package com.xforceplus.xplatsecurity.admin;

import com.xforceplus.xplatsecurity.annotation.SkipAuth;
import com.xforceplus.xplatsecurity.api.TokenService;
import com.xforceplus.xplatsecurity.api.TokenValidateException;
import com.xforceplus.xplatsecurity.domain.ContextHolder;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.skywalking.apm.toolkit.trace.TraceContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@Component
/* loaded from: input_file:com/xforceplus/xplatsecurity/admin/AdminAppApiSecurityInterceptor.class */
public class AdminAppApiSecurityInterceptor extends HandlerInterceptorAdapter {
    public static final Logger logger = LoggerFactory.getLogger(AdminAppApiSecurityInterceptor.class);
    final String KEY_ACCESS_TOKEN = "X-Access-Token";

    @Autowired
    TokenService tokenService;

    @Autowired
    AdminSessionInfoConvert convert;

    @Autowired
    ContextHolder contextHolder;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        httpServletResponse.addHeader("X-TId", TraceContext.traceId());
        if (!(obj instanceof HandlerMethod) || Arrays.stream(((HandlerMethod) obj).getMethod().getAnnotations()).anyMatch(annotation -> {
            return annotation.annotationType().equals(SkipAuth.class);
        })) {
            return true;
        }
        String header = httpServletRequest.getHeader("X-Access-Token");
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getParameter("X-Access-Token");
        }
        if (StringUtils.isEmpty(header)) {
            throw new TokenValidateException("token不能为空");
        }
        try {
            AdminUserContext adminUserContext = new AdminUserContext();
            adminUserContext.setAccessToken(header);
            adminUserContext.setSessionInfo(this.convert.toObj(header));
            this.contextHolder.put(adminUserContext);
            return true;
        } catch (Exception e) {
            throw new TokenValidateException("token解析失败，token = " + header, e);
        }
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        this.contextHolder.clearContext();
    }
}
