package net.risesoft.security;

import com.alibaba.fastjson.JSON;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import net.risedata.rpc.provide.context.RPCRequestContext;
import net.risesoft.exceptions.TokenException;
import net.risesoft.model.user.UserInfo;
import net.risesoft.pojo.Y9Result;
import net.risesoft.security.model.DataUser;
import net.risesoft.security.model.Role;
import net.risesoft.security.service.RoleService;
import net.risesoft.security.service.TokenService;
import net.risesoft.util.IpUtils;
import net.risesoft.util.PattenUtil;
import net.risesoft.y9.Y9LoginUserHolder;
import net.risesoft.y9public.repository.DataBusinessRepository;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;
import org.springframework.util.PatternMatchUtils;
import org.springframework.web.context.request.RequestContextHolder;

@Service
/* loaded from: input_file:net/risesoft/security/DefaultSecurityManager.class */
public class DefaultSecurityManager implements SecurityManager, Filter, ApplicationContextAware {
    private List<String> removedToken;

    @Autowired
    private TokenService tokenService;

    @Autowired
    private RoleService roleService;
    public static Y9Result<Object> noToken = Y9Result.failure(401, "no token or Token expired");
    public static Y9Result<Object> tokenError = Y9Result.failure(401, "no token or Token expired");
    public static Y9Result<Object> noPermission = Y9Result.failure(403, "no permission");

    @Autowired(required = false)
    private List<SecurityConfig> securityConfigs;

    @Value("${server.servlet.context-path:}")
    private String baseContext;

    @Autowired
    private DataBusinessRepository dataBusinessRepository;
    private ThreadLocal<Object> threadLocal = new ThreadLocal<>();
    private ConcurrentHashMap<String, ConcurrentSecurity> TOKEN_SECURITY_MAP = new ConcurrentHashMap<>();
    private Map<String, Long> TOKEN_TIME_MAP = new HashMap();
    public String[] excludeStartUrls = {"/RPC/", "/register/"};
    public String[] excludeEndUrls = {"getToken", "/register/", "getTestData", "saveTestData"};

    public ConcurrentSecurity getConcurrentSecurity() {
        Object obj = this.threadLocal.get();
        if (obj == null) {
            return null;
        }
        if (obj instanceof String) {
            this.threadLocal.set(this.TOKEN_SECURITY_MAP.get(obj));
        }
        return (ConcurrentSecurity) this.threadLocal.get();
    }

    public boolean hasMatch(String str, String str2) {
        return PatternMatchUtils.simpleMatch(str, str2);
    }

    public boolean hasMatch(String[] strArr, String str) {
        for (String str2 : strArr) {
            if (hasMatch(str2, str)) {
                return true;
            }
        }
        return false;
    }

    public void tokenFailure(List<String> list, Long l) {
        boolean z = this.removedToken == null;
        if (z) {
            this.removedToken = new ArrayList();
        }
        for (String str : list) {
            Long l2 = this.TOKEN_TIME_MAP.get(str);
            if (l2 == null) {
                if (this.removedToken.remove(str)) {
                    this.tokenService.deleteToken(str, l.longValue());
                } else {
                    this.removedToken.add(str);
                }
            } else if (l.longValue() >= l2.longValue()) {
                if (this.tokenService.deleteToken(str, l.longValue())) {
                }
                this.TOKEN_TIME_MAP.remove(str);
                this.TOKEN_SECURITY_MAP.remove(str);
            } else if (!this.tokenService.renew(str, l2.longValue())) {
                System.out.println("续订失败需要新增");
            }
        }
        if (z) {
            return;
        }
        this.removedToken = null;
    }

    public boolean removeToken(String str) {
        boolean removeToken = this.tokenService.removeToken(str);
        if (removeToken) {
            this.TOKEN_TIME_MAP.remove(str);
            this.TOKEN_SECURITY_MAP.remove(str);
        }
        return removeToken;
    }

    public String getConcurrentIp() {
        RPCRequestContext current = RPCRequestFilter.getCurrent();
        return current != null ? ((InetSocketAddress) current.getConcurrentConnection().getRemoteAddress()).getHostString() : IpUtils.getIPAddress(RequestContextHolder.currentRequestAttributes().getRequest());
    }

