package com.cory.web.security;

import com.cory.model.Resource;
import com.cory.model.Role;
import com.cory.service.RoleService;
import com.cory.util.systemconfigcache.SystemConfigCacheUtil;
import com.cory.web.config.CoryWebProperties;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/cory/web/security/UserFilter.class */
public class UserFilter extends org.apache.shiro.web.filter.authc.UserFilter {

    @Autowired
    private RoleService roleService;

    @Autowired
    private CoryWebProperties coryWebProperties;

    protected void redirectToLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String encodedReturnUrl = getEncodedReturnUrl(httpServletRequest);
        String loginUrl = getLoginUrl();
        if (!StringUtils.isEmpty(encodedReturnUrl)) {
            loginUrl = loginUrl + "?returnUrl=" + encodedReturnUrl;
        }
        WebUtils.issueRedirect(httpServletRequest, httpServletResponse, loginUrl);
    }

    private String getEncodedReturnUrl(HttpServletRequest httpServletRequest) throws UnsupportedEncodingException {
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.startsWith(httpServletRequest.getContextPath())) {
            requestURI = requestURI.substring(httpServletRequest.getContextPath().length());
        }
        if (requestURI.startsWith("/")) {
            requestURI = requestURI.substring(1);
        }
        String queryString = httpServletRequest.getQueryString();
        if (!StringUtils.isEmpty(queryString)) {
            requestURI = requestURI + "?" + queryString;
        }
        return URLEncoder.encode(requestURI, "UTF-8");
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        boolean z = false;
        String pathWithinApplication = getPathWithinApplication(servletRequest);
        Subject subject = getSubject(servletRequest, servletResponse);
        if (skipAuth(pathWithinApplication)) {
            return true;
        }
        if (UserUtils.isLoginUser(subject)) {
            if (isAnonUrl(pathWithinApplication) || canAccess(servletRequest, servletResponse, pathWithinApplication)) {
                z = true;
            }
        } else if (isAnonUrl(pathWithinApplication)) {
            z = true;
        }
        return z;
    }

    private boolean skipAuth(String str) {
        String skipShiroAuthUrlPattern = this.coryWebProperties.getSkipShiroAuthUrlPattern();
        if (StringUtils.isBlank(skipShiroAuthUrlPattern) || StringUtils.isBlank(str)) {
            return false;
        }
        if (!str.startsWith("/")) {
            str = "/" + str;
        }
        return str.matches(skipShiroAuthUrlPattern);
    }

    private boolean canAccess(ServletRequest servletRequest, ServletResponse servletResponse, String str) {
        return getSubject(servletRequest, servletResponse).isPermitted(str);
    }

    private boolean isAnonUrl(String str) {
        Role byName;
        String cache = SystemConfigCacheUtil.getCache("anon_role_name");
        if (StringUtils.isBlank(cache) || null == (byName = this.roleService.getByName(cache))) {
            return false;
        }
        List<Resource> resources = byName.getResources();
        if (CollectionUtils.isEmpty(resources)) {
            return false;
        }
        Iterator<Resource> it = resources.iterator();
        while (it.hasNext()) {
            if (pathsMatch(it.next().getValue(), str)) {
                return true;
            }
        }
        return false;
    }

    private void redirectTo403Page(ServletRequest servletRequest, ServletResponse servletResponse) {
        try {
            ((HttpServletResponse) servletResponse).sendRedirect(((HttpServletRequest) servletRequest).getContextPath() + "/e/403.html");
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (!getSubject(servletRequest, servletResponse).isAuthenticated()) {
            return super.onAccessDenied(servletRequest, servletResponse);
        }
        redirectTo403Page(servletRequest, servletResponse);
        return false;
    }
}
