package y9.oauth2.resource.filter;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import lombok.Generated;
import net.risesoft.enums.platform.SexEnum;
import net.risesoft.exception.ErrorCode;
import net.risesoft.exception.GlobalErrorCodeEnum;
import net.risesoft.model.log.AccessLog;
import net.risesoft.model.user.UserInfo;
import net.risesoft.model.user.UserProfile;
import net.risesoft.pojo.Y9Result;
import net.risesoft.y9.Y9LoginUserHolder;
import net.risesoft.y9.json.Y9JsonUtil;
import net.risesoft.y9.util.InetAddressUtil;
import net.risesoft.y9.util.RemoteCallUtil;
import net.risesoft.y9.util.Y9EnumUtil;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.kafka.core.KafkaTemplate;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:y9/oauth2/resource/filter/Y9Oauth2ResourceFilter.class */
public class Y9Oauth2ResourceFilter implements Filter {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(Y9Oauth2ResourceFilter.class);
    private KafkaTemplate<String, Object> y9KafkaTemplate;
    private final RestTemplate restTemplate = new RestTemplate();
    private WebApplicationContext ctx = null;
    private Environment env = null;
    private String serverIp = "";
    private String systemName = "";
    private String introspectionUri = "";
    private String profileUri = "";
    private boolean tokenCachedInSession = false;
    private String clientId = "";
    private String clientSecret = "";
    private boolean saveLogMessage = false;
    private boolean saveOnlineMessage = false;
    private String logSaveTarget = "";

