package org.appng.appngizer.controller;

import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.appng.api.Platform;
import org.appng.api.Scope;
import org.appng.api.model.Properties;
import org.appng.api.support.environment.DefaultEnvironment;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.ui.ModelMap;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.context.request.WebRequestInterceptor;

/* loaded from: input_file:WEB-INF/lib/appng-appngizer-1.23.0-SNAPSHOT.jar:org/appng/appngizer/controller/SessionInterceptor.class */
public class SessionInterceptor implements WebRequestInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SessionInterceptor.class);

    @Override // org.springframework.web.context.request.WebRequestInterceptor
    public void preHandle(WebRequest webRequest) throws Exception {
        ServletWebRequest servletWebRequest = (ServletWebRequest) ServletWebRequest.class.cast(webRequest);
        HttpServletRequest request = servletWebRequest.getRequest();
        if ("/".equals(request.getPathInfo())) {
            return;
        }
        HttpSession session = request.getSession();
        String string = ((Properties) DefaultEnvironment.get(request.getServletContext()).getAttribute(Scope.PLATFORM, Platform.Environment.PLATFORM_CONFIG)).getString(Platform.Property.SHARED_SECRET);
        Enumeration<String> headers = request.getHeaders("Authorization");
        Boolean bool = false;
        while (true) {
            if (!headers.hasMoreElements()) {
                break;
            } else if (String.format("Bearer %s", string).equals(headers.nextElement())) {
                bool = true;
                break;
            }
        }
        if (Boolean.valueOf(bool.booleanValue() | Boolean.TRUE.equals(session.getAttribute("authorized"))).booleanValue()) {
            return;
        }
        LOGGER.info("session {} is not authorized, sending 403.", session.getId());
        servletWebRequest.getResponse().sendError(HttpStatus.FORBIDDEN.value(), "Please authenticate first!");
    }

    @Override // org.springframework.web.context.request.WebRequestInterceptor
    public void postHandle(WebRequest webRequest, ModelMap modelMap) throws Exception {
    }

    @Override // org.springframework.web.context.request.WebRequestInterceptor
    public void afterCompletion(WebRequest webRequest, Exception exc) throws Exception {
    }
}
