package com.cory.web.security;

import com.alibaba.fastjson.JSON;
import com.cory.constant.ErrorCode;
import com.cory.context.CurrentUser;
import com.cory.context.GenericResult;
import com.cory.model.User;
import com.cory.service.UserService;
import com.cory.web.util.CookieUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:com/cory/web/security/AuthenticationFilter.class */
public class AuthenticationFilter extends FormAuthenticationFilter {
    public static final String COOKIE_ERROR_REMAINING = "_error_remaining";
    public static final int MAX_ERROR_TIMES = 3;
    public static final int ERROR_INTERVAL = 300;
    private static final String SUCCESS_URL_SIMPLE_PREFIX = "SIMPLE:";
    private static final String SUCCESS_URL_ROLE_PREFIX = "ROLE:";

    @Value("${cory.shiro.success-url}")
    private String successUrl;

    @Autowired
    private UserService userService;
    private String loginHandleUrl;
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationFilter.class);
    private static final SuccessUrl SUCCESS_URL = new SuccessUrl();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cory/web/security/AuthenticationFilter$SuccessUrl.class */
    public static class SuccessUrl {
        public boolean isSimpleType;
        public boolean isRoleType;
        public String simpleSuccessUrl;
        public Map<String, String> roleMap;
        public String roleDefaultSuccessUrl;

        private SuccessUrl() {
            this.isSimpleType = false;
            this.isRoleType = false;
            this.roleMap = new HashMap();
        }

        public String getRoleSuccessUrl() {
            CurrentUser currentUser = CurrentUser.get();
            if (null == currentUser || CollectionUtils.isEmpty(currentUser.getRoles())) {
                return null;
            }
            String str = this.roleMap.get(currentUser.getRoles().get(0));
            return StringUtils.isNotBlank(str) ? str : this.roleDefaultSuccessUrl;
        }
    }

    public void processLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationToken authenticationToken) throws Exception {
        if (isDisabled((String) authenticationToken.getPrincipal())) {
            throw new DisabledAccountException();
        }
        try {
            getSubject(httpServletRequest, httpServletResponse).login(authenticationToken);
        } catch (AuthenticationException e) {
            throw e;
        }
    }

    protected boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        AuthenticationToken createToken = createToken(servletRequest, servletResponse);
        if (createToken == null) {
            return onLoginFailure(createToken, new AuthenticationException("create AuthenticationToken error"), servletRequest, servletResponse);
        }
        try {
            processLogin((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, createToken);
            return onLoginSuccess(createToken, getSubject(servletRequest, servletResponse), servletRequest, servletResponse);
        } catch (Exception e) {
            return onLoginFailure(createToken, new AuthenticationException(e.getMessage()), servletRequest, servletResponse);
        }
    }

    public boolean onPreHandle(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        boolean isAccessAllowed = isAccessAllowed(servletRequest, servletResponse, obj);
        if (isAccessAllowed && pathsMatch(getLoginHandleUrl(), servletRequest) && isLoginSubmission(servletRequest, servletResponse)) {
            issueSuccessRedirect(servletRequest, servletResponse);
            return false;
        }
        if (!isAccessAllowed || !isLoginRequest(servletRequest, servletResponse)) {
            return isAccessAllowed || onAccessDenied(servletRequest, servletResponse, obj);
        }
        try {
            issueSuccessRedirect(servletRequest, servletResponse);
            return false;
        } catch (Exception e) {
            logger.error("", e);
            return false;
        }
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return (pathsMatch(getLoginHandleUrl(), servletRequest) && isLoginSubmission(servletRequest, servletResponse)) ? executeLogin(servletRequest, servletResponse) : super.onAccessDenied(servletRequest, servletResponse);
    }

    protected void issueSuccessRedirect(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        writeResponse(servletResponse, GenericResult.success(true));
    }

    protected boolean isLoginRequest(ServletRequest servletRequest, ServletResponse servletResponse) {
        return pathsMatch(getLoginUrl(), servletRequest);
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        removeCookieErrorRemaining(httpServletRequest, (HttpServletResponse) servletResponse);
        String obj = authenticationToken.getPrincipal().toString();
        CurrentUser convert2UserVO = convert2UserVO(obj, this.userService.findByUserName(obj));
        CurrentUser.set(convert2UserVO);
        ((HttpServletRequest) servletRequest).getSession(true).setAttribute("currentUser", convert2UserVO);
        updateLastLogonInfo(obj, httpServletRequest, true);
        return super.onLoginSuccess(authenticationToken, subject, servletRequest, servletResponse);
    }

