/*
    * Copyright (c) 2002-2016, Mairie de Paris
    * All rights reserved.
    *
    * Redistribution and use in source and binary forms, with or without
    * modification, are permitted provided that the following conditions
    * are met:
    *
    *  1. Redistributions of source code must retain the above copyright notice
   *     and the following disclaimer.
   *
   *  2. Redistributions in binary form must reproduce the above copyright notice
   *     and the following disclaimer in the documentation and/or other materials
   *     provided with the distribution.
   *
   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
   *     contributors may be used to endorse or promote products derived from
   *     this software without specific prior written permission.
   *
   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   * POSSIBILITY OF SUCH DAMAGE.
   *
   * License 1.0
   */
  package fr.paris.lutece.plugins.avatarserver.service;
  
  import fr.paris.lutece.portal.service.util.AppLogService;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import org.apache.commons.lang.StringUtils;
  import org.springframework.util.AntPathMatcher;
  import org.springframework.util.PathMatcher;
  
  /**
   * HttpUtils
   */
  public class HttpUtils
  {
      private static final String HEADER_ACCESS_CONTROL_METHODS = "Access-Control-Allow-Methods";
      private static final String HEADER_ACCESS_CONTROL_ORIGIN = "Access-Control-Allow-Origin";
      private static final String HEADER_ACCESS_CONTROL_CREDENTIALS = "Access-Control-Allow-Credentials";
      private static final PathMatcher PATH_MATCHER = new AntPathMatcher( );
  
      public static final String HEADER_ORIGIN = "origin";
  
      /**
       * Get the origin header
       * @param request The HTTP request
       * @return the header value
       */
      public static String getHeaderOrigin( HttpServletRequest request )
      {
          return request.getHeader( HEADER_ORIGIN );
      }
  
      /**
       * Check if a domain is valid according a list of patterns
       * @param strDomain The domain
       * @param strValidPatterns A list of valid domain patterns separated by a comma.
       * @return true if valid
       */
      public static boolean isValidDomain( String strDomain, String strValidPatterns )
      {
          boolean bValid = false;
          
          if( !StringUtils.isEmpty( strValidPatterns ) )
          {
  
              String[] aAuthorizedDomains = strValidPatterns.split( "," );
  
              for( String strAuthorizedDomain : aAuthorizedDomains )
              {
                  if( PATH_MATCHER.match( strAuthorizedDomain.trim() , strDomain.trim() ) )
                  {
                      bValid = true;
                      break;
                  }
              }
          }
          if( !bValid )
          {
              AppLogService.info( "AvatarServer : request rent from an invalid domain : " + strDomain );
          }
          return bValid;
      }
  
      /**
       * Set access control headers of a given response object
       * @param response The response
       * @param strMethods The Methods header value
      * @param strOrigin The Origin header value
      * @param strCredentials The Credentials header value
      */
     public static void setAccessControlHeaders( HttpServletResponse response, String strMethods, String strOrigin, String strCredentials )
     {
         response.addHeader( HEADER_ACCESS_CONTROL_METHODS, strMethods );
         response.addHeader( HEADER_ACCESS_CONTROL_ORIGIN, strOrigin );
         response.addHeader( HEADER_ACCESS_CONTROL_CREDENTIALS, strCredentials );
     }
 
 }