package play.filters.csrf;

import play.api.mvc.RequestHeader;
import play.filters.csrf.CSRF;
import play.libs.F;
import play.mvc.Action;
import play.mvc.Http;
import play.mvc.Result;
import scala.Option;

/* loaded from: input_file:play/filters/csrf/RequireCSRFCheckAction.class */
public class RequireCSRFCheckAction extends Action<RequireCSRFCheck> {
    private final String tokenName = CSRFConf$.MODULE$.TokenName();
    private final Option<String> cookieName = CSRFConf$.MODULE$.CookieName();
    private final CSRFAction$ CSRFAction = CSRFAction$.MODULE$;
    private final CSRF.TokenProvider tokenProvider = CSRFConf$.MODULE$.defaultTokenProvider();

    public F.Promise<Result> call(Http.Context context) throws Throwable {
        String[] strArr;
        RequestHeader _requestHeader = context._requestHeader();
        if (this.CSRFAction.checkCsrfBypass(_requestHeader)) {
            return this.delegate.call(context);
        }
        Option<String> tokenFromHeader = this.CSRFAction.getTokenFromHeader(_requestHeader, this.tokenName, this.cookieName);
        if (!tokenFromHeader.isDefined()) {
            return F.Promise.pure(handleTokenError("CSRF token not found in session"));
        }
        String str = null;
        Option<String> tokenFromQueryString = this.CSRFAction.getTokenFromQueryString(_requestHeader, this.tokenName);
        if (tokenFromQueryString.isDefined()) {
            str = (String) tokenFromQueryString.get();
        } else if (context.request().body().asFormUrlEncoded() != null) {
            String[] strArr2 = (String[]) context.request().body().asFormUrlEncoded().get(this.tokenName);
            if (strArr2 != null && strArr2.length > 0) {
                str = strArr2[0];
            }
        } else if (context.request().body().asMultipartFormData() != null && (strArr = (String[]) context.request().body().asMultipartFormData().asFormUrlEncoded().get(this.tokenName)) != null && strArr.length > 0) {
            str = strArr[0];
        }
        return str != null ? this.tokenProvider.compareTokens(str, (String) tokenFromHeader.get()) ? this.delegate.call(context) : F.Promise.pure(handleTokenError("CSRF tokens don't match")) : F.Promise.pure(handleTokenError("CSRF token not found in body or query string"));
    }

    private Result handleTokenError(String str) throws Exception {
        return ((RequireCSRFCheck) this.configuration).error().newInstance().handle(str);
    }
}
