package group.idealworld.dew.core.web.interceptor;

import com.ecfront.dew.common.StandardCode;
import group.idealworld.dew.Dew;
import group.idealworld.dew.core.DewContext;
import group.idealworld.dew.core.web.error.ErrorController;
import jakarta.security.auth.message.AuthException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.ObjectUtils;
import org.springframework.web.servlet.AsyncHandlerInterceptor;

/* loaded from: input_file:group/idealworld/dew/core/web/interceptor/RouterHandlerInterceptor.class */
public class RouterHandlerInterceptor implements AsyncHandlerInterceptor {
    private static final String URL_SPLIT = "@";
    private final AntPathMatcher pathMatcher = new AntPathMatcher();
    private static final Logger LOGGER = LoggerFactory.getLogger(RouterHandlerInterceptor.class);
    private static Set<String> blockUris = new HashSet();
    private static Map<String, Set<String>> roleAuth = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public RouterHandlerInterceptor() {
        fillAuthInfo(Dew.dewConfig.getSecurity().getRouter().getBlockUri(), Dew.dewConfig.getSecurity().getRouter().getRoleAuth());
    }

    public static void fillAuthInfo(Map<String, List<String>> map, Map<String, Map<String, List<String>>> map2) {
        if (map != null) {
            blockUris = formatUris(map);
        }
        if (map2 != null) {
            HashMap hashMap = new HashMap();
            map2.forEach((str, map3) -> {
                formatUris(map3).forEach(str -> {
                    if (!hashMap.containsKey(str)) {
                        hashMap.put(str, new HashSet());
                    }
                    ((Set) hashMap.get(str)).add(str);
                });
            });
            roleAuth = hashMap;
        }
    }

    private static Set<String> formatUris(Map<String, List<String>> map) {
        Set<String> set = (Set) map.entrySet().stream().filter(entry -> {
            return (((String) entry.getKey()).equalsIgnoreCase("all") || ((String) entry.getKey()).equalsIgnoreCase("*")) ? false : true;
        }).flatMap(entry2 -> {
            return ((List) entry2.getValue()).stream().map(str -> {
                return ((String) entry2.getKey()).toLowerCase() + "@" + str;
            });
        }).collect(Collectors.toSet());
        map.entrySet().stream().filter(entry3 -> {
            return ((String) entry3.getKey()).equalsIgnoreCase("all") || ((String) entry3.getKey()).equalsIgnoreCase("*");
        }).flatMap(entry4 -> {
            return ((List) entry4.getValue()).stream();
        }).forEach(str -> {
            set.add("get@" + str);
            set.add("post@" + str);
            set.add("put@" + str);
            set.add("delete@" + str);
            set.add("patch@" + str);
            set.add("head@" + str);
        });
        return set;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String lowerCase = httpServletRequest.getMethod().toLowerCase();
        if (lowerCase.equalsIgnoreCase(HttpMethod.OPTIONS.name())) {
            return false;
        }
        String str = lowerCase + "@" + httpServletRequest.getRequestURI().replaceAll("/+$", "");
        if (blockUris.stream().anyMatch(str2 -> {
            return this.pathMatcher.match(str2, str);
        })) {
            ErrorController.error(httpServletRequest, httpServletResponse, Integer.parseInt(StandardCode.FORBIDDEN.toString()), String.format("The current [%s][%s] request is not allowed", httpServletRequest.getMethod(), httpServletRequest.getRequestURI()), AuthException.class.getName());
            return false;
        }
        if (roleAuth.isEmpty() || ((Boolean) roleAuth.keySet().stream().filter(str3 -> {
            return this.pathMatcher.matchStart(str3, str);
        }).min(this.pathMatcher.getPatternComparator(str)).map(str4 -> {
            if (ObjectUtils.isEmpty(DewContext.getContext().getToken())) {
                return false;
            }
            Set<String> set = roleAuth.get(str4);
            return (Boolean) (Dew.dewConfig.getSecurity().isIdentInfoEnabled() ? DewContext.getContext().optInfo() : Dew.auth.getOptInfo(DewContext.getContext().getToken())).map(optInfo -> {
                boolean z;
                if (optInfo.getRoles() != null) {
                    Stream stream = Arrays.stream(optInfo.getRoles());
                    Objects.requireNonNull(set);
                    if (stream.anyMatch((v1) -> {
                        return r1.contains(v1);
                    })) {
                        z = true;
                        return Boolean.valueOf(z);
                    }
                }
                z = false;
                return Boolean.valueOf(z);
            }).orElse(false);
        }).orElse(true)).booleanValue()) {
            return true;
        }
        ErrorController.error(httpServletRequest, httpServletResponse, Integer.parseInt(StandardCode.UNAUTHORIZED.toString()), String.format("The current[%s][%s] request role is not allowed", httpServletRequest.getMethod(), httpServletRequest.getRequestURI()), AuthException.class.getName());
        return false;
    }
}
