package org.zhangxiao.paladin2.admin.shiro;

import java.io.IOException;
import java.util.HashMap;
import java.util.Optional;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.util.StringUtils;
import org.zhangxiao.paladin2.admin.AdminProperties;
import org.zhangxiao.paladin2.admin.entity.SysAdmin;
import org.zhangxiao.paladin2.admin.service.impl.SysPermissionResourceService;
import org.zhangxiao.paladin2.common.util.CookieUtils;
import org.zhangxiao.paladin2.common.util.JacksonUtils;
import org.zhangxiao.paladin2.common.util.StrUtils;

/* loaded from: input_file:org/zhangxiao/paladin2/admin/shiro/AdminFilter.class */
public class AdminFilter extends AccessControlFilter {
    private static final Logger log = LoggerFactory.getLogger(AdminFilter.class);
    private static final String UNAUTHORIZED_MESSAGE = "未登录，无权访问";
    private static final String FORBIDDEN_MESSAGE = "未授权，无权访问";
    private SysPermissionResourceService sysPermissionResourceService;
    private AdminProperties adminProperties;

    public static String getJwtStr(ServletRequest servletRequest) {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        String header = http.getHeader("Authorization");
        if (StrUtils.isEmpty(header)) {
            header = CookieUtils.getCookieValue(http, "Authorization");
        }
        return StringUtils.isEmpty(header) ? "" : header;
    }

    public void setSysPermissionResourceService(SysPermissionResourceService sysPermissionResourceService, AdminProperties adminProperties) {
        this.sysPermissionResourceService = sysPermissionResourceService;
        this.adminProperties = adminProperties;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("isAccessAllowed");
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        String requestURI = http.getRequestURI();
        if (log.isDebugEnabled()) {
            log.debug("onAccessDenied：" + requestURI);
        }
        String jwtStr = getJwtStr(http);
        if (StringUtils.isEmpty(jwtStr)) {
            onLoginFailure(servletResponse, UNAUTHORIZED_MESSAGE);
            return false;
        }
        AdminToken parse = AdminToken.parse(jwtStr, this.adminProperties.getJwtSecret());
        if (!parse.isAuthenticated().booleanValue()) {
            onLoginFailure(servletResponse, UNAUTHORIZED_MESSAGE);
            return false;
        }
        SecurityUtils.getSubject().login(parse);
        Subject subject = getSubject(servletRequest, servletResponse);
        if ("1".equals(parse.getPrincipal().toString())) {
            return true;
        }
        boolean z = false;
        if (!StringUtils.isEmpty(requestURI)) {
            if (log.isDebugEnabled()) {
                log.debug("当前访问URI:" + requestURI);
            }
            if (requestURI.equals(this.adminProperties.getApiPrefix() + "/sys/admin/ui_permission")) {
                z = true;
            } else {
                String[] apiPermission = this.sysPermissionResourceService.getApiPermission(requestURI);
                if (log.isDebugEnabled()) {
                    log.debug(JacksonUtils.toJson(apiPermission));
                }
                boolean[] isPermitted = subject.isPermitted(apiPermission);
                int length = isPermitted.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (isPermitted[i]) {
                        z = true;
                        break;
                    }
                    i++;
                }
            }
        }
        if (!z) {
            onAuthFailure(servletResponse);
        }
        return z;
    }

    protected void cleanup(ServletRequest servletRequest, ServletResponse servletResponse, Exception exc) throws ServletException, IOException {
        log.debug("cleanup");
        if (exc instanceof AuthenticationException) {
            onLoginFailure(servletResponse, exc.getMessage());
            exc = null;
        }
        super.cleanup(servletRequest, servletResponse, exc);
    }

    private void onAuthFailure(ServletResponse servletResponse) {
        try {
            responseFailureJson((HttpServletResponse) servletResponse, HttpStatus.FORBIDDEN.value(), FORBIDDEN_MESSAGE);
        } catch (IOException e) {
        }
    }

    private void onLoginFailure(ServletResponse servletResponse, String str) {
        try {
            responseFailureJson((HttpServletResponse) servletResponse, HttpStatus.UNAUTHORIZED.value(), str);
        } catch (IOException e) {
        }
    }

    private void responseFailureJson(HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setStatus(403);
        HashMap hashMap = new HashMap();
        hashMap.put(SysAdmin.FN_status, Integer.valueOf(i));
        hashMap.put("message", str);
        httpServletResponse.getWriter().write((String) Optional.ofNullable(JacksonUtils.toJson(hashMap)).orElse(""));
    }
}
