package xyz.iotcode.iadmin.permissions.interceptor;

import cn.hutool.core.collection.CollectionUtil;
import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.springframework.lang.Nullable;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import xyz.iotcode.iadmin.common.exception.MyRuntimeException;
import xyz.iotcode.iadmin.permissions.annotation.IPermissions;
import xyz.iotcode.iadmin.permissions.bean.PermissionUser;
import xyz.iotcode.iadmin.permissions.properties.ISecurityProperties;
import xyz.iotcode.iadmin.permissions.provider.UserProvider;

/* loaded from: input_file:BOOT-INF/classes/xyz/iotcode/iadmin/permissions/interceptor/PermissionInterceptor.class */
public class PermissionInterceptor implements HandlerInterceptor {
    public static final String TOKEN = "token";
    public static final String SUPER_ADMIN = "superAdmin";
    private static final String NO_LOGIN = "未登录";
    private static final String NO_PERMISSION = "无权限";
    private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
    private UserProvider userProvider;
    private ISecurityProperties properties;

    public PermissionInterceptor(UserProvider userProvider, ISecurityProperties iSecurityProperties) {
        this.properties = iSecurityProperties;
        this.userProvider = userProvider;
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        return hasPermission(httpServletRequest, obj);
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, @Nullable ModelAndView modelAndView) throws Exception {
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, @Nullable Exception exc) throws Exception {
    }

    private boolean hasPermission(HttpServletRequest httpServletRequest, Object obj) {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        IPermissions iPermissions = (IPermissions) ((HandlerMethod) obj).getMethod().getAnnotation(IPermissions.class);
        String[] splitByWholeSeparatorPreserveAllTokens = StringUtils.splitByWholeSeparatorPreserveAllTokens(this.properties.getNoCheckUrl(), ",");
        if (splitByWholeSeparatorPreserveAllTokens != null && splitByWholeSeparatorPreserveAllTokens.length > 0) {
            for (String str : splitByWholeSeparatorPreserveAllTokens) {
                if (ANT_PATH_MATCHER.match(str, httpServletRequest.getRequestURI())) {
                    return true;
                }
            }
        }
        if (iPermissions == null) {
            return true;
        }
        PermissionUser permissionUser = getPermissionUser(httpServletRequest);
        if (permissionUser == null) {
            throw new MyRuntimeException(NO_LOGIN, 401);
        }
        if (StringUtils.isBlank(iPermissions.value())) {
            return true;
        }
        if (CollectionUtil.isNotEmpty((Collection<?>) permissionUser.getRoles()) && permissionUser.getRoles().contains(SUPER_ADMIN)) {
            return true;
        }
        if (CollectionUtil.isEmpty((Collection<?>) permissionUser.getPermissions())) {
            throw new MyRuntimeException(NO_PERMISSION, 403);
        }
        if (permissionUser.getPermissions().contains(iPermissions.value())) {
            return true;
        }
        throw new MyRuntimeException(NO_PERMISSION, 403);
    }

    private PermissionUser getPermissionUser(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(TOKEN);
        if (StringUtils.isBlank(header)) {
            header = httpServletRequest.getParameter(TOKEN);
        }
        if (StringUtils.isBlank(header)) {
            return null;
        }
        return this.userProvider.getUserByToken(header);
    }
}
