package net.risesoft.security;

import com.alibaba.fastjson.JSON;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import net.risedata.rpc.provide.context.RPCRequestContext;
import net.risesoft.pojo.Y9Result;
import net.risesoft.security.pojo.DataUser;
import net.risesoft.util.IpUtils;
import net.risesoft.util.PattenUtil;
import net.risesoft.util.Y9KernelApiUtil;
import net.risesoft.y9.Y9Context;
import net.risesoft.y9.Y9LoginUserHolder;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.PatternMatchUtils;
import org.springframework.web.context.request.RequestContextHolder;

@Service
/* loaded from: input_file:net/risesoft/security/DefaultSecurityManager.class */
public class DefaultSecurityManager implements SecurityManager, Filter {

    @Autowired(required = false)
    private List<SecurityConfig> securityConfigs;

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultSecurityManager.class);
    public static Y9Result<Object> tokenError = Y9Result.failure(401, "no token or Token expired");
    public static Y9Result<Object> noPermission = Y9Result.failure(403, "no permission");
    private ThreadLocal<Object> threadLocal = new ThreadLocal<>();
    private ConcurrentHashMap<String, ConcurrentSecurity> TOKEN_SECURITY_MAP = new ConcurrentHashMap<>();
    public String[] excludeStartUrls = {"/RPC/", "/register/"};
    public String[] excludeEndUrls = {"getToken", "/register/", "getTestData", "saveTestData"};

    public ConcurrentSecurity getConcurrentSecurity() {
        Object obj = this.threadLocal.get();
        if (obj == null) {
            return null;
        }
        if (obj instanceof String) {
            this.threadLocal.set(this.TOKEN_SECURITY_MAP.get(obj));
        }
        return (ConcurrentSecurity) this.threadLocal.get();
    }

    public boolean hasMatch(String str, String str2) {
        return PatternMatchUtils.simpleMatch(str, str2);
    }

    public boolean hasMatch(String[] strArr, String str) {
        for (String str2 : strArr) {
            if (hasMatch(str2, str)) {
                return true;
            }
        }
        return false;
    }

    public void tokenFailure(List<String> list, Long l) {
    }

    public boolean removeToken(String str) {
        return false;
    }

    public String getConcurrentIp() {
        RPCRequestContext current = RPCRequestFilter.getCurrent();
        return current != null ? ((InetSocketAddress) current.getConcurrentConnection().getRemoteAddress()).getHostString() : IpUtils.getIPAddress(RequestContextHolder.currentRequestAttributes().getRequest());
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            try {
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                String personId = Y9LoginUserHolder.getPersonId();
                String requestURI = httpServletRequest.getRequestURI();
                if (!StringUtils.isEmpty(personId)) {
                    saveSecurity(personId);
                    for (SecurityConfig securityConfig : this.securityConfigs) {
                        if (PattenUtil.hasMatch(securityConfig.getCheckUrl(), requestURI)) {
                            if (!PattenUtil.hasMatch(securityConfig.getWhiteList(), requestURI)) {
                                if (!securityConfig.getSecurityCheck().check(securityConfig, getConcurrentSecurity(), requestURI, httpServletRequest)) {
                                    throwError(noPermission, servletRequest, servletResponse);
                                    this.threadLocal.remove();
                                    return;
                                }
                            }
                        }
                    }
                    filterChain.doFilter(servletRequest, servletResponse);
                    this.threadLocal.remove();
                    return;
                }
                for (String str : this.excludeEndUrls) {
                    if (requestURI.endsWith(str)) {
                        filterChain.doFilter(servletRequest, servletResponse);
                        this.threadLocal.remove();
                        return;
                    }
                }
                for (String str2 : this.excludeStartUrls) {
                    if (requestURI.startsWith(str2)) {
                        filterChain.doFilter(servletRequest, servletResponse);
                        this.threadLocal.remove();
                        return;
                    }
                }
                throwError(tokenError, servletRequest, servletResponse);
                this.threadLocal.remove();
            } catch (Exception e) {
                throwError(Y9Result.failure(500, e.getMessage()), servletRequest, servletResponse);
                this.threadLocal.remove();
            }
        } catch (Throwable th) {
            this.threadLocal.remove();
            throw th;
        }
    }

    private void saveSecurity(String str) throws Exception {
        DataUser dataUser = new DataUser();
        dataUser.setId(str);
        dataUser.setUserName(Y9LoginUserHolder.getUserInfo().getName());
        dataUser.setAccount(Y9LoginUserHolder.getUserInfo().getLoginName());
        LOGGER.debug("获取用户[" + Y9LoginUserHolder.getUserInfo().getName() + "]权限-开始");
        boolean hasRole = Y9KernelApiUtil.hasRole(Y9LoginUserHolder.getTenantId(), str, "系统管理员");
        ArrayList arrayList = new ArrayList();
        for (String str2 : Y9Context.getProperty("y9.common.environments", "Public,dev").split(",")) {
            if (Y9KernelApiUtil.hasRole2(Y9LoginUserHolder.getTenantId(), str, str2)) {
                arrayList.add(str2);
            }
        }
        List<Map<String, Object>> dataCatalogTree = Y9KernelApiUtil.getDataCatalogTree(Y9LoginUserHolder.getTenantId(), str, true);
        if (dataCatalogTree.size() == 0) {
            throw new Exception("当前用户没有权限，请联系管理员");
        }
        List list = (List) dataCatalogTree.stream().map(map -> {
            return (String) map.get("id");
        }).collect(Collectors.toList());
        LOGGER.debug("获取用户[" + Y9LoginUserHolder.getUserInfo().getName() + "]权限-结束");
        ConcurrentSecurity concurrentSecurity = new ConcurrentSecurity(dataUser, list, arrayList, false, hasRole);
        this.threadLocal.set(str);
        this.TOKEN_SECURITY_MAP.put(str, concurrentSecurity);
    }

    private void throwError(Y9Result<?> y9Result, ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        servletResponse.setCharacterEncoding("utf-8");
        servletResponse.setContentType("application/json");
        servletResponse.getWriter().write(JSON.toJSONString(y9Result));
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public String getToken() {
        return "";
    }
}
