package tech.codingless.core.gateway.interceptor;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson2.JSONObject;
import java.util.TreeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.BooleanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import tech.codingless.core.gateway.annotation.GrantModuleCondition;
import tech.codingless.core.gateway.annotation.MyAccessKeyAuth;
import tech.codingless.core.gateway.annotation.MyAuth;
import tech.codingless.core.gateway.annotation.MyBiz;
import tech.codingless.core.gateway.data.MyMemoryAnalysisFlag;
import tech.codingless.core.gateway.helper.AccessKeyHelper;
import tech.codingless.core.gateway.util.SHAUtil;
import tech.codingless.core.gateway.util.SessionUtil;
import tech.codingless.core.gateway.util.SignUtil;
import tech.codingless.core.gateway.util.StringUtil;

/* loaded from: input_file:tech/codingless/core/gateway/interceptor/GatewayInterceptor.class */
public class GatewayInterceptor implements AsyncHandlerInterceptor {
    private static final String ACCESS_KEY = "Access-Key";
    private static final String ACCESS_TIMESTAMP = "Access-Timestamp";
    private static final String ACCESS_SIGN = "Access-Sign";
    private static final String X_REAL_IP = "X-Real-IP";
    private static final Logger log = LoggerFactory.getLogger(GatewayInterceptor.class);
    private static final ThreadLocal<MyMemoryAnalysisFlag> flag = new ThreadLocal<>();
    private static final ThreadLocal<Long> t = new ThreadLocal<>();
    private static final ThreadLocal<Boolean> DISABLE_RESPONSE_LOG = new ThreadLocal<>();
    private static final ThreadLocal<String> REQUEST_BODY = new ThreadLocal<>();

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        super.postHandle(httpServletRequest, httpServletResponse, obj, modelAndView);
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        try {
            if (!(obj instanceof HandlerMethod)) {
                return super.preHandle(httpServletRequest, httpServletResponse, obj);
            }
            clearSession();
            t.set(Long.valueOf(System.currentTimeMillis()));
            HandlerMethod handlerMethod = (HandlerMethod) obj;
            MyBiz myBiz = (MyBiz) handlerMethod.getMethodAnnotation(MyBiz.class);
            if (myBiz != null) {
                DISABLE_RESPONSE_LOG.set(Boolean.valueOf(myBiz.disableResponseLog()));
            }
            String genGUID = StringUtil.genGUID();
            httpServletResponse.addHeader("Request-Id", genGUID);
            flag.set(new MyMemoryAnalysisFlag("REQ:" + httpServletRequest.getRequestURL().toString(), genGUID));
            REQUEST_BODY.remove();
            MyAccessKeyAuth myAccessKeyAuth = (MyAccessKeyAuth) handlerMethod.getMethodAnnotation(MyAccessKeyAuth.class);
            if (myAccessKeyAuth == null) {
                return super.preHandle(httpServletRequest, httpServletResponse, obj);
            }
            String header = httpServletRequest.getHeader(ACCESS_KEY);
            String header2 = httpServletRequest.getHeader(ACCESS_TIMESTAMP);
            String header3 = httpServletRequest.getHeader(ACCESS_SIGN);
            if (StringUtil.hasEmpty(header, header2, header3)) {
                httpServletResponse.setHeader(MyAuth.UNAUTHORIZED_MSG, "1");
                httpServletResponse.sendError(MyAuth.UNAUTHORIZED_CODE);
                return false;
            }
            AccessKeyHelper.AccessKey accessKey = AccessKeyHelper.get(header.trim());
            String findModuleNameByResourcePkg = GrantModuleCondition.findModuleNameByResourcePkg(handlerMethod.getBean().getClass());
            if (StringUtil.isEmpty(findModuleNameByResourcePkg)) {
                httpServletResponse.setHeader(MyAuth.UNAUTHORIZED_MSG, "1");
                httpServletResponse.sendError(MyAuth.UNAUTHORIZED_CODE);
                return false;
            }
            if (!accessKey.isReadAble(findModuleNameByResourcePkg) && !accessKey.isWriteAble(findModuleNameByResourcePkg)) {
                httpServletResponse.setHeader(MyAuth.UNAUTHORIZED_MSG, "1");
                httpServletResponse.sendError(MyAuth.UNAUTHORIZED_CODE);
                return false;
            }
            if (myAccessKeyAuth.requiredWriteAble() && BooleanUtils.isFalse(Boolean.valueOf(accessKey.isWriteAble(findModuleNameByResourcePkg)))) {
                httpServletResponse.setHeader(MyAuth.UNAUTHORIZED_MSG, "1");
                httpServletResponse.sendError(MyAuth.UNAUTHORIZED_CODE);
                return false;
            }
            if ("GET".equalsIgnoreCase(httpServletRequest.getMethod())) {
                TreeMap treeMap = new TreeMap();
                httpServletRequest.getParameterNames().asIterator().forEachRemaining(str -> {
                    treeMap.put(str, httpServletRequest.getParameter(str));
                });
                if (SHAUtil.verifySign(accessKey.getSecret(), SignUtil.toSignSrc(treeMap, header2), header3)) {
                    MyAccessKeyAuth.CURRENT_COMPANY_ID.set(accessKey.getCompany());
                    MyAccessKeyAuth.ACCESS_KEY.set(accessKey.getKey());
                    return super.preHandle(httpServletRequest, httpServletResponse, obj);
                }
                httpServletResponse.setHeader(MyAuth.UNAUTHORIZED_MSG, "1");
                httpServletResponse.sendError(MyAuth.UNAUTHORIZED_CODE);
                return false;
            }
            if (!"application/json".equalsIgnoreCase(httpServletRequest.getContentType()) || !(httpServletRequest instanceof BodyReaderHttpServletRequestWrapper)) {
                return false;
            }
            BodyReaderHttpServletRequestWrapper bodyReaderHttpServletRequestWrapper = (BodyReaderHttpServletRequestWrapper) httpServletRequest;
            String requestBody = bodyReaderHttpServletRequestWrapper.getRequestBody();
            REQUEST_BODY.set(requestBody);
            if (SHAUtil.verifySign(accessKey.getSecret(), requestBody + "&" + header2, header3)) {
                MyAccessKeyAuth.CURRENT_COMPANY_ID.set(accessKey.getCompany());
                MyAccessKeyAuth.ACCESS_KEY.set(accessKey.getKey());
                return super.preHandle(bodyReaderHttpServletRequestWrapper, httpServletResponse, obj);
            }
            httpServletResponse.setHeader(MyAuth.UNAUTHORIZED_MSG, "1");
            httpServletResponse.sendError(MyAuth.UNAUTHORIZED_CODE);
            return false;
        } catch (Throwable th) {
            log.error("error", th);
            return false;
        }
    }

