package com.neusoft.bsh.boot.web.interceptor;

import com.neusoft.bsh.boot.util.MatchUtil;
import com.neusoft.bsh.boot.web.constant.FrameworkWebConstants;
import com.neusoft.bsh.boot.web.dto.FrameworkWebConfigProperties;
import com.neusoft.bsh.boot.web.dto.ISysUserInfoDto;
import com.neusoft.bsh.boot.web.dto.SessionUserInfoDto;
import com.neusoft.bsh.boot.web.exception.NoPermissionException;
import com.neusoft.bsh.boot.web.exception.SessionTimeoutException;
import com.neusoft.bsh.boot.web.service.IAuthenticationCheckService;
import com.neusoft.bsh.boot.web.token.TokenCacheService;
import com.neusoft.bsh.boot.web.util.SessionUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

@Component("urlAuthenticationInterceptor")
/* loaded from: input_file:com/neusoft/bsh/boot/web/interceptor/UrlAuthenticationInterceptor.class */
public class UrlAuthenticationInterceptor implements HandlerInterceptor {
    private final FrameworkWebConfigProperties frameworkWebConfigProperties;
    private final TokenCacheService tokenCacheService;

    @Nullable
    private final IAuthenticationCheckService authenticationCheckService;
    private static final Logger log = LoggerFactory.getLogger(UrlAuthenticationInterceptor.class);
    private static final ThreadLocal<SessionUserInfoDto> LOCAL_USER = new ThreadLocal<>();

    public boolean preHandle(HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, @Nonnull Object obj) {
        clearContext();
        String substringAfter = StringUtils.substringAfter(httpServletRequest.getRequestURI(), httpServletRequest.getContextPath());
        if (StringUtils.isEmpty(substringAfter)) {
            return true;
        }
        SessionUserInfoDto sessionUserInfoDto = null;
        try {
            sessionUserInfoDto = getSessionUserInfo(httpServletRequest);
        } catch (SessionTimeoutException e) {
        }
        if (sessionUserInfoDto != null) {
            setLocalUser(sessionUserInfoDto);
        }
        if (checkVisitor(substringAfter, sessionUserInfoDto)) {
            return true;
        }
        if (sessionUserInfoDto == null) {
            throw new SessionTimeoutException();
        }
        if (SessionUtil.isAdmin(sessionUserInfoDto.getUserId())) {
            return true;
        }
        if (checkNeedAdminPermission(substringAfter)) {
            throw new NoPermissionException(substringAfter);
        }
        if (this.authenticationCheckService == null || !this.authenticationCheckService.authenticationCheck(httpServletRequest, sessionUserInfoDto, substringAfter)) {
            throw new NoPermissionException(substringAfter);
        }
        return true;
    }

    private boolean checkVisitor(String str, SessionUserInfoDto sessionUserInfoDto) {
        if (!isSupportVisitorUrl(str)) {
            return false;
        }
        if (sessionUserInfoDto != null) {
            return true;
        }
        ISysUserInfoDto visitorUser = FrameworkWebConstants.getVisitorUser();
        setLocalUser(new SessionUserInfoDto().setUserId(visitorUser.getUserId()).setUserName(visitorUser.getUserName()).setLoginName(visitorUser.getLoginName()).setHeadPic(visitorUser.getHeadPic()));
        return true;
    }

    private SessionUserInfoDto getSessionUserInfo(HttpServletRequest httpServletRequest) {
        if (StringUtils.isEmpty((CharSequence) null)) {
            log.warn("call url={}. with token is null", httpServletRequest.getRequestURI());
            throw new SessionTimeoutException();
        }
        SessionUserInfoDto sessionUserInfoByToken = this.tokenCacheService.getSessionUserInfoByToken(null);
        if (sessionUserInfoByToken == null) {
            throw new SessionTimeoutException();
        }
        return sessionUserInfoByToken;
    }

    private boolean isSupportVisitorUrl(String str) {
        if (StringUtils.isEmpty(str)) {
            return true;
        }
        if (CollectionUtils.isEmpty(this.frameworkWebConfigProperties.getVisitorUrlList())) {
            return false;
        }
        return MatchUtil.antPathMatcher(this.frameworkWebConfigProperties.getVisitorUrlList(), str);
    }

    public void afterCompletion(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, @Nonnull Object obj, Exception exc) {
        clearContext();
    }

    public static void clearContext() {
        LOCAL_USER.remove();
    }

    public static SessionUserInfoDto getLocalUser() {
        return LOCAL_USER.get();
    }

    public static void setLocalUser(SessionUserInfoDto sessionUserInfoDto) {
        if (sessionUserInfoDto == null) {
            return;
        }
        LOCAL_USER.set(sessionUserInfoDto);
    }

    private boolean checkNeedAdminPermission(String str) {
        if (CollectionUtils.isEmpty(this.frameworkWebConfigProperties.getNeedAdminPermissionUrlList())) {
            return false;
        }
        return CollectionUtils.containsAny(this.frameworkWebConfigProperties.getNeedAdminPermissionUrlList(), new String[]{str});
    }

    public UrlAuthenticationInterceptor(FrameworkWebConfigProperties frameworkWebConfigProperties, TokenCacheService tokenCacheService, @Nullable IAuthenticationCheckService iAuthenticationCheckService) {
        this.frameworkWebConfigProperties = frameworkWebConfigProperties;
        this.tokenCacheService = tokenCacheService;
        this.authenticationCheckService = iAuthenticationCheckService;
    }
}
