package com.codingapi.zuul.security.filter;

import com.codingapi.security.bus.client.SecurityBusClient;
import com.codingapi.security.bus.client.ato.vo.CheckPermissionReq;
import com.codingapi.security.bus.client.ato.vo.CheckPermissionRes;
import com.codingapi.security.component.cache.base.LocalCache;
import com.codingapi.security.component.common.util.Jsons;
import com.codingapi.security.component.common.util.Strings;
import com.codingapi.security.consensus.message.ApplicationInfo;
import com.codingapi.security.consensus.message.SecurityInfo;
import com.codingapi.security.consensus.message.SsoUserInfo;
import com.codingapi.security.zuul.component.FilterUtils;
import com.codingapi.security.zuul.component.ZuulComponentConstants;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

@Component
/* loaded from: input_file:com/codingapi/zuul/security/filter/PermissionFilter.class */
public class PermissionFilter extends ZuulFilter {
    private static final Logger LOG = LoggerFactory.getLogger(PermissionFilter.class);
    private final SecurityBusClient securityBusClient;
    private final LocalCache localCache;
    private final AntPathMatcher antPathMatcher;

    public PermissionFilter(SecurityBusClient securityBusClient, @Qualifier("no-perm-control-url") LocalCache localCache, AntPathMatcher antPathMatcher) {
        this.securityBusClient = securityBusClient;
        this.localCache = localCache;
        this.antPathMatcher = antPathMatcher;
    }

    public String filterType() {
        return "pre";
    }

    public int filterOrder() {
        return ZuulComponentConstants.PERMISSION_FILTER_ORDER.intValue();
    }

    public boolean shouldFilter() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        if (currentContext.get(ZuulComponentConstants.VERIFY_TOKEN_FLAG) == null || currentContext.get(ZuulComponentConstants.APPLICATION_IDENTIFICATION_FLAG) == null) {
            return false;
        }
        String requestURI = currentContext.getRequest().getRequestURI();
        Set set = (Set) this.localCache.get((String) currentContext.get("application-id"), Set.class);
        if (Objects.isNull(set)) {
            return true;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            if (this.antPathMatcher.match((String) it.next(), requestURI)) {
                return false;
            }
        }
        return true;
    }

    public Object run() {
        LOG.debug("开始权限识别");
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        ApplicationInfo applicationInfo = (ApplicationInfo) currentContext.get(ZuulComponentConstants.APPLICATION_IDENTIFICATION_FLAG);
        SsoUserInfo ssoUserInfo = (SsoUserInfo) currentContext.get(ZuulComponentConstants.VERIFY_TOKEN_FLAG);
        String requestURI = request.getRequestURI();
        String method = request.getMethod();
        CheckPermissionReq checkPermissionReq = new CheckPermissionReq();
        checkPermissionReq.setSsoUser(ssoUserInfo);
        checkPermissionReq.setUrl(requestURI);
        checkPermissionReq.setMethod(method);
        checkPermissionReq.setApplicationId(applicationInfo.getAppId());
        CheckPermissionRes checkPermission = this.securityBusClient.checkPermission(checkPermissionReq);
        if (!checkPermission.getPass().booleanValue()) {
            FilterUtils.forbidden(checkPermission.getMessage(), 40300);
            return null;
        }
        if (checkPermission.getSecurityResource() == null) {
            LOG.warn("{} 不存在权限校验系统，请添加后刷新缓存", applicationInfo.getAppId());
        }
        currentContext.addZuulRequestHeader("X-Security-Info", Strings.urlEncodeUTF8(Jsons.toJsonString(new SecurityInfo(checkPermission.getExpression(), checkPermission.getSecurityResource(), (List) Optional.ofNullable(checkPermission.getRoles()).orElse(Collections.emptyList())))));
        LOG.debug("权限识别结束");
        return null;
    }
}
