package com.xforceplus.bi.commons.functionpermission;

import com.xforceplus.bi.commons.functionpermission.anno.HasMenu;
import com.xforceplus.bi.commons.functionpermission.anno.WithoutAuth;
import com.xforceplus.bi.commons.integration.platform.AuthSource;
import com.xforceplus.bi.commons.integration.user.beans.UserInfo;
import com.xforceplus.bi.commons.integration.user.utils.BiTokenKey;
import com.xforceplus.bi.commons.integration.user.utils.RequestUserContext;
import com.xforceplus.bi.commons.webutils.RequestUrlUtils;
import com.xforceplus.bi.commons.webutils.authexclude.AuthExcludeConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.util.CollectionUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

@EnableConfigurationProperties({AuthExcludeConfig.class})
/* loaded from: input_file:com/xforceplus/bi/commons/functionpermission/FunctionPermissionInterceptor.class */
public class FunctionPermissionInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(FunctionPermissionInterceptor.class);

    @Value("${xforce.auth.customerTokenKey:}")
    private String customerTokenKey;

    @Autowired
    private AuthExcludeConfig authExcludeConfig;

    @Autowired
    private UserCacheService userCacheService;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String requestURI = httpServletRequest.getRequestURI();
        boolean isStaticPage = RequestUrlUtils.isStaticPage(requestURI);
        boolean isOpenApi = RequestUrlUtils.isOpenApi(requestURI, this.authExcludeConfig.getExclude());
        if (isStaticPage || isOpenApi) {
            return true;
        }
        if (RequestUrlUtils.isAskOpenForDatasource(httpServletRequest)) {
            UserInfo userInfo = new UserInfo();
            userInfo.setId("VIP");
            userInfo.setAuthSource(AuthSource.BI_LOGIN);
            RequestUserContext.set(userInfo);
            return true;
        }
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        if (((WithoutAuth) handlerMethod.getMethodAnnotation(WithoutAuth.class)) != null) {
            return true;
        }
        UserInfo user = this.userCacheService.getUser(httpServletRequest.getHeader(getTokenKey(httpServletRequest)));
        if (user == null) {
            noAuth(httpServletResponse);
            return false;
        }
        HasMenu hasMenu = (HasMenu) handlerMethod.getMethodAnnotation(HasMenu.class);
        if (hasMenu == null || hasMenu.value() == null || hasMenu.value().length == 0) {
            return true;
        }
        if (CollectionUtils.isEmpty(user.getMenus())) {
            noAuth(httpServletResponse);
            return false;
        }
        boolean z = true;
        int length = hasMenu.value().length - 1;
        while (true) {
            if (length < 0) {
                break;
            }
            if (!user.getMenus().contains(hasMenu.value()[length])) {
                noAuth(httpServletResponse);
                z = false;
                break;
            }
            length--;
        }
        return z;
    }

    private String getTokenKey(HttpServletRequest httpServletRequest) {
        if (StringUtils.isNotEmpty(this.customerTokenKey)) {
            return this.customerTokenKey;
        }
        String str = BiTokenKey.get(httpServletRequest);
        return StringUtils.isNotEmpty(str) ? str : "X-Access-Token";
    }

    private void noAuth(HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(401);
    }
}
