package com.github.flashvayne.aspect;

import com.github.flashvayne.dto.RbacTokenInfo;
import com.github.flashvayne.property.RbacProperties;
import com.github.flashvayne.service.TokenService;
import com.github.flashvayne.utils.AuthUserUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.After;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Aspect
@Component
/* loaded from: input_file:com/github/flashvayne/aspect/RbacAuthorizationAspect.class */
public class RbacAuthorizationAspect {
    private static final Logger log = LoggerFactory.getLogger(RbacAuthorizationAspect.class);

    @Autowired
    private TokenService tokenService;

    @Autowired
    private RbacProperties rbacProperties;

    @Pointcut("@annotation(com.github.flashvayne.aspect.RbacAuthorization)")
    public void pointcut() {
    }

    @Around("pointcut()")
    public Object interceptor(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = requestAttributes.getRequest();
        HttpServletResponse response = requestAttributes.getResponse();
        String token = getToken(request);
        if (StringUtils.isBlank(token)) {
            log.warn("未获取到token，身份认证失败");
            response.setStatus(HttpStatus.UNAUTHORIZED.value());
            return null;
        }
        RbacTokenInfo decodeAndRefreshToken = this.tokenService.decodeAndRefreshToken(token);
        if (decodeAndRefreshToken == null) {
            log.warn("token校验失败，或已过期");
            response.setStatus(HttpStatus.UNAUTHORIZED.value());
            return null;
        }
        String requestURI = request.getRequestURI();
        if (!CollectionUtils.isEmpty(decodeAndRefreshToken.getResources()) && decodeAndRefreshToken.getResources().contains(requestURI)) {
            AuthUserUtils.set(decodeAndRefreshToken);
            return proceedingJoinPoint.proceed();
        }
        log.warn("无权限完成操作");
        response.setStatus(HttpStatus.FORBIDDEN.value());
        return null;
    }

    @After("pointcut()")
    public void doRemove() {
        AuthUserUtils.remove();
    }

    private String getToken(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(this.rbacProperties.getTokenName());
    }
}
