package net.takela.common.webflux.security.filter;

import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.atomic.AtomicReference;
import net.takela.common.spring.exception.SignErrorException;
import net.takela.common.webflux.security.RequestParamSignProperties;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBufferUtils;
import org.springframework.http.HttpMethod;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:net/takela/common/webflux/security/filter/AppRequestParamSignAuthFilter.class */
public class AppRequestParamSignAuthFilter implements WebFilter, Ordered, ReactiveRequestParamSignFilter {
    private Logger logger = LoggerFactory.getLogger(AppRequestParamSignAuthFilter.class);
    private final RequestParamSignProperties requestParamSignProperties;

    public AppRequestParamSignAuthFilter(RequestParamSignProperties requestParamSignProperties) {
        this.requestParamSignProperties = requestParamSignProperties;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        if (!this.requestParamSignProperties.getEnabled().booleanValue()) {
            return webFilterChain.filter(serverWebExchange);
        }
        ServerHttpRequest request = serverWebExchange.getRequest();
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        if (!this.requestParamSignProperties.getUncheckUrls().stream().anyMatch(str -> {
            return antPathMatcher.match(str, serverWebExchange.getRequest().getPath().value());
        }) && this.requestParamSignProperties.getCheckUrls().stream().anyMatch(str2 -> {
            return antPathMatcher.match(str2, serverWebExchange.getRequest().getPath().value());
        })) {
            String first = request.getHeaders().getFirst(this.requestParamSignProperties.getTimestampHeader());
            String first2 = request.getHeaders().getFirst(this.requestParamSignProperties.getSignHeader());
            if (StringUtils.isEmpty(first) || StringUtils.isEmpty(first2)) {
                return Mono.error(new SignErrorException("miss some header"));
            }
            String rawQuery = request.getURI().getRawQuery();
            String str3 = null;
            if (request.getMethod() != HttpMethod.GET) {
                Flux body = request.getBody();
                AtomicReference atomicReference = new AtomicReference();
                body.subscribe(dataBuffer -> {
                    CharBuffer decode = StandardCharsets.UTF_8.decode(dataBuffer.asByteBuffer());
                    DataBufferUtils.release(dataBuffer);
                    atomicReference.set(decode.toString());
                });
                str3 = (String) atomicReference.get();
            }
            String str4 = this.requestParamSignProperties.getKey() + (StringUtils.isEmpty(rawQuery) ? "" : rawQuery) + (StringUtils.isEmpty(str3) ? "" : str3) + first;
            String sha256Hex = DigestUtils.sha256Hex(str4);
            this.logger.debug("sign check|timestamp:{}|sign:{}|origin:{}|sign2:{}", new Object[]{first, first2, str4, sha256Hex});
            return first2.equalsIgnoreCase(sha256Hex) ? webFilterChain.filter(serverWebExchange) : Mono.error(new SignErrorException("miss some header"));
        }
        return webFilterChain.filter(serverWebExchange);
    }

    public int getOrder() {
        return -99999;
    }
}
