package incheon.com.config;

import java.util.Arrays;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

/**
 * CDN 및 외부 리소스 모두 차단.
 */
@Component
@Profile({"DEV", "dev", "LOCAL", "local"})
public class CSPOncePerRequestFilter extends OncePerRequestFilter {

	@Autowired
	private Environment environment;

	@Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
		boolean isLocalProfile = environment != null
				&& Arrays.stream(environment.getActiveProfiles())
						.anyMatch(p -> "local".equalsIgnoreCase(p));

		//cctvsec.ktict.co.kr: ITS OPEN API 실시간 CCTV 스트리밍 URL 패턴 : 인천시에서 제공하는 API 명세 나오면 제거 예정입니다. (김승현)
		//https://dapi.kakao.com/v2/local/search/keyword.json: Kakao 키워드 검색 테스트 : i map 3D 키워드 검색 위한 테스트 url 입니다. (김명준)
		String csp = isLocalProfile
			? "default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vworld.kr inmap.incheon-int.go.kr cctvsec.ktict.co.kr:* https://cctv.fitic.go.kr https://apis-navi.kakaomobility.com https://dapi.kakao.com/v2/local/search/keyword.json blob: data:;"
			+ "img-src 'self' *.vworld.kr *.incheon.go.kr data: blob:;"
			+ "media-src 'self' https://cctvsec.ktict.co.kr:* https://cctv.fitic.go.kr https://dapi.kakao.com/v2/local/search/keyword.json blob:;"
			+ "frame-src 'self' https://imap.incheon.go.kr;"
			: "default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vworld.kr cctvsec.ktict.co.kr:* https://cctv.fitic.go.kr https://apis-navi.kakaomobility.com https://dapi.kakao.com/v2/local/search/keyword.json blob: data:;"
			+ "img-src 'self' *.vworld.kr *.incheon.go.kr data: blob:;"
			+ "media-src 'self' https://cctvsec.ktict.co.kr:* https://cctv.fitic.go.kr blob:; "
			+ "frame-src 'self' https://imap.incheon.go.kr;";
		response.addHeader("Content-Security-Policy", csp);
		filterChain.doFilter(request, response);
	}

}