package dev.macula.boot.starter.cloud.gateway.security;

import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.StrUtil;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpMethod;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.util.AntPathMatcher;
import reactor.core.publisher.Mono;

/* loaded from: input_file:dev/macula/boot/starter/cloud/gateway/security/ResourceServerAuthorizationManager.class */
public class ResourceServerAuthorizationManager implements ReactiveAuthorizationManager<AuthorizationContext> {
    private static final Logger log = LoggerFactory.getLogger(ResourceServerAuthorizationManager.class);
    private final RedisTemplate redisTemplate;
    private final List<String> onlyAuthUrls;

    public Mono<AuthorizationDecision> check(Mono<Authentication> mono, AuthorizationContext authorizationContext) {
        ServerHttpRequest request = authorizationContext.getExchange().getRequest();
        if (request.getMethod() == HttpMethod.OPTIONS) {
            return Mono.just(new AuthorizationDecision(true));
        }
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        String methodValue = request.getMethodValue();
        String path = request.getURI().getPath();
        String str = methodValue + ":" + path;
        String first = request.getHeaders().getFirst("Authorization");
        if (!StrUtil.isNotBlank(first) || !StrUtil.startWithIgnoreCase(first, "Bearer ")) {
            return Mono.just(new AuthorizationDecision(false));
        }
        if (this.onlyAuthUrls.stream().anyMatch(str2 -> {
            return antPathMatcher.match(str2, path);
        })) {
            return Mono.just(new AuthorizationDecision(true));
        }
        Map entries = this.redisTemplate.opsForHash().entries("system:perm_roles_rule:url");
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        for (Map.Entry entry : entries.entrySet()) {
            if (antPathMatcher.match((String) entry.getKey(), str)) {
                arrayList.addAll(Convert.toList(String.class, Convert.toList(String.class, entry.getValue())));
                if (!z) {
                    z = true;
                }
            }
        }
        return !z ? Mono.just(new AuthorizationDecision(true)) : mono.filter((v0) -> {
            return v0.isAuthenticated();
        }).flatMapIterable((v0) -> {
            return v0.getAuthorities();
        }).map((v0) -> {
            return v0.getAuthority();
        }).any(str3 -> {
            String substring = str3.substring("ROLE_".length());
            if ("ROOT".equals(substring)) {
                return true;
            }
            return CollectionUtil.isNotEmpty(arrayList) && arrayList.contains(substring);
        }).map((v1) -> {
            return new AuthorizationDecision(v1);
        }).defaultIfEmpty(new AuthorizationDecision(false));
    }

    public ResourceServerAuthorizationManager(RedisTemplate redisTemplate, List<String> list) {
        this.redisTemplate = redisTemplate;
        this.onlyAuthUrls = list;
    }

    public /* bridge */ /* synthetic */ Mono check(Mono mono, Object obj) {
        return check((Mono<Authentication>) mono, (AuthorizationContext) obj);
    }
}
