package com.xforceplus.eccp.x.domain.common.intercepter;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.xforceplus.eccp.x.domain.common.auth.CurrentUser;
import com.xforceplus.eccp.x.domain.common.utils.ReqParamsHolder;
import com.xforceplus.tenantsecurity.annotation.WithoutAuth;
import com.xforceplus.tenantsecurity.domain.AuthorizedUser;
import com.xforceplus.tenantsecurity.domain.UserInfoHolder;
import com.xforceplus.tenantsecurity.jwt.JwtUtils;
import com.xforceplus.tenantsecurity.utils.CompressionUtils;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:com/xforceplus/eccp/x/domain/common/intercepter/NewTokenParserInterceptor.class */
public class NewTokenParserInterceptor implements HandlerInterceptor {
    private Logger logger = LoggerFactory.getLogger(NewTokenParserInterceptor.class);

    @Value("${tenant.security.jwt.secret:my_sessionjw_tsecret_xdfdffdsdfdfs_fat}")
    private String secret;

    @Value("${tenant.security.authority.default.login-url:http://paas-t.xforceplus.com/login/}")
    private String loginUrl;

    /* loaded from: input_file:com/xforceplus/eccp/x/domain/common/intercepter/NewTokenParserInterceptor$JwtConstants.class */
    public interface JwtConstants {
        public static final String TYPE_KEY = "type";
        public static final String USERINFO_KEY = "userinfo";
    }

    private boolean isStaticPage(String str) {
        List asList = Arrays.asList(".html", ".css", ".js", ".css", ".png", ".ttf");
        List<String> asList2 = Arrays.asList("swagger-resources/configuration/ui", "swagger-resources", "v2/api-docs", "swagger-resources/configuration/security", "health", "xplat/health", "error");
        if (StringUtils.isBlank(str)) {
            return false;
        }
        String trim = str.trim();
        if (StringUtils.startsWith(trim, "/")) {
            trim = StringUtils.substring(trim, 1);
        }
        for (String str2 : asList2) {
            if (trim.endsWith(str2)) {
                return true;
            }
            Iterator it = asList.iterator();
            while (it.hasNext()) {
                if (trim.endsWith(str2 + ((String) it.next()))) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws IOException {
        if (obj instanceof ResourceHttpRequestHandler) {
            return true;
        }
        if (isStaticPage(httpServletRequest.getRequestURI())) {
            this.logger.warn("TokenParser: isStaticPage");
            return true;
        }
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        if (handlerMethod.hasMethodAnnotation(WithoutAuth.class)) {
            return true;
        }
        String header = httpServletRequest.getHeader("x-access-token");
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getHeader("X-Access-Token");
        }
        if (StringUtils.isEmpty(header)) {
            this.logger.warn("TokenParser: Header中无x-access-token或X-Access-Token");
            Cookie cookie = WebUtils.getCookie(httpServletRequest, "xforce-saas-token");
            if (cookie != null) {
                header = cookie.getValue();
            }
            if (StringUtils.isEmpty(header)) {
                this.logger.warn("TokenParser: Cookie中无xforce-saas-token");
                header = WebUtils.findParameterValue(httpServletRequest, "x-access-token");
                this.logger.info("WebUtils.findParameterValue====" + header);
            }
        }
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getHeader("x-app-token");
        }
        if (StringUtils.isBlank(header)) {
            this.logger.warn("TokenParser: token is Blank, 访问失败，没有登录");
            responseUnauthorized("访问失败，没有登录", httpServletRequest, httpServletResponse);
            return false;
        }
        Map map = null;
        if (StringUtils.isNotBlank(header)) {
            if ("system-token".equalsIgnoreCase(header)) {
                CurrentUser.setCurrentTenant(0L);
                return true;
            }
            try {
                map = JwtUtils.verifyAndDecodeToken(this.secret, header);
            } catch (Exception e) {
                this.logger.error("token解析失败。,secret = " + this.secret + ", token=" + header, e);
                responseUnauthorized("token解析失败。", httpServletRequest, httpServletResponse);
                return false;
            } catch (TokenExpiredException e2) {
                this.logger.error("token过期异常TokenExpiredException,token=={}", header);
                responseUnauthorized("token过期，请重新登录", httpServletRequest, httpServletResponse);
                return false;
            }
        }
        if (map == null) {
            this.logger.warn("TokenParser: claims == null, Token解析返回为空");
            responseUnauthorized("Token解析返回为空", httpServletRequest, httpServletResponse);
            return false;
        }
        if (!"1".equals((String) map.get(JwtConstants.TYPE_KEY))) {
            this.logger.warn("TokenParser: claims == null, token非法，请重新登录");
            responseUnauthorized("token非法，请重新登录", httpServletRequest, httpServletResponse);
            return false;
        }
        String str = (String) map.get(JwtConstants.USERINFO_KEY);
        if (StringUtils.isBlank(str)) {
            this.logger.warn("TokenParser: userinfo is Blank, 访问失败，无效令牌");
            responseUnauthorized("访问失败，无效令牌", httpServletRequest, httpServletResponse);
            return false;
        }
        String decode = CompressionUtils.decode(str);
        if (StringUtils.isBlank(decode)) {
            this.logger.warn("TokenParser: userinfo == null, 访问失败，无效令牌");
            responseUnauthorized("访问失败，无效令牌", httpServletRequest, httpServletResponse);
            return false;
        }
        try {
            return setUserInfoHolder(decode, header, null, handlerMethod);
        } catch (Exception e3) {
            this.logger.error("TokenParser: {}，{}", "解析用户上下文发生异常 ", e3);
            responseUnauthorized("解析用户上下文发生异常 ", httpServletRequest, httpServletResponse);
            return false;
        }
    }

    private boolean setUserInfoHolder(String str, String str2, Long l, HandlerMethod handlerMethod) {
        JSONObject parseObject = JSON.parseObject(str);
        if (parseObject == null) {
            this.logger.warn("TokenParser: userinfo = " + str);
            return false;
        }
        AuthorizedUser authorizedUser = new AuthorizedUser();
        authorizedUser.setTenantName(parseObject.get("tenantName") + "");
        authorizedUser.setUsername(parseObject.get("username") + "");
        authorizedUser.setAccountId(Long.parseLong(parseObject.get("accountId") + ""));
        authorizedUser.setEmail(parseObject.get("email") + "");
        authorizedUser.setTenantCode(parseObject.get("tenantCode") + "");
        authorizedUser.setTenantId(Long.parseLong(parseObject.get("tenantId") + ""));
        authorizedUser.setMobile(parseObject.get("mobile") + "");
        authorizedUser.setId(Long.parseLong(parseObject.get("id") + ""));
        authorizedUser.setToken(str2);
        UserInfoHolder.put(authorizedUser);
        this.logger.info("TokenParser: setUserInfoHolder:  UserSessionInfo {}", JSON.toJSON(authorizedUser).toString());
        return true;
    }

    private void responseUnauthorized(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(401);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("code", "0");
        linkedHashMap.put("message", str);
        linkedHashMap.put("loginUrl", this.loginUrl);
        httpServletResponse.getWriter().write(JSON.toJSONString(linkedHashMap));
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) {
        UserInfoHolder.clearContext();
        ReqParamsHolder.clear();
    }
}