    private String buildExceptionMessage(Exception exc) {
        StringWriter stringWriter = new StringWriter();
        exc.printStackTrace(new PrintWriter(stringWriter));
        return stringWriter.toString();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        UserInfo userInfo = null;
        long nanoTime = System.nanoTime();
        System.nanoTime();
        String ipAddr = getIpAddr(httpServletRequest);
        String header = httpServletRequest.getHeader("User-Agent");
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (this.env == null) {
            this.ctx = WebApplicationContextUtils.getWebApplicationContext(httpServletRequest.getServletContext());
            this.env = this.ctx.getEnvironment();
            this.systemName = this.env.getProperty("y9.systemName");
            this.clientId = this.env.getProperty("y9.feature.oauth2.resource.opaque.client-id");
            this.clientSecret = this.env.getProperty("y9.feature.oauth2.resource.opaque.client-secret");
            this.introspectionUri = this.env.getProperty("y9.feature.oauth2.resource.opaque.introspection-uri");
            this.profileUri = this.env.getProperty("y9.feature.oauth2.resource.opaque.profile-uri");
            this.tokenCachedInSession = Boolean.parseBoolean(this.env.getProperty("y9.feature.oauth2.resource.opaque.tokenCachedInSession", "false"));
            this.logSaveTarget = (String) this.env.getProperty("y9.feature.log.logSaveTarget", String.class, "kafka");
            if (((Boolean) this.env.getProperty("y9.feature.oauth2.resource.saveOnlineMessage", Boolean.class, Boolean.TRUE)).booleanValue()) {
                this.saveOnlineMessage = true;
            }
            if (((Boolean) this.env.getProperty("y9.feature.oauth2.resource.saveLogMessage", Boolean.class, Boolean.FALSE)).booleanValue()) {
                this.saveLogMessage = true;
            }
            if ((this.saveOnlineMessage || this.saveLogMessage) && this.logSaveTarget.equals("kafka")) {
                try {
                    this.y9KafkaTemplate = (KafkaTemplate) this.ctx.getBean("y9KafkaTemplate", KafkaTemplate.class);
                } catch (Exception e) {
                    LOGGER.warn(e.getMessage(), e);
                }
                if (this.y9KafkaTemplate == null) {
                    this.saveOnlineMessage = false;
                    this.saveLogMessage = false;
                }
            }
        }
        try {
            try {
                HttpSession session = httpServletRequest.getSession(false);
                String str = session != null ? (String) session.getAttribute("access_token") : null;
                String accessTokenFromRequest = getAccessTokenFromRequest(httpServletRequest);
                if (accessTokenFromRequest != null) {
                    boolean z = !this.tokenCachedInSession;
                    if (!z && !accessTokenFromRequest.equals(str)) {
                        z = true;
                    }
                    if (z) {
                        try {
                            ResponseEntity<OAuth20IntrospectionAccessTokenSuccessResponse> invokeIntrospectEndpoint = invokeIntrospectEndpoint(accessTokenFromRequest);
                            if (invokeIntrospectEndpoint.getStatusCodeValue() != HttpStatus.OK.value()) {
                                setResponse(httpServletResponse, HttpStatus.UNAUTHORIZED, GlobalErrorCodeEnum.ACCESS_TOKEN_VERIFICATION_FAILED);
                                Y9LoginUserHolder.clear();
                                long nanoTime2 = System.nanoTime() - nanoTime;
                                if ("true".equals(httpServletResponse.getHeader("y9aoplog")) || !this.saveLogMessage) {
                                    return;
                                }
                                remoteSaveLog(stringBuffer, null, ipAddr, nanoTime2, "成功", "", "", header);
                                return;
                            }
                            OAuth20IntrospectionAccessTokenSuccessResponse oAuth20IntrospectionAccessTokenSuccessResponse = (OAuth20IntrospectionAccessTokenSuccessResponse) invokeIntrospectEndpoint.getBody();
                            if (!oAuth20IntrospectionAccessTokenSuccessResponse.isActive()) {
                                setResponse(httpServletResponse, HttpStatus.UNAUTHORIZED, GlobalErrorCodeEnum.ACCESS_TOKEN_EXPIRED);
                                Y9LoginUserHolder.clear();
                                long nanoTime3 = System.nanoTime() - nanoTime;
                                if ("true".equals(httpServletResponse.getHeader("y9aoplog")) || !this.saveLogMessage) {
                                    return;
                                }
                                remoteSaveLog(stringBuffer, null, ipAddr, nanoTime3, "成功", "", "", header);
                                return;
                            }
                            try {
                                userInfo = (UserInfo) Y9JsonUtil.readValue(oAuth20IntrospectionAccessTokenSuccessResponse.getAttr(), UserInfo.class);
                            } catch (Exception e2) {
                                userInfo = (UserInfo) Y9JsonUtil.readValue((String) invokeProfileEndpoint(accessTokenFromRequest).getBody(), UserInfo.class);
                            }
                            if (userInfo != null) {
                                if (session == null) {
                                    session = httpServletRequest.getSession(true);
                                }
                                session.setAttribute("access_token", accessTokenFromRequest);
                                session.setAttribute("userInfo", userInfo);
                                session.setAttribute("loginName", userInfo.getLoginName());
                                session.setAttribute("positionId", userInfo.getPositionId());
                                session.setAttribute("deptId", userInfo.getParentId());
                                if (StringUtils.isNotBlank(userInfo.getPositionId())) {
                                    Y9LoginUserHolder.setPositionId(userInfo.getPositionId());
                                } else if (StringUtils.isNotBlank(userInfo.getPositions())) {
                                    Y9LoginUserHolder.setPositionId(userInfo.getPositions().split(",")[0]);
                                }
                                Y9LoginUserHolder.setTenantId(userInfo.getTenantId());
                                Y9LoginUserHolder.setTenantName(userInfo.getTenantName());
                                Y9LoginUserHolder.setTenantShortName(userInfo.getTenantShortName());
                                Y9LoginUserHolder.setUserInfo(userInfo);
                                if (this.saveOnlineMessage) {
                                    remoteSaveUserOnline(userInfo);
                                }
                            }
                        } catch (Exception e3) {
                            LOGGER.warn(e3.getMessage(), e3);
                            setResponse(httpServletResponse, HttpStatus.INTERNAL_SERVER_ERROR, GlobalErrorCodeEnum.FAILURE);
                            Y9LoginUserHolder.clear();
                            long nanoTime4 = System.nanoTime() - nanoTime;
                            if ("true".equals(httpServletResponse.getHeader("y9aoplog")) || !this.saveLogMessage) {
                                return;
                            }
                            remoteSaveLog(stringBuffer, null, ipAddr, nanoTime4, "成功", "", "", header);
                            return;
                        }
                    }
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } else {
                    setResponse(httpServletResponse, HttpStatus.UNAUTHORIZED, GlobalErrorCodeEnum.ACCESS_TOKEN_NOT_FOUND);
                }
                Y9LoginUserHolder.clear();
                long nanoTime5 = System.nanoTime() - nanoTime;
                if ("true".equals(httpServletResponse.getHeader("y9aoplog")) || !this.saveLogMessage) {
                    return;
                }
                remoteSaveLog(stringBuffer, userInfo, ipAddr, nanoTime5, "成功", "", "", header);
            } catch (Throwable th) {
                Y9LoginUserHolder.clear();
                long nanoTime6 = System.nanoTime() - nanoTime;
                if (!"true".equals(httpServletResponse.getHeader("y9aoplog")) && this.saveLogMessage) {
                    remoteSaveLog(stringBuffer, null, ipAddr, nanoTime6, "成功", "", "", header);
                }
                throw th;
            }
        } catch (Exception e4) {
            e4.getMessage();
            buildExceptionMessage(e4);
            throw e4;
        }
    }

