package cn.ponfee.disjob.supervisor.auth;

import cn.ponfee.disjob.core.exception.AuthenticationException;
import cn.ponfee.disjob.supervisor.application.SchedGroupService;
import cn.ponfee.disjob.supervisor.auth.SupervisorAuthentication;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/* loaded from: input_file:cn/ponfee/disjob/supervisor/auth/AuthenticationConfigurer.class */
public class AuthenticationConfigurer implements WebMvcConfigurer {

    /* loaded from: input_file:cn/ponfee/disjob/supervisor/auth/AuthenticationConfigurer$AuthenticationInterceptor.class */
    private static class AuthenticationInterceptor implements HandlerInterceptor {
        private static final String ERR_MSG = "Authenticate failed.";

        private AuthenticationInterceptor() {
        }

        public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
            SupervisorAuthentication annotation;
            if (!(obj instanceof HandlerMethod) || (annotation = getAnnotation((HandlerMethod) obj)) == null || annotation.value() == SupervisorAuthentication.Subject.ANON) {
                return true;
            }
            String requestGroup = AuthenticationConfigurer.requestGroup();
            if (StringUtils.isBlank(requestGroup)) {
                throw new AuthenticationException(ERR_MSG);
            }
            SupervisorAuthentication.Subject value = annotation.value();
            if (value == SupervisorAuthentication.Subject.WORKER) {
                authenticateWorker(requestGroup);
                return true;
            }
            if (value != SupervisorAuthentication.Subject.USER) {
                throw new UnsupportedOperationException("Unsupported supervisor authentication subject: " + value);
            }
            authenticateUser(requestGroup);
            return true;
        }

        private static void authenticateWorker(String str) {
            if (!SchedGroupService.verifyWorkerAuthenticationToken(AuthenticationConfigurer.access$100(), str)) {
                throw new AuthenticationException(ERR_MSG);
            }
        }

        private static void authenticateUser(String str) {
            if (!SchedGroupService.isDeveloper(str, AuthenticationConfigurer.requestUser())) {
                throw new AuthenticationException(ERR_MSG);
            }
            if (!SchedGroupService.verifyUserAuthenticationToken(AuthenticationConfigurer.access$100(), str)) {
                throw new AuthenticationException(ERR_MSG);
            }
        }

        private static SupervisorAuthentication getAnnotation(HandlerMethod handlerMethod) {
            SupervisorAuthentication supervisorAuthentication = (SupervisorAuthentication) handlerMethod.getMethodAnnotation(SupervisorAuthentication.class);
            return supervisorAuthentication != null ? supervisorAuthentication : (SupervisorAuthentication) handlerMethod.getBeanType().getAnnotation(SupervisorAuthentication.class);
        }
    }

    public void addInterceptors(InterceptorRegistry interceptorRegistry) {
        interceptorRegistry.addInterceptor(new AuthenticationInterceptor()).order(Integer.MIN_VALUE);
    }

    public static String requestUser() {
        return getRequest().getHeader("X-Disjob-User");
    }

    public static String requestGroup() {
        return getRequest().getHeader("X-Disjob-Group");
    }

    private static String requestToken() {
        return getRequest().getHeader("X-Disjob-Token");
    }

    private static HttpServletRequest getRequest() {
        return RequestContextHolder.getRequestAttributes().getRequest();
    }

    static /* synthetic */ String access$100() {
        return requestToken();
    }
}
