package com.xforceplus.tenantsecurity.interceptor;

import com.auth0.jwt.exceptions.TokenExpiredException;
import com.xforceplus.tenantsecurity.annotation.SkipAuth;
import com.xforceplus.tenantsecurity.config.AuthorityProperties;
import com.xforceplus.tenantsecurity.domain.AuthorizedUser;
import com.xforceplus.tenantsecurity.domain.IAuthorizedUser;
import com.xforceplus.tenantsecurity.domain.UserInfoHolder;
import com.xforceplus.tenantsecurity.domain.UserType;
import com.xforceplus.tenantsecurity.jwt.JwtUtils;
import com.xforceplus.tenantsecurity.utils.CompressionUtils;
import com.xforceplus.tenantsecurity.utils.JsonUtils;
import com.xforceplus.tenantsecurity.utils.RequestUrlUtils;
import com.xforceplus.tenantsecurity.utils.RequestUtils;
import java.io.IOException;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.env.Environment;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:com/xforceplus/tenantsecurity/interceptor/UserContextInterceptor.class */
public class UserContextInterceptor implements HandlerInterceptor {
    private static final Logger logger = LoggerFactory.getLogger(UserContextInterceptor.class);

    @Autowired
    private Environment environment;

    @Autowired
    private AuthorityProperties authorityProperties;

    @Value("${xforce.tenant_security.adapter.interceptors.default_user_info:}")
    private String defaultUserInfoJson;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws IOException {
        if ((obj instanceof ResourceHttpRequestHandler) || RequestUrlUtils.isStaticPage(httpServletRequest.getRequestURI())) {
            return true;
        }
        if (((HandlerMethod) obj).hasMethodAnnotation(SkipAuth.class)) {
            if (!StringUtils.isNotEmpty(this.defaultUserInfoJson)) {
                return true;
            }
            setUserInfoHolder(this.defaultUserInfoJson);
            return true;
        }
        Cookie cookie = WebUtils.getCookie(httpServletRequest, "xforce-saas-token");
        if (cookie == null) {
            responseUnauthorized("无效token，请登录", httpServletRequest, httpServletResponse);
            return false;
        }
        String value = cookie.getValue();
        if (StringUtils.isBlank(value)) {
            logger.warn("token isBlank, 访问失败，没有登录");
        }
        Map map = null;
        if (StringUtils.isNotBlank(value)) {
            try {
                map = JwtUtils.verifyToken(value);
            } catch (TokenExpiredException e) {
                logger.error("token过期异常TokenExpiredException,token=={}", value);
                responseUnauthorized("token过期，请重新登录", httpServletRequest, httpServletResponse);
                return false;
            }
        }
        if (map == null) {
            logger.warn("claims == null, 访问失败，没有登录");
            responseUnauthorized("访问失败，没有登录", httpServletRequest, httpServletResponse);
            return false;
        }
        if (!UserType.USER.value().equals((String) map.get("type"))) {
            logger.warn("claims == null, token非法，请重新登录");
            responseUnauthorized("token非法，请重新登录", httpServletRequest, httpServletResponse);
            return false;
        }
        String str = (String) map.get("userinfo");
        if (StringUtils.isBlank(str)) {
            logger.warn("userinfo isBlank, 访问失败，无效令牌");
            responseUnauthorized("访问失败，无效令牌", httpServletRequest, httpServletResponse);
            return false;
        }
        String decode = CompressionUtils.decode(str);
        if (StringUtils.isBlank(decode)) {
            logger.warn("userinfo == null, 访问失败，无效令牌");
            responseUnauthorized("访问失败，无效令牌", httpServletRequest, httpServletResponse);
            return false;
        }
        try {
            setUserInfoHolder(decode, value);
            return true;
        } catch (Exception e2) {
            logger.error("解析用户上下文发生异常", e2);
            responseUnauthorized("解析用户上下文发生异常", httpServletRequest, httpServletResponse);
            return false;
        }
    }

    private void setUserInfoHolder(String str) {
        UserInfoHolder.put((IAuthorizedUser) JsonUtils.fromJson(str, AuthorizedUser.class));
    }

    private void setUserInfoHolder(String str, String str2) {
        AuthorizedUser authorizedUser = (AuthorizedUser) JsonUtils.fromJson(str, AuthorizedUser.class);
        authorizedUser.setToken(str2);
        UserInfoHolder.put(authorizedUser);
    }

    private void responseUnauthorized(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean isAjaxRequest = RequestUtils.isAjaxRequest(httpServletRequest);
        String header = httpServletRequest.getHeader("Referer");
        if (header == null) {
            header = httpServletRequest.getRequestURL().toString();
        }
        String uriString = UriComponentsBuilder.fromUriString(this.environment.getProperty("seedeer.authority.login_url", this.authorityProperties.getLoginUrl())).queryParam("redirect", new Object[]{header}).build().toUriString();
        if (!isAjaxRequest) {
            httpServletResponse.sendRedirect(uriString);
            return;
        }
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(401);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("code", "0");
        linkedHashMap.put("message", str);
        linkedHashMap.put("loginUrl", uriString);
        httpServletResponse.getWriter().write(JsonUtils.toJson(linkedHashMap));
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) {
        UserInfoHolder.clearContext();
    }
}
