/**
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.camel.swagger.servlet;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.apache.camel.spi.RestConfiguration;

/**
 * A simple CORS filter that can used to allow the swagger ui or other API browsers from remote origins to access the
 * Rest services exposes by this Camel swagger component.
 * <p/>
 * You can configure CORS headers in the init parameters to the Servlet Filter using the names:
 * <ul>
 *     <li>Access-Control-Allow-Origin</li>
 *     <li>Access-Control-Allow-Methods</li>
 *     <li>Access-Control-Allow-Headers</li>
 *     <li>Access-Control-Max-Age</li>
 * </ul>
 * If a parameter is not configured then the default value is used.
 * The default values are defined as:
 * <ul>
 *     <li>{@link RestConfiguration#CORS_ACCESS_CONTROL_ALLOW_ORIGIN}</li>
 *     <li>{@link RestConfiguration#CORS_ACCESS_CONTROL_ALLOW_METHODS}</li>
 *     <li>{@link RestConfiguration#CORS_ACCESS_CONTROL_ALLOW_HEADERS}</li>
 *     <li>{@link RestConfiguration#CORS_ACCESS_CONTROL_MAX_AGE}</li>
 * </ul>
 */
public class RestSwaggerCorsFilter implements Filter {

    private final Map<String, String> corsHeaders = new HashMap<String, String>();

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        String s = filterConfig.getInitParameter("Access-Control-Allow-Origin");
        if (s != null) {
            corsHeaders.put("Access-Control-Allow-Origin", s);
        }
        s = filterConfig.getInitParameter("Access-Control-Allow-Methods");
        if (s != null) {
            corsHeaders.put("Access-Control-Allow-Methods", s);
        }
        s = filterConfig.getInitParameter("Access-Control-Allow-Headers");
        if (s != null) {
            corsHeaders.put("Access-Control-Allow-Headers", s);
        }
        s = filterConfig.getInitParameter("Access-Control-Max-Age");
        if (s != null) {
            corsHeaders.put("Access-Control-Max-Age", s);
        }
    }

    @Override
    public void destroy() {
        // noop
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse res = (HttpServletResponse) response;

        setupCorsHeaders(res, corsHeaders);

        chain.doFilter(request, response);
    }

    private static void setupCorsHeaders(HttpServletResponse response, Map<String, String> corsHeaders) {
        // use default value if none has been configured
        String allowOrigin = corsHeaders != null ? corsHeaders.get("Access-Control-Allow-Origin") : null;
        if (allowOrigin == null) {
            allowOrigin = RestConfiguration.CORS_ACCESS_CONTROL_ALLOW_ORIGIN;
        }
        String allowMethods = corsHeaders != null ? corsHeaders.get("Access-Control-Allow-Methods") : null;
        if (allowMethods == null) {
            allowMethods = RestConfiguration.CORS_ACCESS_CONTROL_ALLOW_METHODS;
        }
        String allowHeaders = corsHeaders != null ? corsHeaders.get("Access-Control-Allow-Headers") : null;
        if (allowHeaders == null) {
            allowHeaders = RestConfiguration.CORS_ACCESS_CONTROL_ALLOW_HEADERS;
        }
        String maxAge = corsHeaders != null ? corsHeaders.get("Access-Control-Max-Age") : null;
        if (maxAge == null) {
            maxAge = RestConfiguration.CORS_ACCESS_CONTROL_MAX_AGE;
        }

        response.setHeader("Access-Control-Allow-Origin", allowOrigin);
        response.setHeader("Access-Control-Allow-Methods", allowMethods);
        response.setHeader("Access-Control-Allow-Headers", allowHeaders);
        response.setHeader("Access-Control-Max-Age", maxAge);
    }

}