    @Scheduled(cron = "0 0 0/1 * * ? ")
    public void checkFailureToken() {
        Set<String> keySet = this.TOKEN_TIME_MAP.keySet();
        Long valueOf = Long.valueOf(this.tokenService.getFailureTime());
        for (Object obj : keySet.toArray()) {
            Long l = this.TOKEN_TIME_MAP.get(obj);
            if (l != null && valueOf.longValue() > l.longValue()) {
                this.TOKEN_TIME_MAP.remove(obj);
                this.TOKEN_SECURITY_MAP.remove(obj);
            }
        }
        tokenFailure(this.tokenService.getFailureToken(), valueOf);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            try {
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                String header = httpServletRequest.getHeader("x-token");
                String requestURI = httpServletRequest.getRequestURI();
                if (!StringUtils.isEmpty(header)) {
                    saveSecurity(header);
                    for (SecurityConfig securityConfig : this.securityConfigs) {
                        if (PattenUtil.hasMatch(securityConfig.getCheckUrl(), requestURI)) {
                            if (!PattenUtil.hasMatch(securityConfig.getWhiteList(), requestURI)) {
                                if (!securityConfig.getSecurityCheck().check(securityConfig, getConcurrentSecurity(), requestURI, httpServletRequest)) {
                                    throwError(noPermission, servletRequest, servletResponse);
                                    this.threadLocal.remove();
                                    return;
                                }
                            }
                        }
                    }
                    filterChain.doFilter(servletRequest, servletResponse);
                    this.threadLocal.remove();
                    return;
                }
                for (String str : this.excludeEndUrls) {
                    if (requestURI.endsWith(str)) {
                        filterChain.doFilter(servletRequest, servletResponse);
                        this.threadLocal.remove();
                        return;
                    }
                }
                for (String str2 : this.excludeStartUrls) {
                    if (requestURI.startsWith(str2)) {
                        filterChain.doFilter(servletRequest, servletResponse);
                        this.threadLocal.remove();
                        return;
                    }
                }
                throwError(noToken, servletRequest, servletResponse);
                this.threadLocal.remove();
            } catch (TokenException e) {
                throwError(tokenError, servletRequest, servletResponse);
                this.threadLocal.remove();
            } catch (Exception e2) {
                throwError(Y9Result.failure(500, e2.getMessage()), servletRequest, servletResponse);
                this.threadLocal.remove();
            }
        } catch (Throwable th) {
            this.threadLocal.remove();
            throw th;
        }
    }

    private void saveSecurity(String str) throws Exception {
        DataUser userByToken = this.tokenService.getUserByToken(str);
        List<Role> rolesByUser = this.roleService.getRolesByUser(userByToken.getId());
        if (rolesByUser.size() == 0) {
            throw new Exception("当前用户没有权限，请联系管理员");
        }
        net.risesoft.security.pojo.DataUser dataUser = new net.risesoft.security.pojo.DataUser();
        dataUser.setId(userByToken.getId());
        dataUser.setAccount(userByToken.getAccount());
        dataUser.setUserName(userByToken.getUserName());
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        boolean z = false;
        boolean z2 = false;
        for (Role role : rolesByUser) {
            if (StringUtils.isNotBlank(role.getEnvironments())) {
                arrayList.addAll(Arrays.asList(role.getEnvironments().split(",")));
            }
            if (StringUtils.isNotBlank(role.getJobTypes())) {
                String[] split = role.getJobTypes().split(",");
                arrayList2.addAll(Arrays.asList(split));
                for (String str2 : split) {
                    arrayList2.addAll(this.dataBusinessRepository.findByParentId(str2));
                }
            }
            if (role.getSystemManager().intValue() == 1) {
                z = true;
            }
            if (role.getUserManager().intValue() == 1) {
                z2 = true;
            }
        }
        ConcurrentSecurity concurrentSecurity = new ConcurrentSecurity(dataUser, arrayList2, arrayList, z2, z);
        this.threadLocal.set(str);
        this.TOKEN_SECURITY_MAP.put(str, concurrentSecurity);
        this.TOKEN_TIME_MAP.put(str, Long.valueOf(System.currentTimeMillis()));
        UserInfo userInfo = new UserInfo();
        userInfo.setPersonId(userByToken.getId());
        userInfo.setName(userByToken.getUserName());
        Y9LoginUserHolder.setUserInfo(userInfo);
        Y9LoginUserHolder.setPersonId(userByToken.getId());
        Y9LoginUserHolder.setTenantId("0");
    }

    private void throwError(Y9Result<?> y9Result, ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        servletResponse.setCharacterEncoding("utf-8");
        servletResponse.setContentType("application/json");
        servletResponse.getWriter().write(JSON.toJSONString(y9Result));
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public String getToken() {
        return RequestContextHolder.currentRequestAttributes().getRequest().getHeader("x-token");
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        if (StringUtils.isEmpty(this.baseContext)) {
            return;
        }
        for (int i = 0; i < this.excludeStartUrls.length; i++) {
            this.excludeStartUrls[i] = this.baseContext + this.excludeStartUrls[i];
            System.out.println(this.excludeStartUrls[i]);
        }
    }
}
