package de.jens98.clansystem.utils.api.rest.routes.filter;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

@WebFilter(urlPatterns = {"/*"})
/* loaded from: input_file:de/jens98/clansystem/utils/api/rest/routes/filter/BearerTokenAuthFilter.class */
public class BearerTokenAuthFilter implements Filter {
    private static final String BEARER_PREFIX = "Bearer ";
    public static String validToken;

    @Override // jakarta.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        httpServletResponse.setHeader("X-Frame-Options", "DENY");
        String header = ((HttpServletRequest) servletRequest).getHeader("Authorization");
        if (header == null || !header.startsWith(BEARER_PREFIX)) {
            httpServletResponse.setStatus(401);
            httpServletResponse.getWriter().write("Authorization header is missing or malformed");
            return;
        }
        if (validToken.equals(header.substring(BEARER_PREFIX.length()))) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            httpServletResponse.setStatus(401);
            httpServletResponse.getWriter().write("Invalid token");
        }
    }

    public static String getBEARER_PREFIX() {
        return BEARER_PREFIX;
    }

    public static void setValidToken(String str) {
        validToken = str;
    }

    public static String getValidToken() {
        return validToken;
    }
}
