package run.iget.security.interceptor;

import cn.hutool.core.collection.CollUtil;
import java.util.Objects;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import run.iget.framework.common.enums.BaseResultEnum;
import run.iget.framework.common.util.ExceptionThrowUtils;
import run.iget.framework.common.util.WebUtils;
import run.iget.security.annotation.AuthCheck;
import run.iget.security.bean.TokenUser;
import run.iget.security.config.SecurityProperties;
import run.iget.security.constant.SecurityConst;
import run.iget.security.util.LoginUtils;

/* loaded from: input_file:run/iget/security/interceptor/AuthCheckInterceptor.class */
public class AuthCheckInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(AuthCheckInterceptor.class);
    private SecurityProperties properties;
    private final AntPathMatcher pathMatcher = new AntPathMatcher();

    public AuthCheckInterceptor(SecurityProperties securityProperties) {
        this.properties = securityProperties;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (Objects.isNull(this.properties) || this.properties.notEnabled()) {
            return true;
        }
        AuthCheck resourceAuth = getResourceAuth(obj);
        if (!needCheckToken(httpServletRequest, resourceAuth)) {
            return true;
        }
        String parameter = WebUtils.getParameter(SecurityConst.HEADER_TOKEN_NAME);
        ExceptionThrowUtils.ofBlank(parameter, BaseResultEnum.ERROR_LOGIN);
        TokenUser byToken = LoginUtils.getByToken(parameter);
        ExceptionThrowUtils.ofNull(byToken, BaseResultEnum.ERROR_AUTH);
        LoginUtils.set(byToken);
        if (!needCheckUri(httpServletRequest, resourceAuth)) {
            return true;
        }
        ExceptionThrowUtils.ofFalse(Boolean.valueOf(hasAuth(httpServletRequest, byToken.getPermissions())), BaseResultEnum.ERROR_AUTH);
        return true;
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        LoginUtils.clear();
    }

    private AuthCheck getResourceAuth(Object obj) {
        if (!(obj instanceof HandlerMethod)) {
            return null;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        AuthCheck authCheck = (AuthCheck) handlerMethod.getMethod().getAnnotation(AuthCheck.class);
        if (Objects.isNull(authCheck)) {
            authCheck = (AuthCheck) handlerMethod.getClass().getAnnotation(AuthCheck.class);
        }
        if (Objects.isNull(authCheck)) {
            authCheck = (AuthCheck) handlerMethod.getBeanType().getAnnotation(AuthCheck.class);
        }
        return authCheck;
    }

    private boolean needCheckToken(HttpServletRequest httpServletRequest, AuthCheck authCheck) {
        boolean z = false;
        if (CollUtil.isNotEmpty(this.properties.getNeedLogin())) {
            z = this.properties.getNeedLogin().stream().anyMatch(str -> {
                return this.pathMatcher.match(str, httpServletRequest.getRequestURI());
            });
        }
        return z || (Objects.nonNull(authCheck) && authCheck.enable());
    }

    private boolean needCheckUri(HttpServletRequest httpServletRequest, AuthCheck authCheck) {
        if (SecurityConst.DISABLE_PERMISSION_CHECK) {
            return false;
        }
        boolean z = false;
        if (CollUtil.isNotEmpty(this.properties.getNeedPermissions())) {
            z = this.properties.getNeedPermissions().stream().anyMatch(str -> {
                return this.pathMatcher.match(str, httpServletRequest.getRequestURI());
            });
        }
        return z || (Objects.nonNull(authCheck) && authCheck.enable() && authCheck.checkUri());
    }

    private boolean hasAuth(HttpServletRequest httpServletRequest, Set<String> set) {
        if (CollUtil.isEmpty(set)) {
            return false;
        }
        return set.stream().anyMatch(str -> {
            return this.pathMatcher.match(str, httpServletRequest.getRequestURI());
        });
    }
}
