package com.blade.security.web.auth;

import com.blade.kit.StringKit;
import com.blade.mvc.Const;
import com.blade.mvc.WebContext;
import com.blade.mvc.hook.Signature;
import com.blade.mvc.hook.WebHook;
import com.blade.mvc.http.Request;
import com.blade.mvc.http.Response;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/blade/security/web/auth/BasicAuthMiddleware.class */
public class BasicAuthMiddleware implements WebHook {
    private static final Logger log = LoggerFactory.getLogger(BasicAuthMiddleware.class);
    private static final int AUTH_LENGTH = 6;
    private static final int AUTH_FIELD_LENGTH = 2;
    private String username;
    private String password;

    @Override // com.blade.mvc.hook.WebHook
    public boolean before(Signature signature) {
        if (null == this.username) {
            this.username = WebContext.blade().environment().get(Const.ENV_KEY_AUTH_USERNAME, "blade");
            this.password = WebContext.blade().environment().get(Const.ENV_KEY_AUTH_PASSWORD, "blade");
        }
        Request request = signature.request();
        if (null != request.session().attribute("basic_auth")) {
            return true;
        }
        Response response = signature.response();
        if (checkHeaderAuth(request)) {
            return true;
        }
        response.unauthorized();
        response.header("Cache-Control", "no-store");
        response.header("Expires", "0");
        response.header("WWW-authenticate", "Basic Realm=\"Blade\"");
        return false;
    }

    private boolean checkHeaderAuth(Request request) {
        String header = request.header("Authorization");
        log.debug("Authorization: {}", header);
        if (!StringKit.isNotBlank(header) || header.length() <= 6) {
            return false;
        }
        String fromBASE64 = getFromBASE64(header.substring(6, header.length()));
        log.debug("Authorization decode: {}", fromBASE64);
        String[] split = fromBASE64.split(":");
        if (split.length != 2 || !this.username.equals(split[0]) || !this.password.equals(split[1])) {
            return false;
        }
        request.session().attribute("basic_auth", fromBASE64);
        return true;
    }

    private String getFromBASE64(String str) {
        if (str == null) {
            return null;
        }
        try {
            return new String(Base64.getDecoder().decode(str));
        } catch (Exception e) {
            return null;
        }
    }
}
