package org.http4s.server.middleware;

import cats.Applicative;
import cats.Monad;
import cats.data.Kleisli;
import cats.data.OptionT$;
import cats.effect.SyncIO;
import cats.kernel.Eq;
import cats.syntax.ApplicativeIdOps$;
import cats.syntax.package$all$;
import io.netty.handler.codec.http.HttpHeaders;
import org.apache.commons.lang3.BooleanUtils;
import org.http4s.Header;
import org.http4s.Header$Select$;
import org.http4s.Header$ToRaw$;
import org.http4s.Headers$;
import org.http4s.Method;
import org.http4s.Method$;
import org.http4s.Platform$;
import org.http4s.Request;
import org.http4s.Response;
import org.http4s.Response$;
import org.http4s.Status$;
import org.http4s.headers.Access$minusControl$minusAllow$minusMethods;
import org.http4s.headers.Access$minusControl$minusAllow$minusMethods$;
import org.http4s.headers.Access$minusControl$minusMax$minusAge$;
import org.http4s.headers.Access$minusControl$minusRequest$minusMethod;
import org.http4s.headers.Access$minusControl$minusRequest$minusMethod$;
import org.http4s.headers.Origin;
import org.http4s.headers.Origin$;
import org.http4s.server.middleware.CORSPolicy;
import org.http4s.syntax.package$header$;
import org.typelevel.ci.CIString$;
import org.typelevel.ci.package$;
import org.typelevel.log4cats.SelfAwareStructuredLogger;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.StringContext;
import scala.Tuple3;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Set;
import scala.concurrent.duration.Cpackage;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.RichLong$;
import scala.runtime.ScalaRunTime$;

/* compiled from: CORS.scala */
/* loaded from: input_file:WEB-INF/lib/http4s-server_2.13-0.23.24.jar:org/http4s/server/middleware/CORS$.class */
public final class CORS$ {
    public static final CORS$ MODULE$ = new CORS$();
    private static final SelfAwareStructuredLogger<SyncIO> logger = (SelfAwareStructuredLogger) Platform$.MODULE$.loggerFactory().getLogger("org.http4s.server.middleware.CORS");
    private static final CORSPolicy policy = new CORSPolicy(CORSPolicy$AllowOrigin$All$.MODULE$, CORSPolicy$AllowCredentials$Deny$.MODULE$, CORSPolicy$ExposeHeaders$None$.MODULE$, new CORSPolicy.AllowMethods.In((Set) Predef$.MODULE$.Set().apply2(ScalaRunTime$.MODULE$.wrapRefArray(new Method[]{Method$.MODULE$.GET(), Method$.MODULE$.HEAD(), Method$.MODULE$.PUT(), Method$.MODULE$.PATCH(), Method$.MODULE$.POST(), Method$.MODULE$.DELETE()}))), CORSPolicy$AllowHeaders$Reflect$.MODULE$, CORSPolicy$MaxAge$Default$.MODULE$);
    private static final Header.Raw defaultVaryHeader = new Header.Raw(package$.MODULE$.CIStringSyntax(new StringContext(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"Vary"}))).ci(Nil$.MODULE$), "Origin,Access-Control-Request-Method");

    public SelfAwareStructuredLogger<SyncIO> logger() {
        return logger;
    }

    public CORSPolicy policy() {
        return policy;
    }

    public Header.Raw defaultVaryHeader() {
        return defaultVaryHeader;
    }

    public CORSConfig DefaultCORSConfig() {
        return CORSConfig$.MODULE$.m5702default().withAnyOrigin(true).withAllowCredentials(true).withMaxAge(new Cpackage.DurationInt(scala.concurrent.duration.package$.MODULE$.DurationInt(1)).day());
    }

