package shz.auth.filter;

import com.auth0.jwt.interfaces.DecodedJWT;
import java.io.IOException;
import java.util.Date;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import shz.api.server.AbstractApiGather;
import shz.api.server.ApiDetail;
import shz.api.server.entity.SysApi;
import shz.auth.AbstractJwtService;
import shz.auth.AuthError;
import shz.auth.ReusableRequestWrapper;
import shz.auth.VisitDetail;
import shz.auth.util.ServletHelp;
import shz.auth.util.TokenHelp;
import shz.auth.util.VisitHelp;
import shz.core.msg.ClientFailure;
import shz.core.structure.config.MapConfig;
import shz.spring.redis.RedisService;

/* loaded from: input_file:shz/auth/filter/AbstractApiFilter.class */
public abstract class AbstractApiFilter<T extends SysApi, D extends ApiDetail> implements Filter {
    protected final AbstractApiGather<T, D> apiGather;
    protected final RedisService redisService;
    protected final AbstractJwtService jwtService;

    public AbstractApiFilter(AbstractApiGather<T, D> abstractApiGather, RedisService redisService, AbstractJwtService abstractJwtService) {
        this.apiGather = abstractApiGather;
        this.redisService = redisService;
        this.jwtService = abstractJwtService;
    }

    public int order() {
        return -2147483638;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        VisitDetail detail = VisitHelp.getDetail(httpServletRequest);
        if (detail == null) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        ApiDetail apiDetail = this.apiGather.getApiDetail(detail.getMethod(), detail.getPath());
        if (apiDetail == null) {
            filterChain.doFilter(httpServletRequest, servletResponse);
            return;
        }
        detail.setRecord(apiDetail.isRecord());
        ClientFailure.TOO_MANY_REQUESTS.requireNon(apiDetail.getRateLimiter() != null && apiDetail.getRateLimiter().isLimit());
        String token = this.jwtService.getToken(httpServletRequest);
        if (apiDetail.isLogin()) {
            ClientFailure.UNAUTHORIZED.requireNonNull(token);
            DecodedJWT decode = AbstractJwtService.decode(token);
            Long userid = AbstractJwtService.getUserid(decode);
            ClientFailure.UNAUTHORIZED.requireNonNull(userid);
            String username = AbstractJwtService.getUsername(decode);
            ClientFailure.UNAUTHORIZED.requireNonNull(username);
            detail.setUserid(userid);
            detail.setUsername(username);
            Date notBefore = decode.getNotBefore();
            AuthError.UNENFORCED_TOKEN.requireNon(notBefore != null && notBefore.getTime() > System.currentTimeMillis());
            ClientFailure.UNAUTHORIZED.requireNon(!this.jwtService.verify(decode, userid, username, TokenHelp.signData(detail.getIp(), detail.getBrowser(), detail.getBrowserVersion(), detail.getOs())));
            detail.setLogin(Boolean.valueOf(isLogin(userid, username)));
            ClientFailure.UNAUTHORIZED.requireNon(!detail.getLogin().booleanValue());
            MapConfig permission = getPermission(userid, username);
            ClientFailure.FORBIDDEN.requireNon(permission.nonHas(apiDetail.getPermission()));
            ClientFailure.BAD_METHOD.requireNon((permission == MapConfig.ALL || apiDetail.isEnabled()) ? false : true);
        } else {
            if (token != null) {
                DecodedJWT decodedJWT = null;
                try {
                    decodedJWT = AbstractJwtService.decode(token);
                } catch (Exception e) {
                }
                if (decodedJWT != null) {
                    Long userid2 = AbstractJwtService.getUserid(decodedJWT);
                    if (userid2 != null) {
                        detail.setUserid(userid2);
                    }
                    String username2 = AbstractJwtService.getUsername(decodedJWT);
                    if (username2 != null) {
                        detail.setUsername(username2);
                    }
                    if (userid2 != null && username2 != null) {
                        detail.setLogin(Boolean.valueOf(isLogin(userid2, username2)));
                    }
                }
            }
            if (!apiDetail.isEnabled()) {
                Long userid3 = detail.getUserid();
                String username3 = detail.getUsername();
                ClientFailure.BAD_METHOD.requireNon(userid3 == null || username3 == null || getPermission(userid3, username3) != MapConfig.ALL);
            }
        }
        ReusableRequestWrapper reusableRequestWrapper = null;
        if (apiDetail.isReusable()) {
            reusableRequestWrapper = new ReusableRequestWrapper(httpServletRequest);
        }
        if (apiDetail.getRepeatedLimit() > 0) {
            if (reusableRequestWrapper == null) {
                reusableRequestWrapper = new ReusableRequestWrapper(httpServletRequest);
            }
            AuthError.REPEATED.requireNon(!this.redisService.setNxPx(repeatedKey(reusableRequestWrapper), "1", apiDetail.getRepeatedLimit()));
        }
        if (reusableRequestWrapper != null) {
            filterChain.doFilter(reusableRequestWrapper, servletResponse);
        } else {
            filterChain.doFilter(httpServletRequest, servletResponse);
        }
    }

    protected abstract boolean isLogin(Long l, String str);

    protected abstract MapConfig getPermission(Long l, String str);

    protected String repeatedKey(HttpServletRequest httpServletRequest) {
        return "STRING:REPEATED:" + ServletHelp.repeatedKey(httpServletRequest);
    }
}
