package group.idealworld.dew.core.web.interceptor;

import com.ecfront.dew.common.$;
import com.ecfront.dew.common.StandardCode;
import group.idealworld.dew.Dew;
import group.idealworld.dew.core.DewContext;
import group.idealworld.dew.core.auth.dto.OptInfo;
import group.idealworld.dew.core.web.error.ErrorController;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.security.auth.message.AuthException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:group/idealworld/dew/core/web/interceptor/BasicHandlerInterceptor.class */
public class BasicHandlerInterceptor extends HandlerInterceptorAdapter {
    private static final String URL_SPLIT = "@";
    private AntPathMatcher pathMatcher = new AntPathMatcher();
    private static final Logger logger = LoggerFactory.getLogger(BasicHandlerInterceptor.class);
    private static Set<String> BLACK_URIS = new HashSet();
    private static Map<String, Set<String>> ROLE_AUTH = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicHandlerInterceptor() {
        if (Dew.dewConfig != null && Dew.dewConfig.getSecurity().getRouter().isEnabled()) {
            fillAuthInfo(Dew.dewConfig.getSecurity().getRouter().getBlackUri(), Dew.dewConfig.getSecurity().getRouter().getRoleAuth());
        }
    }

    public static void fillAuthInfo(Map<String, List<String>> map, Map<String, Map<String, List<String>>> map2) {
        if (map != null) {
            BLACK_URIS = formatUris(map);
        }
        if (map2 != null) {
            HashMap hashMap = new HashMap();
            map2.forEach((str, map3) -> {
                formatUris(map3).forEach(str -> {
                    if (!hashMap.containsKey(str)) {
                        hashMap.put(str, new HashSet());
                    }
                    ((Set) hashMap.get(str)).add(str);
                });
            });
            ROLE_AUTH = hashMap;
        }
    }

    private static Set<String> formatUris(Map<String, List<String>> map) {
        Set<String> set = (Set) map.entrySet().stream().filter(entry -> {
            return (((String) entry.getKey()).equalsIgnoreCase("all") || ((String) entry.getKey()).equalsIgnoreCase("*")) ? false : true;
        }).flatMap(entry2 -> {
            return ((List) entry2.getValue()).stream().map(str -> {
                return ((String) entry2.getKey()).toLowerCase() + "@" + str;
            });
        }).collect(Collectors.toSet());
        map.entrySet().stream().filter(entry3 -> {
            return ((String) entry3.getKey()).equalsIgnoreCase("all") || ((String) entry3.getKey()).equalsIgnoreCase("*");
        }).flatMap(entry4 -> {
            return ((List) entry4.getValue()).stream();
        }).forEach(str -> {
            set.add("get@" + str);
            set.add("post@" + str);
            set.add("put@" + str);
            set.add("delete@" + str);
            set.add("patch@" + str);
            set.add("head@" + str);
        });
        return set;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String parameter;
        String parameter2;
        httpServletResponse.addHeader("Access-Control-Allow-Origin", Dew.dewConfig.getSecurity().getCors().getAllowOrigin());
        httpServletResponse.addHeader("Access-Control-Allow-Methods", Dew.dewConfig.getSecurity().getCors().getAllowMethods());
        httpServletResponse.addHeader("Access-Control-Allow-Headers", Dew.dewConfig.getSecurity().getCors().getAllowHeaders());
        httpServletResponse.addHeader("Access-Control-Max-Age", "3600000");
        httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-store");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        if (httpServletRequest.getMethod().equalsIgnoreCase("OPTIONS") || httpServletRequest.getMethod().equalsIgnoreCase("HEAD")) {
            return super.preHandle(httpServletRequest, httpServletResponse, obj);
        }
        if (Dew.dewConfig.getSecurity().isTokenInHeader()) {
            parameter = httpServletRequest.getHeader(Dew.dewConfig.getSecurity().getTokenFlag());
            parameter2 = httpServletRequest.getHeader(Dew.dewConfig.getSecurity().getTokenKindFlag());
        } else {
            parameter = httpServletRequest.getParameter(Dew.dewConfig.getSecurity().getTokenFlag());
            parameter2 = httpServletRequest.getParameter(Dew.dewConfig.getSecurity().getTokenKindFlag());
        }
        if (parameter != null) {
            parameter = URLDecoder.decode(parameter, StandardCharsets.UTF_8);
            if (Dew.dewConfig.getSecurity().isTokenHash()) {
                parameter = $.security.digest.digest(parameter, "MD5");
            }
        }
        if (parameter2 == null) {
            parameter2 = OptInfo.DEFAULT_TOKEN_KIND_FLAG;
        }
        if (Dew.dewConfig.getSecurity().getRouter().isEnabled()) {
            String lowerCase = httpServletRequest.getMethod().toLowerCase();
            if (lowerCase.equalsIgnoreCase(HttpMethod.OPTIONS.name())) {
                return false;
            }
            String str = lowerCase + "@" + httpServletRequest.getRequestURI().replaceAll("/+$", "");
            if (BLACK_URIS.stream().anyMatch(str2 -> {
                return this.pathMatcher.match(str2, str);
            })) {
                ErrorController.error(httpServletRequest, httpServletResponse, Integer.parseInt(StandardCode.FORBIDDEN.toString()), String.format("The current [%s][%s] request is not allowed", httpServletRequest.getMethod(), httpServletRequest.getRequestURI()), AuthException.class.getName());
                return false;
            }
            if (!ROLE_AUTH.isEmpty()) {
                String str3 = parameter;
                if (!((Boolean) ROLE_AUTH.keySet().stream().filter(str4 -> {
                    return this.pathMatcher.match(str4, str);
                }).min(this.pathMatcher.getPatternComparator(str)).map(str5 -> {
                    if (StringUtils.isEmpty(str3)) {
                        return false;
                    }
                    Set<String> set = ROLE_AUTH.get(str5);
                    return (Boolean) Dew.auth.getOptInfo(str3).map(optInfo -> {
                        Stream<R> map = optInfo.getRoleInfo().stream().map((v0) -> {
                            return v0.getCode();
                        });
                        Objects.requireNonNull(set);
                        return Boolean.valueOf(map.anyMatch((v1) -> {
                            return r1.contains(v1);
                        }));
                    }).orElse(false);
                }).orElse(true)).booleanValue()) {
                    ErrorController.error(httpServletRequest, httpServletResponse, Integer.parseInt(StandardCode.UNAUTHORIZED.toString()), String.format("The current[%s][%s] request role is not allowed", httpServletRequest.getMethod(), httpServletRequest.getRequestURI()), AuthException.class.getName());
                    return false;
                }
            }
        }
        DewContext dewContext = new DewContext();
        dewContext.setId($.field.createUUID());
        dewContext.setSourceIP(Dew.Util.getRealIP(httpServletRequest));
        dewContext.setRequestUri(httpServletRequest.getRequestURI());
        dewContext.setToken(parameter);
        dewContext.setTokenKind(parameter2);
        DewContext.setContext(dewContext);
        Logger logger2 = logger;
        Object[] objArr = new Object[4];
        objArr[0] = httpServletRequest.getMethod();
        objArr[1] = httpServletRequest.getRequestURI();
        objArr[2] = httpServletRequest.getQueryString() == null ? "" : "?" + httpServletRequest.getQueryString();
        objArr[3] = Dew.context().getSourceIP();
        logger2.trace("[{}] {}{} from {}", objArr);
        return super.preHandle(httpServletRequest, httpServletResponse, obj);
    }
}
