package com.xforceplus.tenant.security.server.interceptor;

import com.auth0.jwt.exceptions.TokenExpiredException;
import com.xforceplus.domain.user.view.ExtraInfo;
import com.xforceplus.tenant.security.core.annotation.Authorization;
import com.xforceplus.tenant.security.core.annotation.NeedExtraInfo;
import com.xforceplus.tenant.security.core.annotation.WithoutAuth;
import com.xforceplus.tenant.security.core.context.UserInfoHolder;
import com.xforceplus.tenant.security.core.domain.AuthorizedUser;
import com.xforceplus.tenant.security.core.domain.IAuthorizedUser;
import com.xforceplus.tenant.security.core.domain.Org;
import com.xforceplus.tenant.security.core.domain.UserType;
import com.xforceplus.tenant.security.core.jwt.JwtUtils;
import com.xforceplus.tenant.security.core.utils.CompressionUtils;
import com.xforceplus.tenant.security.core.utils.RequestUtils;
import com.xforceplus.tenant.security.server.config.AuthorityProperties;
import com.xforceplus.tenant.security.token.domain.TokenRole;
import io.geewit.core.utils.enums.BinaryUtils;
import io.geewit.web.utils.JsonUtils;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.EnumSet;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.HandlerMapping;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.WebUtils;

@EnableConfigurationProperties({AuthorityProperties.class})
/* loaded from: input_file:com/xforceplus/tenant/security/server/interceptor/UserContextInterceptor.class */
public class UserContextInterceptor implements HandlerInterceptor, ApplicationContextAware {
    private static final Logger logger = LoggerFactory.getLogger(UserContextInterceptor.class);

    @Autowired(required = false)
    private AuthorityProperties authorityProperties;

    @Value("${xforce.tenant_security.adapter.interceptors.default_user_info:}")
    private String defaultUserInfoJson;

    @Value("${xforce.tenant.security.jwt.secret:my_sessionjw_tsecret_xdfdffdsdfdfs}")
    private String secret;

    @Value("${xforce.tenant.security.appid:}")
    private String appid;
    private ApplicationContext applicationContext;

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws IOException {
        String header;
        if ((obj instanceof ResourceHttpRequestHandler) || RequestUtils.isStaticPage(httpServletRequest.getRequestURI())) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        if (handlerMethod.hasMethodAnnotation(WithoutAuth.class)) {
            if (!StringUtils.isNotEmpty(this.defaultUserInfoJson)) {
                return true;
            }
            setUserInfoHolder(this.defaultUserInfoJson);
            return true;
        }
        Cookie cookie = WebUtils.getCookie(httpServletRequest, UserType.USER.tokenKey());
        if (cookie != null) {
            header = cookie.getValue();
        } else {
            logger.warn("Cookie中无token");
            header = httpServletRequest.getHeader(UserType.USER.tokenKey());
            if (StringUtils.isEmpty(header)) {
                logger.warn("Header中无token");
                header = WebUtils.findParameterValue(httpServletRequest, UserType.USER.tokenKey());
            }
        }
        if (StringUtils.isBlank(header)) {
            logger.warn("token isBlank, 访问失败，没有登录");
        }
        Map map = null;
        if (StringUtils.isNotBlank(header)) {
            try {
                map = JwtUtils.verifyAndDecodeToken(this.secret, header);
            } catch (TokenExpiredException e) {
                logger.error("token过期异常TokenExpiredException,token=={}", header);
                responseUnauthorized("token过期，请重新登录", httpServletRequest, httpServletResponse);
                return false;
            } catch (Exception e2) {
                logger.error("token解析失败。,secret = " + this.secret + ", token=" + header, e2);
                responseUnauthorized("token解析失败。", httpServletRequest, httpServletResponse);
                return false;
            }
        }
        if (map == null) {
            logger.warn("claims == null, 访问失败，没有登录");
            responseUnauthorized("访问失败，没有登录", httpServletRequest, httpServletResponse);
            return false;
        }
        if (!UserType.USER.value().equals((String) map.get("type"))) {
            logger.warn("claims == null, token非法，请重新登录");
            responseUnauthorized("token非法，请重新登录", httpServletRequest, httpServletResponse);
            return false;
        }
        String str = (String) map.get("userinfo");
        if (StringUtils.isBlank(str)) {
            logger.warn("userinfo isBlank, 访问失败，无效令牌");
            responseUnauthorized("访问失败，无效令牌", httpServletRequest, httpServletResponse);
            return false;
        }
        String decode = CompressionUtils.decode(str);
        if (StringUtils.isBlank(decode)) {
            logger.warn("userinfo == null, 访问失败，无效令牌");
            responseUnauthorized("访问失败，无效令牌", httpServletRequest, httpServletResponse);
            return false;
        }
        Authorization methodAnnotation = handlerMethod.getMethodAnnotation(Authorization.class);
        if (methodAnnotation != null) {
            try {
                String checkResourceCode = checkResourceCode(header, methodAnnotation.value());
                logger.info("资源码校验结果,msg = {}", checkResourceCode);
                if (StringUtils.isNotBlank(checkResourceCode)) {
                    logger.warn("资源码校验没有通过, msg = {}", checkResourceCode);
                    responseUnauthorized(checkResourceCode, httpServletRequest, httpServletResponse);
                    return false;
                }
            } catch (Exception e3) {
                logger.error("资源码校验发生异常", e3);
                responseUnauthorized("资源码校验发生异常", httpServletRequest, httpServletResponse);
                return false;
            }
        }
        String header2 = httpServletRequest.getHeader("tenantId");
        if (header2 == null) {
            header2 = (String) ((Map) httpServletRequest.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE)).get("tenantId");
        }
        Long l = null;
        if (header2 != null) {
            try {
                l = Long.valueOf(Long.parseLong(header2));
            } catch (NumberFormatException e4) {
                logger.info(e4.getMessage() + ", tenantId = " + header2);
                l = null;
            }
        }
        try {
            return setUserInfoHolder(decode, header, l, handlerMethod);
        } catch (Exception e5) {
            logger.error("解析用户上下文发生异常", e5);
            responseUnauthorized("解析用户上下文发生异常", httpServletRequest, httpServletResponse);
            return false;
        }
    }