    private String getAccessTokenFromRequest(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("access_token");
        if (StringUtils.isBlank(parameter)) {
            String header = httpServletRequest.getHeader("Authorization");
            if (StringUtils.isNotBlank(header) && header.startsWith("Bearer ")) {
                parameter = header.substring("Bearer ".length());
            }
        }
        return parameter;
    }

    private String getIpAddr(HttpServletRequest httpServletRequest) {
        String str = null;
        for (String str2 : new String[]{"X-Real-IP", "X-Forwarded-For", "Proxy-Client-IP", "WL-Proxy-Client-IP"}) {
            if (!StringUtils.isEmpty(str) && !"unknown".equalsIgnoreCase(str)) {
                break;
            }
            str = httpServletRequest.getHeader(str2);
        }
        if (StringUtils.isEmpty(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getRemoteAddr();
        } else {
            int indexOf = str.indexOf(",");
            if (indexOf > 0) {
                str = str.substring(0, indexOf);
            }
        }
        return str;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.serverIp = InetAddressUtil.getLocalAddress().getHostAddress();
    }

    private ResponseEntity<OAuth20IntrospectionAccessTokenSuccessResponse> invokeIntrospectEndpoint(String str) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.setBasicAuth(this.clientId, this.clientSecret, StandardCharsets.UTF_8);
        return this.restTemplate.exchange(new RequestEntity(httpHeaders, HttpMethod.POST, URI.create(this.introspectionUri + "?token=" + str)), OAuth20IntrospectionAccessTokenSuccessResponse.class);
    }

    private ResponseEntity<String> invokeProfileEndpoint(String str) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        httpHeaders.set("Authorization", "Bearer " + str);
        return this.restTemplate.exchange(new RequestEntity(httpHeaders, HttpMethod.GET, URI.create(this.profileUri + "?access_token=" + str)), String.class);
    }

    private void remoteSaveLog(String str, UserInfo userInfo, String str2, long j, String str3, String str4, String str5, String str6) {
        if (str.endsWith(".js") || str.endsWith(".css") || str.endsWith(".gif") || str.endsWith(".jpg") || str.endsWith(".png") || str.endsWith(".svg")) {
            return;
        }
        try {
            AccessLog accessLog = new AccessLog();
            accessLog.setLogLevel("RSLOG");
            accessLog.setLogTime(new Date());
            accessLog.setRequestUrl(str);
            accessLog.setElapsedTime(String.valueOf(j));
            accessLog.setSuccess(str3);
            accessLog.setLogMessage(str4);
            accessLog.setThrowable(str5);
            accessLog.setId(UUID.randomUUID().toString().replaceAll("-", ""));
            accessLog.setServerIp(this.serverIp);
            accessLog.setUserHostIp(str2);
            accessLog.setOperateType("活动");
            accessLog.setUserAgent(str6);
            accessLog.setSystemName(this.systemName);
            if (userInfo != null) {
                accessLog.setUserId(userInfo.getParentId());
                accessLog.setUserName(userInfo.getLoginName());
                accessLog.setTenantId(userInfo.getTenantId());
                accessLog.setTenantName(userInfo.getTenantName());
                accessLog.setGuidPath(userInfo.getGuidPath());
                accessLog.setManagerLevel(String.valueOf(userInfo.getManagerLevel().getValue()));
            }
            if (this.logSaveTarget.equals("kafka")) {
                if (this.y9KafkaTemplate != null) {
                    this.y9KafkaTemplate.send("y9_accessLog_message", Y9JsonUtil.writeValueAsString(accessLog));
                }
            } else if (this.logSaveTarget.equals("api")) {
                RemoteCallUtil.post(((String) this.env.getProperty("y9.common.logBaseUrl", String.class, "http://localhost:7056/log")) + "/services/rest/v1/accessLog/asyncSaveLog", (List) null, RemoteCallUtil.objectToNameValuePairList(accessLog), Object.class);
            }
        } catch (Exception e) {
            LOGGER.warn(e.getMessage(), e);
        }
    }

