package org.jooby.handlers;

import com.google.common.collect.ImmutableSet;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.function.Function;
import java.util.function.Predicate;
import org.jooby.Err;
import org.jooby.Request;
import org.jooby.Response;
import org.jooby.Route;
import org.jooby.Session;
import org.jooby.Status;

/* loaded from: input_file:org/jooby/handlers/CsrfHandler.class */
public class CsrfHandler implements Route.Filter {
    private final Set<String> REQUIRE_ON;
    private String name;
    private Function<Request, String> generator;
    private Predicate<Request> requireToken;

    public CsrfHandler(String str) {
        this.REQUIRE_ON = ImmutableSet.of(Route.POST, Route.PUT, Route.DELETE, Route.PATCH);
        this.name = (String) Objects.requireNonNull(str, "Name is required.");
        tokenGen(request -> {
            return UUID.randomUUID().toString();
        });
        requireTokenOn(request2 -> {
            return this.REQUIRE_ON.contains(request2.method());
        });
    }

    public CsrfHandler() {
        this("csrf");
    }

    public CsrfHandler tokenGen(Function<Request, String> function) {
        this.generator = (Function) Objects.requireNonNull(function, "Generator is required.");
        return this;
    }

    public CsrfHandler requireTokenOn(Predicate<Request> predicate) {
        this.requireToken = (Predicate) Objects.requireNonNull(predicate, "RequireToken predicate is required.");
        return this;
    }

    @Override // org.jooby.Route.Filter
    public void handle(Request request, Response response, Route.Chain chain) throws Throwable {
        Session session = request.session();
        String orElseGet = session.get(this.name).toOptional().orElseGet(() -> {
            String apply = this.generator.apply(request);
            session.set(this.name, apply);
            return apply;
        });
        request.set(this.name, orElseGet);
        if (this.requireToken.test(request)) {
            String orElseGet2 = request.header(this.name).toOptional().orElseGet(() -> {
                return request.param(this.name).toOptional().orElse(null);
            });
            if (!orElseGet.equals(orElseGet2)) {
                throw new Err(Status.FORBIDDEN, "Invalid Csrf token: " + orElseGet2);
            }
        }
        chain.next(request, response);
    }
}
