package cn.hiauth.client.gateway;

import cn.hiauth.client.JwtUtils;
import cn.hiauth.client.SessionContext;
import cn.hiauth.client.SessionContextHolder;
import cn.hutool.json.JSONUtil;
import cn.hutool.jwt.JWT;
import cn.webestar.scms.commons.Assert;
import cn.webestar.scms.commons.CommonException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:cn/hiauth/client/gateway/AuthGatewayFilterFactory.class */
public class AuthGatewayFilterFactory extends AbstractGatewayFilterFactory<Config> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(AuthGatewayFilterFactory.class);
    private final AntPathMatcher matcher;
    private final HiAuthClientGatewayProperties hiAuthClientGatewayProperties;
    private final RedisTemplate<String, String> redisTemplate;

    /* loaded from: input_file:cn/hiauth/client/gateway/AuthGatewayFilterFactory$Config.class */
    public static class Config {
        private String clientName;
        private boolean enabled;

        @Generated
        public Config() {
        }

        @Generated
        public String getClientName() {
            return this.clientName;
        }

        @Generated
        public boolean isEnabled() {
            return this.enabled;
        }

        @Generated
        public void setClientName(String str) {
            this.clientName = str;
        }

        @Generated
        public void setEnabled(boolean z) {
            this.enabled = z;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Config)) {
                return false;
            }
            Config config = (Config) obj;
            if (!config.canEqual(this) || isEnabled() != config.isEnabled()) {
                return false;
            }
            String clientName = getClientName();
            String clientName2 = config.getClientName();
            return clientName == null ? clientName2 == null : clientName.equals(clientName2);
        }

        @Generated
        protected boolean canEqual(Object obj) {
            return obj instanceof Config;
        }

        @Generated
        public int hashCode() {
            int i = (1 * 59) + (isEnabled() ? 79 : 97);
            String clientName = getClientName();
            return (i * 59) + (clientName == null ? 43 : clientName.hashCode());
        }

        @Generated
        public String toString() {
            return "AuthGatewayFilterFactory.Config(clientName=" + getClientName() + ", enabled=" + isEnabled() + ")";
        }
    }

    public AuthGatewayFilterFactory(HiAuthClientGatewayProperties hiAuthClientGatewayProperties, RedisTemplate<String, String> redisTemplate) {
        super(Config.class);
        this.matcher = new AntPathMatcher();
        this.hiAuthClientGatewayProperties = hiAuthClientGatewayProperties;
        this.redisTemplate = redisTemplate;
    }

    public GatewayFilter apply(Config config) {
        return (serverWebExchange, gatewayFilterChain) -> {
            try {
                checkAuth(serverWebExchange, this.hiAuthClientGatewayProperties.getClients().get(config.getClientName()).getCachePrefix());
                return gatewayFilterChain.filter(serverWebExchange).then(Mono.fromRunnable(() -> {
                })).then();
            } catch (Exception e) {
                return handleException(serverWebExchange, e);
            }
        };
    }

    private void checkAuth(ServerWebExchange serverWebExchange, String str) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        String value = request.getPath().pathWithinApplication().value();
        if ("OPTIONS".equalsIgnoreCase(serverWebExchange.getRequest().getMethod().name()) || !matcherAuthUrl(value)) {
            return;
        }
        SessionContext sessionContext = getSessionContext(request, str);
        Assert.notNull(sessionContext, 10401, "request fail");
        Assert.notNull(str, 10401, "cachePrefix is null");
        SessionContextHolder.setContext(sessionContext);
    }

    public boolean matcherAuthUrl(String str) {
        Iterator<String> it = this.hiAuthClientGatewayProperties.getAuthUris().iterator();
        while (it.hasNext()) {
            if (this.matcher.match(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    private SessionContext getSessionContext(ServerHttpRequest serverHttpRequest, String str) {
        String first = serverHttpRequest.getHeaders().getFirst("Authorization");
        Assert.notNull(first, 10401, "miss token");
        String decode = URLDecoder.decode(first, StandardCharsets.UTF_8);
        Assert.isTrue(decode.startsWith("Bearer"), 10401, "miss bearer");
        String trim = decode.substring("Bearer".length()).trim();
        JWT parseToken = JwtUtils.parseToken(trim);
        Assert.notNull(parseToken, 10401, "invalid token");
        String str2 = (String) parseToken.getPayload("sub");
        Assert.notNull(str2, 10401, "invalid token");
        String str3 = (String) this.redisTemplate.opsForValue().get(String.format("%s:security:accessToken:%s:%s", str, str2, trim));
        Assert.notNull(str3, 10401, "invalid token");
        SessionContext sessionContext = (SessionContext) JSONUtil.toBean(str3, SessionContext.class);
        Assert.notNull(sessionContext, 10401, "invalid token");
        return sessionContext;
    }

    private Mono<Void> handleException(ServerWebExchange serverWebExchange, Throwable th) {
        String str;
        serverWebExchange.getResponse().setStatusCode(HttpStatus.INTERNAL_SERVER_ERROR);
        serverWebExchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON);
        Integer num = 50000;
        if (th instanceof CommonException) {
            num = ((CommonException) th).getCode();
            str = th.getMessage();
        } else {
            str = "系统异常";
        }
        return serverWebExchange.getResponse().writeWith(Mono.just(serverWebExchange.getResponse().bufferFactory().wrap(String.format("{ \"code\": %d, \"message\": \"%s\" }", num, str).getBytes())));
    }

    public List<String> shortcutFieldOrder() {
        return Arrays.asList("clientName", "enabled");
    }
}
