package top.beanshell.rbac.interceptor;

import cn.hutool.core.date.DateUnit;
import cn.hutool.core.date.DateUtil;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.task.SimpleAsyncTaskExecutor;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import top.beanshell.common.annotation.Authorization;
import top.beanshell.common.exception.BaseException;
import top.beanshell.common.exception.code.GlobalStatusCode;
import top.beanshell.rbac.common.model.bo.TicketInfoBO;
import top.beanshell.rbac.common.model.bo.UserDetailBO;
import top.beanshell.rbac.service.RbacTicketService;
import top.beanshell.web.util.IpAddrUtil;
import top.beanshell.web.util.ResponseUtil;
import top.beanshell.web.vo.BaseResponse;

@Component
/* loaded from: input_file:top/beanshell/rbac/interceptor/PermissionInterceptor.class */
public class PermissionInterceptor extends HandlerInterceptorAdapter {

    @Resource
    private RbacTicketService ticketService;
    private static final Logger log = LoggerFactory.getLogger(PermissionInterceptor.class);
    private static List<String> WHITE_PATH_LIST = new ArrayList();
    private static SimpleAsyncTaskExecutor refreshTokenThreads = new SimpleAsyncTaskExecutor("Refresh-Token-Thread");

    public PermissionInterceptor() {
        WHITE_PATH_LIST.add("/error");
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        if (WHITE_PATH_LIST.contains(httpServletRequest.getRequestURI()) || !(obj instanceof HandlerMethod)) {
            return true;
        }
        try {
            if (isVerification(httpServletRequest, obj)) {
                return true;
            }
        } catch (Exception e) {
            log.error("Auth error: {}", e.getMessage(), e);
            ResponseUtil.responseJson(httpServletResponse, new BaseResponse(GlobalStatusCode.SERVER_ERROR));
        } catch (BaseException e2) {
            ResponseUtil.responseJson(httpServletResponse, new BaseResponse(e2.getStatus()));
        }
        return unauthorizedAccess(httpServletResponse);
    }

    protected boolean isVerification(HttpServletRequest httpServletRequest, Object obj) {
        Authorization annotation = ((HandlerMethod) obj).getMethod().getAnnotation(Authorization.class);
        if (annotation == null) {
            return false;
        }
        if (!annotation.valid()) {
            return true;
        }
        TicketInfoBO ticketInfo = getTicketInfo(httpServletRequest);
        UserDetailBO userDetail = ticketInfo == null ? null : ticketInfo.getUserDetail();
        if (null == userDetail) {
            throw new BaseException(GlobalStatusCode.PERMISSION_DENY);
        }
        List accessList = userDetail.getAccessList();
        return null != accessList && accessList.contains(annotation.value());
    }

    protected boolean unauthorizedAccess(HttpServletResponse httpServletResponse) {
        ResponseUtil.responseJson(httpServletResponse, new BaseResponse(GlobalStatusCode.PERMISSION_DENY));
        return false;
    }

    private TicketInfoBO getTicketInfo(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("RAM-TICKET");
        if (!StringUtils.hasText(header)) {
            header = httpServletRequest.getParameter("RAM-TICKET");
        }
        if (!StringUtils.hasText(header)) {
            return null;
        }
        TicketInfoBO ticketInfoBO = this.ticketService.get(header);
        String str = header;
        refreshTokenThreads.execute(() -> {
            if (null != ticketInfoBO) {
                try {
                    if (ticketInfoBO.getLastRefreshTime() != null && DateUtil.between(ticketInfoBO.getLastRefreshTime(), new Date(), DateUnit.MINUTE) > 60) {
                        this.ticketService.refresh(str);
                    }
                } catch (Exception e) {
                    log.warn("Refresh ticket failed: {}", e.getMessage(), e);
                }
            }
        });
        log.info("remoteIp = {}, uri = {}, userId = {}", new Object[]{IpAddrUtil.getRealIp(httpServletRequest), httpServletRequest.getRequestURI(), ticketInfoBO.getUserDetail().getId()});
        return ticketInfoBO;
    }

    static {
        refreshTokenThreads.setConcurrencyLimit(30);
    }
}
