package com.jhscale.security.zuul.security.filter;

import com.jhscale.common.utils.JSONUtils;
import com.jhscale.security.bus.client.SecurityBusClient;
import com.jhscale.security.bus.client.vo.CheckPermissionReq;
import com.jhscale.security.bus.client.vo.CheckPermissionRes;
import com.jhscale.security.component.cache.base.LocalCache;
import com.jhscale.security.component.consensus.message.ApplicationInfo;
import com.jhscale.security.component.consensus.message.SecurityInfo;
import com.jhscale.security.component.consensus.message.SsoUserInfo;
import com.jhscale.security.component.zuul.FilterUtils;
import com.jhscale.security.component.zuul.ZuulComponentConstants;
import com.jhscale.security.component.zuul.exp.SecurityZuulException;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

@Component
/* loaded from: input_file:com/jhscale/security/zuul/security/filter/PermissionFilter.class */
public class PermissionFilter extends ZuulFilter {
    private static final Logger log = LoggerFactory.getLogger(PermissionFilter.class);

    @Autowired
    private SecurityBusClient securityBusClient;

    @Autowired
    private AntPathMatcher antPathMatcher;

    @Autowired
    @Qualifier("no-perm-control-url")
    private LocalCache localCache;

    public String filterType() {
        return "pre";
    }

    public int filterOrder() {
        return ZuulComponentConstants.PERMISSION_FILTER_ORDER.intValue();
    }

    public boolean shouldFilter() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        if (currentContext.get("verify-token") == null || currentContext.get("application-identification") == null) {
            return false;
        }
        Set set = (Set) this.localCache.get((String) currentContext.get("application-id"), Set.class);
        if (Objects.isNull(set)) {
            return true;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            if (this.antPathMatcher.match((String) it.next(), currentContext.getRequest().getRequestURI())) {
                return false;
            }
        }
        return true;
    }

    public Object run() throws ZuulException {
        log.debug("开始权限识别");
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        try {
            ApplicationInfo applicationInfo = (ApplicationInfo) currentContext.get("application-identification");
            SsoUserInfo ssoUserInfo = (SsoUserInfo) currentContext.get("verify-token");
            String requestURI = request.getRequestURI();
            String method = request.getMethod();
            CheckPermissionReq checkPermissionReq = new CheckPermissionReq();
            checkPermissionReq.setSsoUser(ssoUserInfo);
            checkPermissionReq.setUrl(requestURI);
            checkPermissionReq.setMethod(method);
            checkPermissionReq.setApplicationId(applicationInfo.getAppId());
            CheckPermissionRes checkPermission = this.securityBusClient.checkPermission(checkPermissionReq);
            if (!checkPermission.getPass().booleanValue()) {
                FilterUtils.forbidden(checkPermission.getMessage(), 403);
                return null;
            }
            if (checkPermission.getSecurityResource() == null) {
                log.warn("{} 不存在权限校验系统，请添加后刷新缓存", applicationInfo.getAppId());
            }
            currentContext.addZuulRequestHeader("X-Security-Info", JSONUtils.objectToUTF8Base64Code(new SecurityInfo(checkPermission.getExpression(), checkPermission.getSecurityResource(), (List) Optional.ofNullable(checkPermission.getRoles()).orElse(Collections.emptyList()), checkPermission.getInternational(), checkPermission.getResponseType())));
            log.debug("权限识别结束");
            return null;
        } catch (Exception e) {
            log.error("权限识别异常：{}", e.getMessage(), e);
            FilterUtils.fail(403, currentContext, new SecurityZuulException(e.getMessage()));
            return null;
        }
    }
}
