package com.xforceplus.delivery.cloud.gateway.filter;

import com.xforceplus.delivery.cloud.common.api.ResultCode;
import com.xforceplus.delivery.cloud.common.util.StringUtils;
import com.xforceplus.delivery.cloud.gateway.exception.GwSystemException;
import com.xforceplus.delivery.cloud.secure.component.SecurityAuthorizeAntMatcher;
import com.xforceplus.delivery.cloud.secure.jjwt.JwtParser;
import com.xforceplus.delivery.cloud.secure.oauth.OAuth2Jwt;
import com.xforceplus.delivery.cloud.secure.oauth.OAuth2Principal;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpCookie;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.UriComponentsBuilder;
import reactor.core.publisher.Mono;

@Order(100)
@Component
/* loaded from: input_file:com/xforceplus/delivery/cloud/gateway/filter/GwJwtAuthorizationFilter.class */
public class GwJwtAuthorizationFilter implements GlobalFilter {
    private static final Logger log = LoggerFactory.getLogger(GwJwtAuthorizationFilter.class);

    @Autowired
    private OAuth2Jwt oAuth2Jwt;

    @Autowired
    private JwtParser jwtParser;

    @Autowired
    private SecurityAuthorizeAntMatcher securityAuthorizeAntMatcher;

    public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
        if (this.securityAuthorizeAntMatcher.match(serverWebExchange.getRequest().getURI().getPath())) {
            return gatewayFilterChain.filter(serverWebExchange);
        }
        Optional<String> accessToken = getAccessToken(serverWebExchange);
        if (!accessToken.isPresent()) {
            throw new GwSystemException(ResultCode.AUTHORIZATION_HEADER_IS_EMPTY);
        }
        String str = accessToken.get();
        return gatewayFilterChain.filter(wrapHeader(serverWebExchange, (OAuth2Principal) this.oAuth2Jwt.getPrincipal(str).orElseGet(OAuth2Principal::new), str));
    }

    private Optional<String> getAccessToken(ServerWebExchange serverWebExchange) {
        String first = serverWebExchange.getRequest().getHeaders().getFirst("Authorization");
        if (StringUtils.isBlank(first)) {
            first = (String) serverWebExchange.getRequest().getQueryParams().getFirst("bearerAccessToken");
            if (StringUtils.isBlank(first)) {
                HttpCookie httpCookie = (HttpCookie) serverWebExchange.getRequest().getCookies().getFirst("bearerAccessToken");
                first = httpCookie == null ? null : httpCookie.getValue();
            }
        }
        return this.jwtParser.getAccessToken(first);
    }

    private ServerWebExchange wrapHeader(ServerWebExchange serverWebExchange, OAuth2Principal oAuth2Principal, String str) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        ServerHttpRequest.Builder header = request.mutate().header("GW_JWT_UN", new String[]{oAuth2Principal.getUsername()}).header("GW_ADDRESS", new String[]{UriComponentsBuilder.fromHttpRequest(request).replacePath("").replaceQuery("").toUriString()});
        if (!org.apache.commons.lang3.StringUtils.startsWithIgnoreCase(request.getHeaders().getFirst("Authorization"), "Bearer")) {
            header = header.header("Authorization", new String[]{"Bearer " + str});
        }
        return serverWebExchange.mutate().request(header.build()).build();
    }
}
