package com.ajaxjs.cms.app.user.controller.filter;

import com.ajaxjs.config.ConfigService;
import com.ajaxjs.mvc.controller.MvcOutput;
import com.ajaxjs.mvc.controller.MvcRequest;
import com.ajaxjs.mvc.filter.AesFilter;
import com.ajaxjs.mvc.filter.FilterAction;
import com.ajaxjs.util.cryptography.SymmetricCipher;
import java.lang.reflect.Method;
import java.util.Date;

/* loaded from: input_file:com/ajaxjs/cms/app/user/controller/filter/ApiAllowRequestCheck.class */
public class ApiAllowRequestCheck implements FilterAction {
    public boolean before(MvcRequest mvcRequest, MvcOutput mvcOutput, Method method) {
        String header = mvcRequest.getHeader(AesFilter.requestQueryStringParamterName);
        String valueAsString = ConfigService.getValueAsString("Symmetric.AES_Key");
        if (header == null) {
            throw new NullPointerException("缺少 token 参数，请放置 HTTP Header 请求中");
        }
        if (valueAsString == null) {
            throw new NullPointerException("缺少 Symmetric.AES_Key 配置");
        }
        String AES_Decrypt = SymmetricCipher.AES_Decrypt(header, valueAsString);
        if (AES_Decrypt == null) {
            throw new IllegalAccessError("合法性请求解密的密码不正确");
        }
        try {
            if (new Date().getTime() - Long.parseLong(AES_Decrypt.replaceAll("token_", "")) > ConfigService.getValueAsLong("Symmetric.apiTimeout")) {
                throw new IllegalAccessError("请求超时！");
            }
            return true;
        } catch (NumberFormatException e) {
            throw new NumberFormatException("转换时间戳格式不正确！");
        }
    }

    public void after(MvcRequest mvcRequest, MvcOutput mvcOutput, Method method, boolean z) {
    }
}