    public <F, G> Kleisli<F, Request<G>, Response<G>> apply(Kleisli<F, Request<G>, Response<G>> kleisli, CORSConfig cORSConfig, Applicative<F> applicative) {
        if (cORSConfig.anyOrigin() && cORSConfig.allowCredentials()) {
            logger().warn(() -> {
                return "Insecure CORS config detected: `anyOrigin=true` and `allowCredentials=true` are mutually exclusive. `Access-Control-Allow-Credentials` header will not be sent. Change either flag to false to remove this warning.";
            }).unsafeRunSync();
        } else {
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        }
        return new Kleisli<>(request -> {
            Tuple3 tuple3 = new Tuple3(request.method(), Headers$.MODULE$.get$extension(request.headers(), Header$Select$.MODULE$.singleHeaders(Origin$.MODULE$.headerInstance())), Headers$.MODULE$.get$extension(request.headers(), Header$Select$.MODULE$.singleHeaders(Access$minusControl$minusRequest$minusMethod$.MODULE$.headerInstance())));
            if (tuple3 != null) {
                Method method = (Method) tuple3._1();
                Option option = (Option) tuple3._2();
                Option option2 = (Option) tuple3._3();
                Method OPTIONS = Method$.MODULE$.OPTIONS();
                if (OPTIONS != null ? OPTIONS.equals(method) : method == null) {
                    if (option instanceof Some) {
                        Origin origin = (Origin) ((Some) option).value();
                        if (option2 instanceof Some) {
                            Access$minusControl$minusRequest$minusMethod access$minusControl$minusRequest$minusMethod = (Access$minusControl$minusRequest$minusMethod) ((Some) option2).value();
                            if (allowCORS$1(origin, access$minusControl$minusRequest$minusMethod.method(), cORSConfig)) {
                                MODULE$.logger().debug(() -> {
                                    return new StringBuilder(39).append("Serving OPTIONS with CORS headers for ").append(access$minusControl$minusRequest$minusMethod).append(" ").append(request.uri()).toString();
                                }).unsafeRunSync();
                                return ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(createOptionsResponse$1(origin, access$minusControl$minusRequest$minusMethod, cORSConfig)), applicative);
                            }
                        }
                    }
                }
            }
            if (tuple3 != null) {
                Option option3 = (Option) tuple3._2();
                if (option3 instanceof Some) {
                    Origin origin2 = (Origin) ((Some) option3).value();
                    if (allowCORS$1(origin2, request.method(), cORSConfig)) {
                        return package$all$.MODULE$.toFunctorOps(kleisli.apply(request), applicative).map(response -> {
                            MODULE$.logger().debug(() -> {
                                return new StringBuilder(24).append("Adding CORS headers to ").append(request.method()).append(" ").append(request.uri()).toString();
                            }).unsafeRunSync();
                            return corsHeaders$1(origin2, request.method(), false, response, cORSConfig);
                        });
                    }
                    MODULE$.logger().debug(() -> {
                        return new StringBuilder(30).append("CORS headers were denied for ").append(request.method()).append(" ").append(request.uri()).toString();
                    }).unsafeRunSync();
                    return ApplicativeIdOps$.MODULE$.pure$extension(package$all$.MODULE$.catsSyntaxApplicativeId(Response$.MODULE$.apply(Status$.MODULE$.Forbidden(), Response$.MODULE$.apply$default$2(), Response$.MODULE$.apply$default$3(), Response$.MODULE$.apply$default$4(), Response$.MODULE$.apply$default$5())), applicative);
                }
            }
            return kleisli.apply(request);
        });
    }

    public <F, G> CORSConfig apply$default$2() {
        return CORSConfig$.MODULE$.m5702default();
    }

    public <F> Kleisli<?, Request<F>, Response<F>> httpRoutes(Kleisli<?, Request<F>, Response<F>> kleisli, Monad<F> monad) {
        return apply(kleisli, CORSConfig$.MODULE$.m5702default(), OptionT$.MODULE$.catsDataMonadErrorMonadForOptionT(monad));
    }

    public <F> Kleisli<F, Request<F>, Response<F>> httpApp(Kleisli<F, Request<F>, Response<F>> kleisli, Applicative<F> applicative) {
        return apply(kleisli, CORSConfig$.MODULE$.m5702default(), applicative);
    }

    private static final Response createOptionsResponse$1(Origin origin, Access$minusControl$minusRequest$minusMethod access$minusControl$minusRequest$minusMethod, CORSConfig cORSConfig) {
        return corsHeaders$1(origin, access$minusControl$minusRequest$minusMethod.method(), true, Response$.MODULE$.apply(Response$.MODULE$.apply$default$1(), Response$.MODULE$.apply$default$2(), Response$.MODULE$.apply$default$3(), Response$.MODULE$.apply$default$4(), Response$.MODULE$.apply$default$5()), cORSConfig);
    }

