package com.xforceplus.xplat.bill.security.interceptor;

import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.xforceplus.xplat.bill.enums.Message;
import com.xforceplus.xplat.bill.model.ResourceModel;
import com.xforceplus.xplat.bill.model.RoleModel;
import com.xforceplus.xplat.bill.security.annotation.RequiresResources;
import com.xforceplus.xplat.bill.security.annotation.WithoutAuth;
import com.xforceplus.xplat.bill.security.config.AuthorityProperties;
import com.xforceplus.xplat.bill.security.domain.AuthorizedUser;
import com.xforceplus.xplat.bill.security.domain.IAuthorizedUser;
import com.xforceplus.xplat.bill.security.domain.UserInfoHolder;
import com.xforceplus.xplat.bill.security.domain.UserType;
import com.xforceplus.xplat.bill.security.jwt.JsonWebTokenService;
import com.xforceplus.xplat.bill.security.jwt.JsonWebTokenSettings;
import com.xforceplus.xplat.bill.security.util.CompressionUtils;
import com.xforceplus.xplat.bill.security.util.JsonUtils;
import com.xforceplus.xplat.bill.security.util.RequestUrlUtils;
import com.xforceplus.xplat.bill.security.util.RequestUtils;
import com.xforceplus.xplat.bill.service.api.IRoleService;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Set;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:com/xforceplus/xplat/bill/security/interceptor/BillUserContextInterceptor.class */
public class BillUserContextInterceptor implements HandlerInterceptor {
    private static final Logger logger = LoggerFactory.getLogger(BillUserContextInterceptor.class);

    @Autowired
    private Environment environment;

    @Autowired
    private AuthorityProperties authorityProperties;

    @Autowired
    private IRoleService roleService;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws IOException {
        String header;
        if ((obj instanceof ResourceHttpRequestHandler) || RequestUrlUtils.isStaticPage(httpServletRequest.getRequestURI())) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        if (handlerMethod.hasMethodAnnotation(WithoutAuth.class)) {
            return true;
        }
        Cookie cookie = WebUtils.getCookie(httpServletRequest, UserType.USER.tokenKey());
        if (cookie != null) {
            header = cookie.getValue();
        } else {
            logger.warn("Cookie中无token");
            header = httpServletRequest.getHeader(UserType.USER.tokenKey());
            if (StringUtils.isEmpty(header)) {
                logger.warn("Header中无token");
                header = WebUtils.findParameterValue(httpServletRequest, UserType.USER.tokenKey());
            }
        }
        if (StringUtils.isBlank(header)) {
            logger.warn("token isBlank, 访问失败，没有登录");
        }
        Claims claims = null;
        if (StringUtils.isNotBlank(header)) {
            try {
                claims = (Claims) Jwts.parser().setSigningKey(CompressionUtils.encode(JsonWebTokenSettings.signingKey)).parseClaimsJws(header).getBody();
            } catch (TokenExpiredException e) {
                logger.error("token过期异常TokenExpiredException,token=={}", header);
                responseUnauthorized("token过期，请重新登录", httpServletRequest, httpServletResponse);
                return false;
            } catch (ExpiredJwtException e2) {
                responseUnauthorized("token已过期，请重新登录", httpServletRequest, httpServletResponse);
                return false;
            } catch (Exception e3) {
                responseUnauthorized("token解析异常，请重新登录", httpServletRequest, httpServletResponse);
                return false;
            } catch (SignatureVerificationException e4) {
                logger.error("token解析异常SignatureVerificationException,token=={}", header);
                responseUnauthorized("token解析异常，请重新登录", httpServletRequest, httpServletResponse);
                return false;
            }
        }
        if (claims == null) {
            logger.warn("claims == null, 访问失败，没有登录");
            responseUnauthorized("访问失败，没有登录", httpServletRequest, httpServletResponse);
            return false;
        }
        if (new Date().after(claims.getExpiration())) {
            logger.warn("claims == null, 访问失败，没有登录");
            responseUnauthorized("访问失败，没有登录", httpServletRequest, httpServletResponse);
            return false;
        }
        RequiresResources requiresResources = (RequiresResources) handlerMethod.getMethodAnnotation(RequiresResources.class);
        if (requiresResources == null) {
            return true;
        }
        try {
            String checkResourceCode = checkResourceCode(header, requiresResources.value());
            logger.info("资源码校验结果,msg = {}", checkResourceCode);
            if (!StringUtils.isNotBlank(checkResourceCode)) {
                return true;
            }
            logger.warn("资源码校验没有通过, msg = {}", checkResourceCode);
            responseUnauthorized(checkResourceCode, httpServletRequest, httpServletResponse);
            return false;
        } catch (Exception e5) {
            logger.error("资源码校验发生异常", e5);
            responseUnauthorized("资源码校验发生异常", httpServletRequest, httpServletResponse);
            return false;
        }
    }

    private String checkResourceCode(String str, String str2) {
        if (str2 == null || str2.length() == 0) {
            return null;
        }
        boolean z = false;
        Iterator<RoleModel> it = this.roleService.getUserRoles(Long.valueOf(((IAuthorizedUser) JsonUtils.fromJson(JsonWebTokenService.validateToken(str).getAdditionalProperties().get("userInfo").toString(), AuthorizedUser.class)).getAccountId())).iterator();
        while (it.hasNext()) {
            Set<ResourceModel> resourceSet = it.next().getResourceSet();
            while (resourceSet.iterator().hasNext()) {
                if (str2.equalsIgnoreCase(resourceSet.iterator().next().getResourceCode())) {
                    z = true;
                }
            }
        }
        if (z) {
            return null;
        }
        return "资源码校验失败";
    }

    private void setUserInfoHolder(String str) {
        UserInfoHolder.put((IAuthorizedUser) JsonUtils.fromJson(str, AuthorizedUser.class));
    }

    private void responseUnauthorized(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean isAjaxRequest = RequestUtils.isAjaxRequest(httpServletRequest);
        String uriString = UriComponentsBuilder.fromUriString(this.environment.getProperty("bill.center.login.url", this.authorityProperties.getLoginUrl())).build().toUriString();
        if (!isAjaxRequest) {
            httpServletResponse.sendRedirect(uriString);
            return;
        }
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(401);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("respCode", Message.TOKEN_TIMEOUT.getCode());
        linkedHashMap.put("message", str);
        linkedHashMap.put("loginUrl", uriString);
        httpServletResponse.getWriter().write(JsonUtils.toJson(linkedHashMap));
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) {
        UserInfoHolder.clearContext();
    }
}
