package com.mastfrog.acteur;

import com.google.inject.Singleton;
import com.mastfrog.acteur.headers.HeaderValueType;
import com.mastfrog.acteur.headers.Headers;
import com.mastfrog.acteur.headers.Method;
import com.mastfrog.acteur.preconditions.CORS;
import com.mastfrog.acteur.server.ServerModule;
import com.mastfrog.settings.Settings;
import com.mastfrog.util.collections.CollectionUtils;
import com.mastfrog.util.strings.Strings;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponse;
import io.netty.util.AsciiString;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import javax.inject.Inject;

@Singleton
/* loaded from: input_file:com/mastfrog/acteur/CORSResponseDecoratorImpl.class */
final class CORSResponseDecoratorImpl implements CORSResponseDecorator {
    final CharSequence hdrs;
    final Duration corsMaxAge;
    private final String allowOrigin;
    private final boolean allowCredentials;
    private static final Method[] methods = {Method.GET, Method.POST, Method.PUT, Method.DELETE, Method.OPTIONS};
    static final HeaderValueType<CharSequence> ALLOW_ORIGIN_STRING = Headers.ACCESS_CONTROL_ALLOW_ORIGIN.toStringHeader();
    static final HeaderValueType<CharSequence> ALLOW_HEADERS_STRING = Headers.ACCESS_CONTROL_ALLOW_HEADERS.toStringHeader();
    static final HeaderValueType<CharSequence> ALLOW_CREDENTIALS_STRING = Headers.ACCESS_CONTROL_ALLOW_CREDENTIALS.toStringHeader();
    private static final AsciiString TRUE = new AsciiString("true");
    private static final AsciiString FALSE = new AsciiString("false");

    @Inject
    CORSResponseDecoratorImpl(Settings settings) {
        HashSet hashSet = new HashSet(CollectionUtils.setOf(new HeaderValueType[]{Headers.CONTENT_TYPE, Headers.ACCEPT, Headers.X_REQUESTED_WITH, Headers.AUTHORIZATION}));
        String string = settings.getString(ServerModule.SETTINGS_KEY_CORS_ALLOW_HEADERS);
        if (string != null) {
            Iterator it = Strings.splitUniqueNoEmpty(',', string).iterator();
            while (it.hasNext()) {
                hashSet.add(Headers.header((CharSequence) it.next()));
            }
        }
        String string2 = settings.getString(ServerModule.SETTINGS_KEY_CORS_REPLACE_ALLOW_HEADERS);
        if (string2 != null) {
            this.hdrs = string2;
        } else {
            ArrayList arrayList = new ArrayList(CollectionUtils.transform(hashSet, headerValueType -> {
                return headerValueType.name();
            }));
            Collections.sort(arrayList, Strings.charSequenceComparator(true));
            this.hdrs = new AsciiString(Strings.join(',', arrayList));
        }
        this.allowCredentials = settings.getBoolean(ServerModule.SETTINGS_KEY_CORS_ALLOW_CREDENTIALS, true);
        this.corsMaxAge = Duration.of(settings.getLong(ServerModule.SETTINGS_KEY_CORS_MAX_AGE_MINUTES, 5L), ChronoUnit.MINUTES);
        this.allowOrigin = settings.getString(ServerModule.SETTINGS_KEY_CORS_ALLOW_ORIGIN, ServerModule.DEFAULT_CORS_ALLOW_ORIGIN);
    }

    @Override // com.mastfrog.acteur.CORSResponseDecorator
    public void decorateCorsPreflight(HttpEvent httpEvent, Response response, Page page) {
        Method[] methodArr = methods;
        CORS cors = (CORS) page.getClass().getAnnotation(CORS.class);
        CharSequence charSequence = this.hdrs;
        if (cors != null) {
            if (!cors.value()) {
                return;
            }
            if (cors.methods().length > 0) {
                methodArr = cors.methods();
            }
            if (cors.headers().length > 0) {
                charSequence = Strings.join(',', cors.headers());
            }
        }
        response.addIfUnset(ALLOW_ORIGIN_STRING, this.allowOrigin);
        response.addIfUnset(ALLOW_CREDENTIALS_STRING, this.allowCredentials ? TRUE : FALSE);
        response.addIfUnset(ALLOW_HEADERS_STRING, charSequence);
        response.addIfUnset(Headers.ACCESS_CONTROL_ALLOW, methodArr);
        response.addIfUnset(Headers.ACCESS_CONTROL_MAX_AGE, this.corsMaxAge);
    }

    @Override // com.mastfrog.acteur.CORSResponseDecorator
    public void decorateApplicationResponse(HttpResponse httpResponse) {
        if (!httpResponse.headers().contains(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN)) {
            Headers.write(Headers.ACCESS_CONTROL_ALLOW_ORIGIN.toStringHeader(), this.allowOrigin, httpResponse);
        }
        if (httpResponse.headers().contains(HttpHeaderNames.ACCESS_CONTROL_MAX_AGE)) {
            return;
        }
        Headers.write(Headers.ACCESS_CONTROL_MAX_AGE, this.corsMaxAge, httpResponse);
    }
}
