package io.jooby;

import io.jooby.Route;
import io.jooby.exception.InvalidCsrfToken;
import java.util.Objects;
import java.util.UUID;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.annotation.Nonnull;

/* loaded from: input_file:io/jooby/CsrfHandler.class */
public class CsrfHandler implements Route.Before {
    public static final Predicate<Context> DEFAULT_FILTER = context -> {
        return Router.POST.equals(context.getMethod()) || Router.DELETE.equals(context.getMethod()) || Router.PATCH.equals(context.getMethod()) || Router.PUT.equals(context.getMethod());
    };
    public static final Function<Context, String> DEFAULT_GENERATOR = context -> {
        return UUID.randomUUID().toString();
    };
    private String name;
    private Function<Context, String> generator;
    private Predicate<Context> filter;

    public CsrfHandler(String str) {
        this.generator = DEFAULT_GENERATOR;
        this.filter = DEFAULT_FILTER;
        this.name = str;
    }

    public CsrfHandler() {
        this("csrf");
    }

    @Override // io.jooby.Route.Before
    public void apply(@Nonnull Context context) throws Exception {
        Session session = context.session();
        String orElseGet = session.get(this.name).toOptional().orElseGet(() -> {
            String apply = this.generator.apply(context);
            session.put(this.name, apply);
            return apply;
        });
        context.attribute(this.name, orElseGet);
        if (this.filter.test(context)) {
            String str = (String) Stream.of((Object[]) new String[]{context.header(this.name).valueOrNull(), context.cookie(this.name).valueOrNull(), context.form(this.name).valueOrNull(), context.query(this.name).valueOrNull()}).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElse(null);
            if (!orElseGet.equals(str)) {
                throw new InvalidCsrfToken(str);
            }
        }
    }

    @Nonnull
    public CsrfHandler setTokenGenerator(@Nonnull Function<Context, String> function) {
        this.generator = function;
        return this;
    }

    @Nonnull
    public CsrfHandler setRequestFilter(@Nonnull Predicate<Context> predicate) {
        this.filter = predicate;
        return this;
    }
}