    private void remoteSaveUserOnline(UserInfo userInfo) {
        if (userInfo != null) {
            try {
                if (this.logSaveTarget.equals("kafka")) {
                    String writeValueAsString = Y9JsonUtil.writeValueAsString(userInfo);
                    if (this.y9KafkaTemplate != null) {
                        this.y9KafkaTemplate.send("y9_userOnline_message", writeValueAsString);
                    }
                } else if (this.logSaveTarget.equals("api")) {
                    RemoteCallUtil.post(((String) this.env.getProperty("y9.common.userOnlineBaseUrl", String.class, "http://localhost:7056/userOnline")) + "/services/rest/userOnline/saveAsync", (List) null, RemoteCallUtil.objectToNameValuePairList(userInfo), Object.class);
                }
            } catch (Exception e) {
                LOGGER.warn(e.getMessage(), e);
            }
        }
    }

    private void setResponse(HttpServletResponse httpServletResponse, HttpStatus httpStatus, ErrorCode errorCode) {
        httpServletResponse.addHeader("WWW-Authenticate", "Bearer realm=\"risesoft\"");
        httpServletResponse.setStatus(httpStatus.value());
        httpServletResponse.setContentType("application/json");
        try {
            httpServletResponse.getWriter().write(Y9JsonUtil.writeValueAsString(Y9Result.failure(errorCode)));
        } catch (IOException e) {
            LOGGER.warn(e.getMessage(), e);
        }
    }

    private UserInfo toUserInfo(UserProfile userProfile) {
        UserInfo userInfo = new UserInfo();
        Map attributes = userProfile.getAttributes();
        userInfo.setCaid((String) attributes.get("caid"));
        userInfo.setEmail((String) attributes.get("email"));
        userInfo.setGuidPath((String) attributes.get("guidPath"));
        userInfo.setLoginName((String) attributes.get("loginName"));
        userInfo.setLoginType((String) attributes.get("loginType"));
        userInfo.setMobile((String) attributes.get("mobile"));
        userInfo.setOriginal(Boolean.parseBoolean(String.valueOf(attributes.get("original"))));
        userInfo.setOriginalId((String) attributes.get("originalId"));
        userInfo.setParentId((String) attributes.get("parentId"));
        userInfo.setPersonId((String) attributes.get("personId"));
        userInfo.setSex(Y9EnumUtil.valueOf(SexEnum.class, Integer.valueOf(String.valueOf(attributes.get("sex")))));
        userInfo.setTenantId((String) attributes.get("tenantId"));
        userInfo.setTenantShortName((String) attributes.get("tenantShortName"));
        userInfo.setTenantName((String) attributes.get("tenantName"));
        userInfo.setGlobalManager(Boolean.valueOf(String.valueOf(attributes.get("globalManager"))).booleanValue());
        userInfo.setAvator((String) attributes.get("avator"));
        userInfo.setRoles((String) attributes.get("roles"));
        userInfo.setPositions((String) attributes.get("positions"));
        userInfo.setPositionId((String) attributes.get("positionId"));
        return userInfo;
    }
}