    private void updateLastLogonInfo(String str, HttpServletRequest httpServletRequest, boolean z) {
        User findByUserName = this.userService.findByUserName(str);
        if (null == findByUserName) {
            return;
        }
        String header = httpServletRequest.getHeader("X-Real-IP");
        if (StringUtils.isBlank(header)) {
            header = httpServletRequest.getRemoteAddr();
        }
        this.userService.updateLastLogonInfo(findByUserName.getId(), header, z, new Date());
    }

    private CurrentUser convert2UserVO(String str, User user) {
        return CurrentUser.builder().principal(str).id(user.getId()).isAdmin(UserUtils.isAdmin()).isRoot(UserUtils.isRoot()).roles(CollectionUtils.isEmpty(user.getRoles()) ? null : (List) user.getRoles().stream().map(role -> {
            return role.getName();
        }).collect(Collectors.toList())).build();
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        writeCookieErrorRemaining(httpServletRequest, (HttpServletResponse) servletResponse);
        updateLastLogonInfo(authenticationToken.getPrincipal().toString(), httpServletRequest, false);
        writeResponse(servletResponse, GenericResult.fail(ErrorCode.LOGIN_ERROR));
        return false;
    }

    private boolean isCaptchaRequired(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return false;
    }

    private boolean isDisabled(String str) {
        User findByUserName = this.userService.findByUserName(str);
        return findByUserName != null && findByUserName.isDisabled();
    }

    private void writeCookieErrorRemaining(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int intValue = getCookieErrorRemaining(httpServletRequest, httpServletResponse).intValue();
        CookieUtils.addCookie(httpServletRequest, httpServletResponse, COOKIE_ERROR_REMAINING, (intValue <= 0 ? 0 : intValue - 1) + "", Integer.valueOf(ERROR_INTERVAL), null);
    }

    private void removeCookieErrorRemaining(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        CookieUtils.cancleCookie(httpServletRequest, httpServletResponse, COOKIE_ERROR_REMAINING, null);
    }

    private Integer getCookieErrorRemaining(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = CookieUtils.getCookie(httpServletRequest, COOKIE_ERROR_REMAINING);
        if (cookie != null) {
            String value = cookie.getValue();
            if (NumberUtils.isDigits(value)) {
                return Integer.valueOf(Integer.parseInt(value));
            }
        }
        return 3;
    }

    private void writeResponse(ServletResponse servletResponse, GenericResult genericResult) {
        try {
            servletResponse.setContentType("text/html;charset=UTF-8");
            PrintWriter writer = servletResponse.getWriter();
            writer.write(JSON.toJSONString(genericResult));
            writer.flush();
            writer.close();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public String getLoginHandleUrl() {
        return this.loginHandleUrl;
    }

    public void setLoginHandleUrl(String str) {
        this.loginHandleUrl = str;
    }

    public String getSuccessUrl() {
        return SUCCESS_URL.isSimpleType ? SUCCESS_URL.simpleSuccessUrl : SUCCESS_URL.isRoleType ? SUCCESS_URL.getRoleSuccessUrl() : super.getSuccessUrl();
    }

    @PostConstruct
    public void init() {
        initSuccessUrl();
    }

    private void initSuccessUrl() {
        if (StringUtils.isBlank(this.successUrl)) {
            return;
        }
        if (this.successUrl.startsWith(SUCCESS_URL_SIMPLE_PREFIX)) {
            SUCCESS_URL.isSimpleType = true;
            SUCCESS_URL.simpleSuccessUrl = this.successUrl.substring(SUCCESS_URL_SIMPLE_PREFIX.length());
        } else if (this.successUrl.startsWith(SUCCESS_URL_ROLE_PREFIX)) {
            for (String str : this.successUrl.substring(SUCCESS_URL_ROLE_PREFIX.length()).split(",")) {
                if (str.contains("=")) {
                    String[] split = str.split("=");
                    SUCCESS_URL.roleMap.put(split[0].trim(), split[1].trim());
                } else {
                    SUCCESS_URL.roleDefaultSuccessUrl = str.trim();
                }
            }
        }
    }
}
