package com.iscas.base.biz.filter;

import com.iscas.base.biz.config.Constants;
import com.iscas.base.biz.model.auth.AuthContext;
import com.iscas.base.biz.model.auth.Role;
import com.iscas.base.biz.model.auth.Url;
import com.iscas.base.biz.service.AbstractAuthService;
import com.iscas.base.biz.service.IAuthCacheService;
import com.iscas.base.biz.util.AuthContextHolder;
import com.iscas.base.biz.util.SpringUtils;
import com.iscas.common.web.tools.cookie.CookieUtils;
import com.iscas.templet.exception.AuthenticationRuntimeException;
import com.iscas.templet.exception.AuthorizationRuntimeException;
import com.iscas.templet.exception.ValidTokenException;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections4.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/iscas/base/biz/filter/LoginFilter.class */
public class LoginFilter extends OncePerRequestFilter implements Constants {
    private static final Logger log = LoggerFactory.getLogger(LoginFilter.class);
    private AbstractAuthService authService;
    private AntPathMatcher pathMatcher = new AntPathMatcher();

    public LoginFilter(AbstractAuthService abstractAuthService) {
        this.authService = abstractAuthService;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        Cookie cookieByName;
        if (log.isTraceEnabled()) {
            log.trace("进入 LoginFilter 过滤器");
        }
        String contextPath = httpServletRequest.getContextPath();
        AuthContext authContext = new AuthContext();
        try {
            Map<String, Url> urls = this.authService.getUrls();
            this.authService.getAuth();
            boolean z = false;
            Iterator<Url> it = urls.values().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (this.pathMatcher.match(contextPath + it.next().getName(), httpServletRequest.getRequestURI())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                authContext.setNeedPermission(false);
                AuthContextHolder.setContext(authContext);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            String header = httpServletRequest.getHeader(Constants.TOKEN_KEY);
            if (header == null && (cookieByName = CookieUtils.getCookieByName(httpServletRequest, Constants.TOKEN_KEY)) != null) {
                header = cookieByName.getValue();
            }
            if (header == null) {
                log.error(httpServletRequest.getRemoteAddr() + "访问" + httpServletRequest.getRequestURI() + " :header中未携带 Authorization 或未携带cookie或cookie中无Authorization");
                throw new AuthenticationRuntimeException("未携带身份认证信息", "header中未携带 Authorization 或未携带cookie或cookie中无Authorization");
            }
            authContext.setToken(header);
            if (((IAuthCacheService) SpringUtils.getApplicationContext().getBean(IAuthCacheService.class)).get(header) == null) {
                log.error(httpServletRequest.getRemoteAddr() + "访问" + httpServletRequest.getRequestURI() + " :token有误或已被注销");
                throw new AuthenticationRuntimeException("身份认证信息有误", "token有误或已被注销");
            }
            try {
                String verifyToken = this.authService.verifyToken(header);
                authContext.setUsername(verifyToken);
                List<Role> roles = this.authService.getRoles(verifyToken);
                authContext.setRoles(roles);
                if (roles != null) {
                    Iterator<Role> it2 = roles.iterator();
                    while (it2.hasNext()) {
                        if (Objects.equals(it2.next().getName(), Constants.SUPER_ROLE_KEY)) {
                            authContext.setSuper(true);
                            filterChain.doFilter(httpServletRequest, httpServletResponse);
                            return;
                        }
                    }
                }
                if (roles == null) {
                    log.error(httpServletRequest.getRemoteAddr() + "访问" + httpServletRequest.getRequestURI() + " :token中携带的用户或其角色信息不存在");
                    throw new AuthenticationRuntimeException("用户或其角色信息不存在", "token中携带的用户或其角色信息不存在");
                }
                Iterator<Role> it3 = roles.iterator();
                while (it3.hasNext()) {
                    List<Url> urls2 = it3.next().getUrls();
                    if (!CollectionUtils.isEmpty(urls2)) {
                        Iterator<Url> it4 = urls2.iterator();
                        while (it4.hasNext()) {
                            if (this.pathMatcher.match(contextPath + it4.next().getName(), httpServletRequest.getRequestURI())) {
                                filterChain.doFilter(httpServletRequest, httpServletResponse);
                                return;
                            }
                        }
                    }
                }
                log.error(httpServletRequest.getRemoteAddr() + "访问" + httpServletRequest.getRequestURI() + " :鉴权失败");
                throw new AuthorizationRuntimeException("鉴权失败");
            } catch (ValidTokenException e) {
                e.printStackTrace();
                log.error(httpServletRequest.getRemoteAddr() + "访问" + httpServletRequest.getRequestURI() + " :校验token出错");
                throw new AuthenticationRuntimeException("校验身份信息出错", "校验token出错");
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            log.error(httpServletRequest.getRemoteAddr() + "访问" + httpServletRequest.getRequestURI() + " :获取角色信息失败", e2);
            throw new AuthenticationRuntimeException("获取角色信息失败", "获取角色信息失败");
        }
    }
}
