package noo.rest.security;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import noo.exception.BusinessException;
import noo.exception.ExpCode;
import noo.exception.SessionTimeoutException;
import noo.util.S;
import org.springframework.data.redis.core.StringRedisTemplate;

/* loaded from: input_file:noo/rest/security/UsualHandler.class */
public class UsualHandler {
    private SecuritySetting us;
    private StringRedisTemplate redis;

    public UsualHandler(SecuritySetting securitySetting, StringRedisTemplate stringRedisTemplate) {
        this.us = securitySetting;
        this.redis = stringRedisTemplate;
    }

    public void process(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws Exception {
        AbstractUser retrieveUser = retrieveUser(httpServletRequest, httpServletResponse);
        if (retrieveUser == null) {
            httpServletResponse.setStatus(401);
            httpServletResponse.getWriter().print(new SessionTimeoutException().toString());
            return;
        }
        try {
            if (this.us.canAccess(retrieveUser, str)) {
                AuthContext.set(retrieveUser);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                httpServletResponse.setStatus(403);
                SecueHelper.writeResponse(httpServletResponse, new BusinessException(ExpCode.AUTHORIZE, "没有权限访问！").toString());
            }
        } finally {
            AuthContext.clear();
        }
    }

    private AbstractUser retrieveUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String header = httpServletRequest.getHeader(SecueHelper.HEADER_KEY);
        if (S.isBlank(header) && SecueHelper.isWebSocket(httpServletRequest)) {
            header = httpServletRequest.getHeader("Sec-WebSocket-Protocol");
            httpServletResponse.setHeader("Sec-WebSocket-Protocol", header);
        }
        if (S.isBlank(header)) {
            return null;
        }
        return SecueHelper.retrieveUser(header, this.us, SecueHelper.getClient(httpServletRequest), this.redis);
    }
}
