package com.iscas.base.biz.filter;

import com.iscas.base.biz.aop.auth.SkipAuthentication;
import com.iscas.base.biz.config.Constants;
import com.iscas.base.biz.config.auth.SkipAuthProps;
import com.iscas.base.biz.model.auth.AuthContext;
import com.iscas.base.biz.model.auth.Role;
import com.iscas.base.biz.model.auth.Url;
import com.iscas.base.biz.service.AbstractAuthService;
import com.iscas.base.biz.service.IAuthCacheService;
import com.iscas.base.biz.util.AuthContextHolder;
import com.iscas.base.biz.util.AuthUtils;
import com.iscas.base.biz.util.CacheUtils;
import com.iscas.base.biz.util.SpringUtils;
import com.iscas.templet.exception.Exceptions;
import com.iscas.templet.exception.ValidTokenException;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.condition.PatternsRequestCondition;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;

/* loaded from: input_file:com/iscas/base/biz/filter/LoginFilter.class */
public class LoginFilter extends OncePerRequestFilter implements Constants {
    private static final Logger log;
    private static volatile Map<RequestMappingInfo, HandlerMethod> requestInfoMethodMap;
    private final AbstractAuthService authService;
    private final AntPathMatcher pathMatcher = new AntPathMatcher();
    private final Map<String, Boolean> skipAuthenticationMap = new ConcurrentHashMap();
    static final /* synthetic */ boolean $assertionsDisabled;

    public LoginFilter(AbstractAuthService abstractAuthService) {
        this.authService = abstractAuthService;
    }

    protected void doFilterInternal(@NotNull HttpServletRequest httpServletRequest, @NotNull HttpServletResponse httpServletResponse, @NotNull FilterChain filterChain) throws ServletException, IOException {
        if (log.isTraceEnabled()) {
            log.trace("进入 LoginFilter 过滤器");
        }
        String contextPath = httpServletRequest.getContextPath();
        AuthContext authContext = new AuthContext();
        try {
            try {
                boolean anyMatch = this.authService.getUrls().values().stream().anyMatch(url -> {
                    return this.pathMatcher.match(contextPath + url.getName(), httpServletRequest.getRequestURI());
                });
                if (anyMatch) {
                    anyMatch = ((SkipAuthProps) SpringUtils.getBean(SkipAuthProps.class)).getUrls().stream().noneMatch(str -> {
                        return this.pathMatcher.match((contextPath + str).replaceAll("/+", "/"), httpServletRequest.getRequestURI());
                    });
                }
                if (!anyMatch) {
                    authContext.setNeedPermission(false);
                    AuthContextHolder.setContext(authContext);
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    AuthContextHolder.setContext(authContext);
                    return;
                }
                if (checkSkipAuthentication(httpServletRequest)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    AuthContextHolder.setContext(authContext);
                    return;
                }
                String token = AuthUtils.getToken(httpServletRequest);
                if (token == null) {
                    throw Exceptions.authenticationRuntimeException("未携带身份认证信息", "header中未携带 Authorization 或未携带cookie或cookie中无Authorization");
                }
                authContext.setToken(token);
                IAuthCacheService iAuthCacheService = (IAuthCacheService) SpringUtils.getApplicationContext().getBean(IAuthCacheService.class);
                if (CacheUtils.getCache(Constants.AUTH_CACHE, token, String.class) == null) {
                    throw Exceptions.authenticationRuntimeException("身份认证信息有误", "token有误或已被注销");
                }
                try {
                    String[] split = this.authService.verifyToken(token).split(";");
                    int parseInt = Integer.parseInt(split[0]);
                    String str2 = split[1];
                    if (!iAuthCacheService.listContains("user-token:" + str2, token)) {
                        throw Exceptions.authenticationRuntimeException("身份认证信息有误", "token已失效");
                    }
                    authContext.setUsername(str2);
                    authContext.setUserId(Integer.valueOf(parseInt));
                    List<Role> roles = this.authService.getRoles(str2);
                    authContext.setRoles(roles);
                    if (roles != null && roles.stream().anyMatch(role -> {
                        return Objects.equals(role.getName(), Constants.SUPER_ROLE_KEY);
                    })) {
                        authContext.setSuper(true);
                        AuthContextHolder.setContext(authContext);
                        filterChain.doFilter(httpServletRequest, httpServletResponse);
                        AuthContextHolder.setContext(authContext);
                        return;
                    }
                    if (roles == null) {
                        throw Exceptions.authenticationRuntimeException("用户或其角色信息不存在", "token中携带的用户或其角色信息不存在");
                    }
                    Iterator<Role> it = roles.iterator();
                    while (it.hasNext()) {
                        List<Url> urls = it.next().getUrls();
                        if (!CollectionUtils.isEmpty(urls) && urls.stream().anyMatch(url2 -> {
                            return this.pathMatcher.match(contextPath + url2.getName(), httpServletRequest.getRequestURI());
                        })) {
                            AuthContextHolder.setContext(authContext);
                            filterChain.doFilter(httpServletRequest, httpServletResponse);
                            AuthContextHolder.setContext(authContext);
                            return;
                        }
                    }
                    throw Exceptions.authorizationRuntimeException("鉴权失败");
                } catch (ValidTokenException e) {
                    throw Exceptions.authenticationRuntimeException("校验身份信息出错", "校验token出错");
                }
            } catch (Exception e2) {
                throw Exceptions.authenticationRuntimeException("获取角色信息失败", e2);
            }
        } catch (Throwable th) {
            AuthContextHolder.setContext(authContext);
            throw th;
        }
    }

    private boolean checkSkipAuthentication(HttpServletRequest httpServletRequest) {
        return this.skipAuthenticationMap.compute(httpServletRequest.getRequestURI(), (str, bool) -> {
            if (bool != null) {
                return bool;
            }
            Map<RequestMappingInfo, HandlerMethod> requestInfoMap = getRequestInfoMap();
            if (MapUtils.isNotEmpty(requestInfoMap)) {
                String requestURI = getRequestURI(httpServletRequest);
                for (Map.Entry<RequestMappingInfo, HandlerMethod> entry : requestInfoMap.entrySet()) {
                    PatternsRequestCondition patternsCondition = entry.getKey().getPatternsCondition();
                    if (!$assertionsDisabled && patternsCondition == null) {
                        throw new AssertionError();
                    }
                    if (CollectionUtils.isNotEmpty(patternsCondition.getMatchingPatterns(requestURI))) {
                        Method method = entry.getValue().getMethod();
                        if (((SkipAuthentication) Optional.ofNullable((SkipAuthentication) AnnotationUtils.findAnnotation(method, SkipAuthentication.class)).orElseGet(() -> {
                            return (SkipAuthentication) AnnotationUtils.findAnnotation(method.getDeclaringClass(), SkipAuthentication.class);
                        })) != null) {
                            return true;
                        }
                    }
                }
            }
            return false;
        }).booleanValue();
    }

    private String getRequestURI(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath != null) {
            requestURI = "/" + StringUtils.substringAfter(requestURI, contextPath);
        }
        return requestURI.replaceAll("//+", "/");
    }

    private Map<RequestMappingInfo, HandlerMethod> getRequestInfoMap() {
        if (requestInfoMethodMap == null) {
            synchronized (LoginFilter.class) {
                if (requestInfoMethodMap == null) {
                    requestInfoMethodMap = SpringUtils.getMvcUriMethods();
                }
            }
        }
        return requestInfoMethodMap;
    }

    static {
        $assertionsDisabled = !LoginFilter.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(LoginFilter.class);
    }
}
