package com.codingapi.security.component.sauth.token;

import com.codingapi.security.component.common.util.IpUtils;
import com.codingapi.security.component.common.util.Jsons;
import com.codingapi.security.component.sauth.SAuthConfig;
import com.codingapi.security.component.sauth.SAuthHandleException;
import com.codingapi.security.component.sauth.SAuthLogic;
import com.codingapi.security.component.sauth.ao.ErrorResponse;
import java.io.IOException;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;

@Component
/* loaded from: input_file:com/codingapi/security/component/sauth/token/TokenInterceptor.class */
public class TokenInterceptor implements HandlerInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger(TokenInterceptor.class);
    private final SAuthLogic SAuthLogic;
    private final SAuthConfig sAuthConfig;
    private final List<String> ignoreUrls = new LinkedList();

    @Autowired
    public TokenInterceptor(SAuthLogic sAuthLogic, SAuthConfig sAuthConfig) {
        this.SAuthLogic = sAuthLogic;
        this.sAuthConfig = sAuthConfig;
        this.ignoreUrls.addAll(sAuthLogic.ignoreUrls());
        this.ignoreUrls.addAll(sAuthConfig.getIgnoreUrls());
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        if (!this.sAuthConfig.isEnabled()) {
            return true;
        }
        if (IpUtils.isInternal(IpUtils.getClientIp(httpServletRequest)) && httpServletRequest.getRequestURI().startsWith("/sauth/")) {
            return true;
        }
        for (String str : this.ignoreUrls) {
            int indexOf = str.indexOf("*");
            if ((indexOf != -1 && httpServletRequest.getRequestURI().startsWith(str.substring(0, indexOf))) || httpServletRequest.getRequestURI().equalsIgnoreCase(str)) {
                return true;
            }
        }
        try {
            if (this.SAuthLogic.isIgnored(httpServletRequest)) {
                LOG.info("Ignored caused logic.");
                return true;
            }
            String header = httpServletRequest.getHeader("Authorization");
            if (Objects.isNull(header)) {
                header = httpServletRequest.getParameter("token");
            }
            if (StringUtils.isEmpty(header)) {
                LOG.warn("unauthorized: token is null. URL: " + httpServletRequest.getRequestURI());
                responseError(401, "unauthorized: 需要鉴权", httpServletResponse);
                return false;
            }
            LOG.debug("Token is: {}", header);
            if (this.SAuthLogic.verify(header)) {
                return true;
            }
            LOG.warn("unauthorized: invalid token. url: " + httpServletRequest.getRequestURI());
            responseError(401, "unauthorized: invalid token", httpServletResponse);
            return false;
        } catch (SAuthHandleException e) {
            responseError(403, e.getMessage(), httpServletResponse);
            return false;
        }
    }

    private void responseError(int i, String str, HttpServletResponse httpServletResponse) {
        ErrorResponse errorResponse = new ErrorResponse();
        errorResponse.setCode(i);
        errorResponse.setMessage(str);
        httpServletResponse.setStatus(i);
        httpServletResponse.setCharacterEncoding("utf8");
        httpServletResponse.addHeader("Content-Type", "application/json;charset=UTF-8");
        try {
            httpServletResponse.getOutputStream().write(Jsons.toJsonUTF8Bytes(errorResponse));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
