package cn.antcore.security.handle;

import cn.antcore.security.annotation.ApiAuthorize;
import cn.antcore.security.exception.NotAuthorizeException;
import cn.antcore.security.filter.AuthorizeFilter;
import cn.antcore.security.session.UserSession;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

@Component
/* loaded from: input_file:cn/antcore/security/handle/ApiAuthorizeInterceptor.class */
public class ApiAuthorizeInterceptor implements HandlerInterceptor {

    @Autowired
    private AuthorizeFilter authorizeFilter;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        ApiAuthorize apiAuthorize = (ApiAuthorize) handlerMethod.getMethodAnnotation(ApiAuthorize.class);
        if (apiAuthorize == null) {
            return true;
        }
        if ((apiAuthorize.authority().length <= 0 && apiAuthorize.roles().length <= 0) || !(httpServletRequest.getSession() instanceof UserSession)) {
            return true;
        }
        if (this.authorizeFilter.check(httpServletRequest, httpServletResponse, handlerMethod, apiAuthorize, httpServletRequest.getSession().getUserDetails())) {
            return true;
        }
        throw new NotAuthorizeException("权限不足");
    }
}
