package org.dspace.app.rest;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.data.rest.webmvc.ControllerUtils;
import org.springframework.hateoas.RepresentationModel;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/security"})
@RestController
/* loaded from: input_file:org/dspace/app/rest/CsrfRestController.class */
public class CsrfRestController {

    @Autowired
    @Lazy
    CsrfTokenRepository csrfTokenRepository;

    @GetMapping({"/csrf"})
    @PreAuthorize("permitAll()")
    public ResponseEntity<RepresentationModel<?>> getCsrf(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, CsrfToken csrfToken) {
        this.csrfTokenRepository.saveToken(csrfToken, httpServletRequest, httpServletResponse);
        return ControllerUtils.toEmptyResponse(HttpStatus.NO_CONTENT);
    }
}
