package net.bluemind.webmodule.cspfilter;

import io.vertx.core.http.HttpServerRequest;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import net.bluemind.webmodule.server.IWebFilter;
import net.bluemind.webmodule.server.SecurityConfig;
import net.bluemind.webmodule.server.WebserverConfiguration;
import net.bluemind.webmodule.server.forward.ForwardedLocation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/webmodule/cspfilter/CSPFilter.class */
public class CSPFilter implements IWebFilter {
    private static final Logger logger = LoggerFactory.getLogger(CSPFilter.class);

    public CompletableFuture<HttpServerRequest> filter(HttpServerRequest httpServerRequest, WebserverConfiguration webserverConfiguration) {
        if (needCspHeaders(httpServerRequest, webserverConfiguration)) {
            httpServerRequest.response().putHeader("Content-Security-Policy", "connect-src 'self' ws: wss: https: blob:; default-src 'self' ws: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: ");
            httpServerRequest.response().putHeader("Feature-Policy", "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'self'; execution-while-out-of-viewport 'self'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; layout-animations 'none'; layout-animations 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials 'none'; sync-xhr 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'; ");
        } else if (logger.isDebugEnabled()) {
            logger.debug("No CSP Headers for {}", httpServerRequest.path());
        }
        return CompletableFuture.completedFuture(httpServerRequest);
    }

    private boolean needCspHeaders(HttpServerRequest httpServerRequest, WebserverConfiguration webserverConfiguration) {
        if (!SecurityConfig.cspHeader) {
            return false;
        }
        Optional findFirst = webserverConfiguration.getForwardedLocations().stream().filter(forwardedLocation -> {
            return httpServerRequest.path().startsWith(forwardedLocation.getPathPrefix());
        }).findFirst();
        if (findFirst.isPresent()) {
            return ((ForwardedLocation) findFirst.get()).cspEnabled();
        }
        return true;
    }
}
