package xyz.raylab.apigateway.infrastructure;

import java.time.Duration;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
import xyz.raylab.apigateway.event.LoginSucceeded;
import xyz.raylab.apigateway.event.LoginSucceededHandler;
import xyz.raylab.apigateway.event.LogoutSucceeded;
import xyz.raylab.apigateway.event.LogoutSucceededHandler;
import xyz.raylab.apigateway.security.ApiPermissionValidator;
import xyz.raylab.authorizationserver.auth.application.AuthQueryAppService;
import xyz.raylab.authorizationserver.auth.application.dto.LoginUserDTO;
import xyz.raylab.support.util.StringUtils;

@Component
/* loaded from: input_file:xyz/raylab/apigateway/infrastructure/ApiPermissionValidatorImpl.class */
public class ApiPermissionValidatorImpl implements ApiPermissionValidator, LoginSucceededHandler, LogoutSucceededHandler {
    private final AuthQueryAppService authQueryAppService;
    private final StringRedisTemplate redisTemplate;
    private static final String TOKEN_PERMISSION = "t:per:%s";

    @Autowired
    public ApiPermissionValidatorImpl(AuthQueryAppService authQueryAppService, StringRedisTemplate stringRedisTemplate) {
        this.authQueryAppService = authQueryAppService;
        this.redisTemplate = stringRedisTemplate;
    }

    @Override // xyz.raylab.apigateway.security.ApiPermissionValidator
    public boolean validate(String str, String str2) {
        Set members;
        if (StringUtils.isBlank(str) || StringUtils.isBlank(str2) || (members = this.redisTemplate.opsForSet().members(formatTokenPermissionKey(str))) == null) {
            return false;
        }
        return members.stream().anyMatch(str3 -> {
            return str2.matches(String.format("^%s$", str3));
        });
    }

    @Override // xyz.raylab.apigateway.event.LoginSucceededHandler
    public void handleLoginSucceeded(LoginSucceeded loginSucceeded) {
        LoginUserDTO loginUser = this.authQueryAppService.getLoginUser(loginSucceeded.getToken());
        if (loginUser != null) {
            Pattern compile = Pattern.compile("^api#(\\S+)#(?:in)?operable$");
            Stream stream = loginUser.getPermissions().stream();
            Objects.requireNonNull(compile);
            String[] strArr = (String[]) stream.map((v1) -> {
                return r1.matcher(v1);
            }).filter((v0) -> {
                return v0.find();
            }).map(matcher -> {
                return matcher.group(1);
            }).distinct().toArray(i -> {
                return new String[i];
            });
            String formatTokenPermissionKey = formatTokenPermissionKey(loginSucceeded.getToken());
            if (strArr.length > 0) {
                this.redisTemplate.opsForSet().add(formatTokenPermissionKey, strArr);
                this.redisTemplate.expire(formatTokenPermissionKey, Duration.ofSeconds(loginSucceeded.getRemainingExpiresIn().longValue()));
            }
        }
    }

    @Override // xyz.raylab.apigateway.event.LogoutSucceededHandler
    public void handleLogoutSucceeded(LogoutSucceeded logoutSucceeded) {
        this.redisTemplate.delete(formatTokenPermissionKey(logoutSucceeded.getToken()));
    }

    private String formatTokenPermissionKey(String str) {
        return String.format(TOKEN_PERMISSION, str);
    }
}