    private String checkResourceCode(String str, String[] strArr) {
        return null;
    }

    private void setUserInfoHolder(String str) {
        UserInfoHolder.put((IAuthorizedUser) JsonUtils.fromJson(str, AuthorizedUser.class));
    }

    private <O extends Org<O>, R extends TokenRole> boolean setUserInfoHolder(String str, String str2, Long l, HandlerMethod handlerMethod) {
        logger.info("token = " + str2);
        AuthorizedUser authorizedUser = (AuthorizedUser) JsonUtils.fromJson(str, AuthorizedUser.class);
        if (authorizedUser == null) {
            logger.warn("userinfo = " + str);
            return false;
        }
        if (l != null) {
            authorizedUser.setTenantId(l);
        }
        try {
            logger.info("appId:" + Integer.parseInt(this.appid));
            NeedExtraInfo methodAnnotation = handlerMethod.getMethodAnnotation(NeedExtraInfo.class);
            EnumSet noneOf = EnumSet.noneOf(ExtraInfo.class);
            if (methodAnnotation != null) {
                if (methodAnnotation.orgs()) {
                    noneOf.add(ExtraInfo.orgs);
                }
                if (methodAnnotation.companies()) {
                    noneOf.add(ExtraInfo.companies);
                }
                if (methodAnnotation.resources()) {
                    noneOf.add(ExtraInfo.resources);
                }
                if (methodAnnotation.currentOrgs()) {
                    noneOf.add(ExtraInfo.currentOrgs);
                }
                if (methodAnnotation.parentCompanies()) {
                    noneOf.add(ExtraInfo.parentCompanies);
                }
            }
            BinaryUtils.toBinary(noneOf);
            authorizedUser.setToken(str2);
            UserInfoHolder.put(authorizedUser);
            return true;
        } catch (NumberFormatException e) {
            logger.warn("未设置appid");
            return false;
        }
    }

    private void responseUnauthorized(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean isAjaxRequest = RequestUtils.isAjaxRequest(httpServletRequest);
        String loginUrl = this.authorityProperties.getLoginUrl();
        logger.info("loginUrl = " + loginUrl);
        String uriString = UriComponentsBuilder.fromUriString(loginUrl).build().toUriString();
        if (!isAjaxRequest) {
            httpServletResponse.sendRedirect(uriString);
            return;
        }
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setStatus(401);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("code", "0");
        linkedHashMap.put("message", str);
        linkedHashMap.put("loginUrl", uriString);
        httpServletResponse.getWriter().write(JsonUtils.toJson(linkedHashMap));
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) {
        UserInfoHolder.clearContext();
    }
}
