package com.lc.ibps.cloud.oauth.client.filter;

import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.auth.persistence.entity.AuthApiInvokePo;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.web.context.ContextUtil;
import com.lc.ibps.cloud.config.AuthorizationConfig;
import com.lc.ibps.cloud.entity.APIResult;
import com.lc.ibps.cloud.utils.RequestUtil;
import com.lc.ibps.common.api.IAuthApiGrantService;
import java.io.IOException;
import java.util.Date;
import java.util.Enumeration;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.Ordered;

/* loaded from: input_file:com/lc/ibps/cloud/oauth/client/filter/PermissionValidatorFilter.class */
public class PermissionValidatorFilter extends AbstractFilter implements Ordered {

    @Autowired
    protected AuthorizationConfig authorizationConfig;

    @Autowired
    protected IAuthApiGrantService authApiGrantService;

    @Autowired
    protected com.lc.ibps.platform.api.IAuthApiGrantService platformAuthApiGrantService;

    public int getOrder() {
        return 30;
    }

    @Override // com.lc.ibps.cloud.oauth.client.filter.AbstractFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.logger.debug("permissionValidatorFilter initial.");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletRequest.setCharacterEncoding("UTF-8");
        httpServletResponse.setCharacterEncoding("UTF-8");
        String requestURI = httpServletRequest.getRequestURI();
        String ipAddr = RequestUtil.getIpAddr(httpServletRequest);
        if (!this.authorizationConfig.isPermissionFilterEnable() || this.authorizationConfig.isIgnorePermissionUrl(requestURI)) {
            this.logger.trace("requestURI {} is ignore.", requestURI);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        this.logger.debug("authorization enable is {}.", Boolean.valueOf(this.authorizationConfig.isEnable()));
        this.logger.debug("oauth client validate permission filter, request id: {}.", ContextUtil.getId());
        this.logger.debug("oauth client validate permission filter, thread id: {}.", Long.valueOf(Thread.currentThread().getId()));
        this.logger.debug("oauth client validate permission filter, request path: {}.", requestURI);
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        if (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            this.logger.trace("All header include {} = {}.", str, httpServletRequest.getHeader(str));
        }
        if (StringUtil.isNotBlank(httpServletRequest.getHeader("X-Authorization-anonymous"))) {
            this.logger.trace("requestURI {} is anonymous.", requestURI);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String currentClientId = ContextUtil.getCurrentClientId();
        this.logger.debug("authorization clientId is {}.", currentClientId);
        String currentUserAccount = ContextUtil.getCurrentUserAccount();
        this.logger.debug("authorization account is {}.", currentUserAccount);
        String header = httpServletRequest.getHeader("X-Authorization-inner");
        this.logger.debug("oauth client validate permission filter, from inner is {}.", header);
        if (!this.authorizationConfig.isEnable() || StringUtil.isNotBlank(header)) {
            this.logger.debug("execute next filter.");
            logApiInvoke(requestURI, currentClientId, currentUserAccount, ipAddr, "Y", "Inner request");
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (ContextUtil.isSuper()) {
            this.logger.debug("Super user ignore authorization.");
            logApiInvoke(requestURI, currentClientId, currentUserAccount, ipAddr, "Y", "Super request");
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (StringUtil.isNotBlank(currentUserAccount)) {
            hasGrant(servletRequest, servletResponse, filterChain, httpServletResponse, requestURI, currentClientId, currentUserAccount, ipAddr);
        } else if (StringUtil.isNotBlank(currentClientId)) {
            hasGrant(servletRequest, servletResponse, filterChain, httpServletResponse, requestURI, currentClientId, currentUserAccount, ipAddr);
        } else {
            response(httpServletResponse);
        }
    }

    private void logApiInvoke(String str, String str2, String str3, String str4, String str5, String str6) {
        AuthApiInvokePo authApiInvokePo = new AuthApiInvokePo();
        authApiInvokePo.setUri(str);
        authApiInvokePo.setClientKey(str2);
        authApiInvokePo.setAccount(str3);
        authApiInvokePo.setCreateTime(new Date());
        authApiInvokePo.setIp(str4);
        authApiInvokePo.setStatus(str5);
        if (StringUtil.isNotBlank(str6)) {
            authApiInvokePo.setCause(str6);
        }
        this.authApiGrantService.logApiInvoke(authApiInvokePo);
    }

    private void hasGrant(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4) throws IOException, ServletException {
        APIResult hasApiGrant = this.platformAuthApiGrantService.hasApiGrant(str, str2, str3);
        if (hasApiGrant.isSuccess() && ((Boolean) hasApiGrant.getData()).booleanValue()) {
            logApiInvoke(str, str2, str3, str4, "Y", "Success");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        logApiInvoke(str, str2, str3, str4, "N", hasApiGrant.getCause());
        if (BeanUtils.isEmpty(hasApiGrant.getVariable("limit"))) {
            response(httpServletResponse);
        } else {
            response(httpServletResponse, StateEnum.ILLEGAL_PERMISSION_LIMIT.getCode(), StateEnum.ILLEGAL_PERMISSION_LIMIT.getText());
        }
    }

    private void response(HttpServletResponse httpServletResponse) throws IOException {
        response(httpServletResponse, StateEnum.ILLEGAL_PERMISSION.getCode(), StateEnum.ILLEGAL_PERMISSION.getText());
    }

    private void response(HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        APIResult aPIResult = new APIResult();
        aPIResult.setState(i);
        aPIResult.setCause(str);
        this.logger.warn("response {}, state {}, cause {}.", new Object[]{401, Integer.valueOf(i), str});
        httpServletResponse.setStatus(401);
        httpServletResponse.getWriter().print(aPIResult.toString());
    }
}