    private static final Option methodBasedHeader$1(boolean z, CORSConfig cORSConfig) {
        return z ? cORSConfig.allowedHeaders().map(set -> {
            return headerFromStrings$1(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_HEADERS, set);
        }) : cORSConfig.exposedHeaders().map(set2 -> {
            return headerFromStrings$1(HttpHeaders.Names.ACCESS_CONTROL_EXPOSE_HEADERS, set2);
        });
    }

    private static final Response varyHeader$1(Response response) {
        return None$.MODULE$.equals(Headers$.MODULE$.get$extension(response.headers(), package$.MODULE$.CIStringSyntax(new StringContext(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{"Vary"}))).ci(Nil$.MODULE$))) ? (Response) response.putHeaders(ScalaRunTime$.MODULE$.wrapRefArray(new Header.ToRaw[]{Header$ToRaw$.MODULE$.rawToRaw(MODULE$.defaultVaryHeader())})) : response;
    }

    private static final Response allowCredentialsHeader$1(Response response, CORSConfig cORSConfig) {
        return (cORSConfig.anyOrigin() || !cORSConfig.allowCredentials()) ? response : (Response) response.putHeaders(ScalaRunTime$.MODULE$.wrapRefArray(new Header.ToRaw[]{Header$ToRaw$.MODULE$.keyValuesToRaw(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_CREDENTIALS), BooleanUtils.TRUE))}));
    }

    private static final Response corsHeaders$1(Origin origin, Method method, boolean z, Response response, CORSConfig cORSConfig) {
        return (Response) varyHeader$1(allowCredentialsHeader$1((Response) methodBasedHeader$1(z, cORSConfig).fold(() -> {
            return response;
        }, raw -> {
            return (Response) response.putHeaders(ScalaRunTime$.MODULE$.wrapRefArray(new Header.ToRaw[]{Header$ToRaw$.MODULE$.rawToRaw(raw)}));
        }), cORSConfig)).putHeaders(ScalaRunTime$.MODULE$.wrapRefArray(new Header.ToRaw[]{Header$ToRaw$.MODULE$.modelledHeadersToRaw(new Access$minusControl$minusAllow$minusMethods((Set) cORSConfig.allowedMethods().getOrElse(() -> {
            return (Set) Predef$.MODULE$.Set().apply2(ScalaRunTime$.MODULE$.wrapRefArray(new Method[]{method}));
        })), Access$minusControl$minusAllow$minusMethods$.MODULE$.headerInstance()), Header$ToRaw$.MODULE$.keyValuesToRaw(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN), package$header$.MODULE$.http4sHeaderSyntax(origin, Origin$.MODULE$.headerInstance()).value())), Header$ToRaw$.MODULE$.modelledHeadersToRaw(Access$minusControl$minusMax$minusAge$.MODULE$.unsafeFromLong(RichLong$.MODULE$.max$extension(Predef$.MODULE$.longWrapper(cORSConfig.maxAge().toSeconds()), -1L)), Access$minusControl$minusMax$minusAge$.MODULE$.headerInstance())}));
    }

    private static final boolean allowOrigin$1(CORSConfig cORSConfig, Origin origin) {
        return cORSConfig.anyOrigin() || BoxesRunTime.unboxToBoolean(cORSConfig.allowedOrigins().apply(package$header$.MODULE$.http4sHeaderSyntax(origin, Origin$.MODULE$.headerInstance()).value()));
    }

    public static final /* synthetic */ boolean $anonfun$apply$9(Method method, Method method2) {
        return package$all$.MODULE$.catsSyntaxEq(method2, (Eq) Method$.MODULE$.catsInstancesForHttp4sMethod()).$eq$eq$eq(method);
    }

    public static final /* synthetic */ boolean $anonfun$apply$8(Method method, Set set) {
        return set.exists(method2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$apply$9(method, method2));
        });
    }

    private static final boolean allowMethod$1(CORSConfig cORSConfig, Method method) {
        return cORSConfig.anyMethod() || cORSConfig.allowedMethods().exists(set -> {
            return BoxesRunTime.boxToBoolean($anonfun$apply$8(method, set));
        });
    }

    private static final boolean allowCORS$1(Origin origin, Method method, CORSConfig cORSConfig) {
        return allowOrigin$1(cORSConfig, origin) && allowMethod$1(cORSConfig, method);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Header.Raw headerFromStrings$1(String str, Set set) {
        return new Header.Raw(CIString$.MODULE$.apply(str), set.mkString("", ", ", ""));
    }

    private CORS$() {
    }
}
