package com.xforceplus.xplatsecurity.mobile;

import com.xforceplus.tenantsecurity.domain.AuthorizedUser;
import com.xforceplus.tenantsecurity.domain.UserInfoHolder;
import com.xforceplus.tenantsecurity.domain.UserType;
import com.xforceplus.tenantsecurity.utils.CompressionUtils;
import com.xforceplus.tenantsecurity.utils.JsonUtils;
import com.xforceplus.xplatsecurity.annotation.SkipAuth;
import com.xforceplus.xplatsecurity.api.TokenValidateException;
import com.xforceplus.xplatsecurity.domain.ContextHolder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.skywalking.apm.toolkit.trace.TraceContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;

@Component
/* loaded from: input_file:com/xforceplus/xplatsecurity/mobile/MobileAppApiSecurityInterceptor.class */
public class MobileAppApiSecurityInterceptor extends HandlerInterceptorAdapter {
    public static final Logger logger = LoggerFactory.getLogger(MobileAppApiSecurityInterceptor.class);

    @Autowired
    ContextHolder<MobileUserContext> contextHolder;

    @Value("${xforce.tenant_security.appid:}")
    private String appid;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (obj instanceof ResourceHttpRequestHandler) {
            return true;
        }
        httpServletResponse.addHeader("X-TId", TraceContext.traceId());
        if (!(obj instanceof HandlerMethod) || ((HandlerMethod) obj).hasMethodAnnotation(SkipAuth.class)) {
            return true;
        }
        String header = httpServletRequest.getHeader(UserType.USER.userinfoKey());
        if (StringUtils.isEmpty(header)) {
            throw new TokenValidateException("userinfo不能为空");
        }
        String decode = CompressionUtils.decode(header);
        try {
            if (StringUtils.isNotEmpty(decode)) {
                return setUserInfoHolder(decode);
            }
            logger.warn("userInfo == null");
            return true;
        } catch (Exception e) {
            logger.error("解析用户上下文发生异常", e);
            return false;
        }
    }

    private boolean setUserInfoHolder(String str) {
        AuthorizedUser authorizedUser = (AuthorizedUser) JsonUtils.fromJson(str, AuthorizedUser.class);
        MobileUserContext mobileUserContext = new MobileUserContext();
        mobileUserContext.setAccessToken(str);
        MobileSessionInfo mobileSessionInfo = new MobileSessionInfo();
        mobileSessionInfo.setAccountId(authorizedUser.getAccountId());
        mobileSessionInfo.setAppId(this.appid);
        mobileSessionInfo.setAuthType(1);
        mobileSessionInfo.setSysUserId(authorizedUser.getId());
        mobileSessionInfo.setSysUserName(authorizedUser.getUsername());
        mobileSessionInfo.setTenantId(authorizedUser.getTenantId());
        mobileSessionInfo.setTenantName(authorizedUser.getTenantName());
        mobileUserContext.setSessionInfo(mobileSessionInfo);
        this.contextHolder.put(mobileUserContext);
        UserInfoHolder.put(authorizedUser);
        return true;
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        this.contextHolder.clearContext();
    }
}
