package io.quarkiverse.renarde.util;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.quarkiverse.renarde.impl.RenardeConfigBean;
import io.quarkus.smallrye.jwt.runtime.auth.JWTAuthMechanism;
import io.quarkus.smallrye.jwt.runtime.auth.SmallRyeJwtConfig;
import io.quarkus.vertx.http.runtime.security.ChallengeData;
import io.smallrye.mutiny.Uni;
import io.vertx.core.http.Cookie;
import io.vertx.ext.web.RoutingContext;
import jakarta.annotation.Priority;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.jboss.logging.Logger;

@ApplicationScoped
@Priority(2000)
/* loaded from: input_file:io/quarkiverse/renarde/util/RenardeJWTAuthMechanism.class */
public class RenardeJWTAuthMechanism extends JWTAuthMechanism {
    private static final Logger log = Logger.getLogger(RenardeJWTAuthMechanism.class);

    @Inject
    RenardeConfigBean config;

    @ConfigProperty(name = "quarkus.renarde.auth.location-cookie")
    String locationCookie;

    RenardeJWTAuthMechanism() {
        this(null);
    }

    public RenardeJWTAuthMechanism(SmallRyeJwtConfig smallRyeJwtConfig) {
        super(smallRyeJwtConfig);
    }

    public int getPriority() {
        return -1000;
    }

    protected void storeInitialLocation(RoutingContext routingContext) {
        routingContext.response().addCookie(Cookie.cookie(this.locationCookie, routingContext.request().absoluteURI()).setPath("/").setSecure(routingContext.request().isSSL()));
    }

    static Uni<ChallengeData> getRedirect(RoutingContext routingContext, String str) {
        return Uni.createFrom().item(new ChallengeData(302, "Location", routingContext.request().scheme() + "://" + routingContext.request().host() + str));
    }

    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        if (routingContext.request().headers().get(HttpHeaderNames.AUTHORIZATION) != null) {
            return super.getChallenge(routingContext);
        }
        if (routingContext.request().uri().equals(this.config.getLoginPage())) {
            log.errorf("Avoiding redirect loop, make sure that your endpoint annotated with @LoginPage is accessible without being authenticated: %s", this.config.getLoginPage());
            return super.getChallenge(routingContext);
        }
        storeInitialLocation(routingContext);
        return getRedirect(routingContext, this.config.getLoginPage());
    }
}
