    public URI getAuthenticateUri(String str, ServerRequest serverRequest) {
        return BeastWebExchangeUtils.expand(getAuthenticateUriTemplate(str, serverRequest), serverRequest.exchange());
    }

    @Override // org.beast.hand.http.passport.filter.AbstractAppAuthenticateFilter
    public Mono<Void> handleUnauthenticated(String str, ServerWebExchange serverWebExchange, InsufficientAuthenticationException insufficientAuthenticationException) {
        return handle(serverWebExchange, RouterFunctions.route(GatewayRequestPredicates.acceptTextHtml(), serverRequest -> {
            return ServerResponse.temporaryRedirect(getAuthenticateUri(str, serverRequest)).build();
        }).andRoute(RequestPredicates.all(), serverRequest2 -> {
            return Mono.error(StandardErrors.UNAUTHENTICATED.toException());
        }));
    }
}
