package com.zopen.zweb.api.interceptor;

import com.google.gson.JsonElement;
import com.zcj.util.UtilString;
import com.zcj.web.context.HttpContextUtil;
import com.zcj.web.dto.ApiResult;
import com.zcj.web.exception.BusinessException;
import com.zopen.zweb.api.config.ApiInfo;
import com.zopen.zweb.api.service.ApiInterService;
import com.zopen.zweb.properties.ApiProperties;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:com/zopen/zweb/api/interceptor/ApiAuthInterceptor.class */
public class ApiAuthInterceptor implements HandlerInterceptor {
    private ApiProperties apiProperties;
    private ApiInterService apiInterService;

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) {
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) {
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        ApiVerify apiVerify;
        Long interFrom = this.apiProperties.getInterFrom();
        if (interFrom == null) {
            throw new BusinessException("接口权限验证失败：zopen.zweb.api.inter-from 参数未配置");
        }
        String tokenByRequest = ApiInfo.getTokenByRequest(httpServletRequest);
        String remoteIP = HttpContextUtil.getRemoteIP(httpServletRequest);
        String method = httpServletRequest.getMethod();
        String servletPath = httpServletRequest.getServletPath();
        if (UtilString.isBlank(tokenByRequest)) {
            throw new BusinessException("Authorization获取失败");
        }
        Map requestParamOrBody = HttpContextUtil.getRequestParamOrBody();
        requestParamOrBody.remove(ApiInfo.TOKEN_KEY);
        String[] strArr = null;
        if ((obj instanceof HandlerMethod) && (apiVerify = (ApiVerify) ((HandlerMethod) obj).getMethodAnnotation(ApiVerify.class)) != null) {
            strArr = apiVerify.hideArgs();
        }
        if (strArr != null && strArr.length > 0) {
            for (String str : strArr) {
                if (requestParamOrBody.containsKey(str)) {
                    requestParamOrBody.put(str, "***");
                }
            }
        }
        int i = 10000;
        HashMap hashMap = new HashMap();
        requestParamOrBody.forEach((obj2, obj3) -> {
            int i2 = 0;
            if (obj3 instanceof JsonElement) {
                i2 = ((JsonElement) obj3).toString().length();
            } else if (obj3 instanceof String) {
                i2 = ((String) obj3).length();
            }
            if (i2 <= i) {
                hashMap.put(obj2, obj3);
            } else {
                hashMap.put(obj2, "******");
            }
        });
        ApiResult verify = this.apiInterService.verify(tokenByRequest, remoteIP, interFrom, method, servletPath, HttpContextUtil.getStringByRequestMap(hashMap));
        if (verify == null) {
            throw new BusinessException("接口权限验证失败");
        }
        if (verify.success()) {
            return true;
        }
        throw new BusinessException("接口权限验证不通过：" + verify.getMessage());
    }

    public void setApiProperties(ApiProperties apiProperties) {
        this.apiProperties = apiProperties;
    }

    public void setApiInterService(ApiInterService apiInterService) {
        this.apiInterService = apiInterService;
    }
}