    private void clearSession() {
        flag.remove();
        MyAccessKeyAuth.CURRENT_COMPANY_ID.remove();
        MyAccessKeyAuth.ACCESS_KEY.remove();
        REQUEST_BODY.remove();
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("ip", httpServletRequest.getHeader(X_REAL_IP));
            jSONObject.put("t", Long.valueOf(System.currentTimeMillis()));
            jSONObject.put("method", httpServletRequest.getMethod());
            jSONObject.put("companyId", MyAccessKeyAuth.CURRENT_COMPANY_ID.get());
            jSONObject.put("access_key", MyAccessKeyAuth.ACCESS_KEY.get());
            jSONObject.put("cost", Long.valueOf(System.currentTimeMillis() - t.get().longValue()));
            jSONObject.put("uri", httpServletRequest.getRequestURI());
            jSONObject.put("url_param", JSON.toJSONString(httpServletRequest.getParameterMap()));
            if ("POST".equalsIgnoreCase(httpServletRequest.getMethod()) && "application/json".equalsIgnoreCase(httpServletRequest.getContentType()) && (httpServletRequest instanceof BodyReaderHttpServletRequestWrapper)) {
                jSONObject.put("req_body", JSON.toJSONString(httpServletRequest.getParameterMap()));
            }
            if (BooleanUtils.isNotTrue(DISABLE_RESPONSE_LOG.get())) {
                jSONObject.put("response", SessionUtil.CURRENT_RESPONSE.get());
            }
            StringBuilder sb = new StringBuilder();
            sb.append("REQUEST_INFO:").append(jSONObject);
            log.info(sb.toString());
            clearSession();
        } catch (Throwable th) {
            clearSession();
            throw th;
        }
        super.afterCompletion(httpServletRequest, httpServletResponse, obj, exc);
    }
}
