package inc.yukawa.chain.security.boot.config;

import inc.yukawa.chain.security.jwt.config.WebFluxSecurityBase;
import java.util.ArrayList;
import java.util.List;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.SecurityWebFilterChain;
import reactor.core.publisher.Mono;

@Profile({"jwt", "!open"})
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
/* loaded from: input_file:inc/yukawa/chain/security/boot/config/WebSecurityJwt.class */
public class WebSecurityJwt extends WebFluxSecurityBase {
    @Bean({"security.PermitEndpoints"})
    public List<String> permitAllEndpoints() {
        ArrayList arrayList = new ArrayList(super.permitAllEndpoints());
        arrayList.add("/oauth/token");
        arrayList.add("/auth/token");
        arrayList.add("/auth/login");
        arrayList.add("/auth/refresh");
        return arrayList;
    }

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
        return ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) configureBase(serverHttpSecurity).authorizeExchange().pathMatchers(new String[]{"/accounts*", "/admin/*"})).access((mono, authorizationContext) -> {
            return isAdmin(mono);
        }).and().authorizeExchange().anyExchange().authenticated().and().build();
    }

    protected Mono<AuthorizationDecision> isAdmin(Mono<Authentication> mono) {
        return hasAnyAuthority(mono, new String[]{"ROLE_ADMIN", "ROLE_AUTH_ADMIN"});
    }
}
