package com.lc.ibps.platform.service;

import com.github.benmanes.caffeine.cache.Cache;
import com.google.common.util.concurrent.RateLimiter;
import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.auth.constants.ApiGrantType;
import com.lc.ibps.auth.constants.ApiScope;
import com.lc.ibps.auth.constants.Scope;
import com.lc.ibps.auth.persistence.entity.AuthApiGrantPo;
import com.lc.ibps.auth.persistence.entity.AuthAppApiPo;
import com.lc.ibps.auth.repository.AuthApiGrantRepository;
import com.lc.ibps.auth.repository.AuthAppApiRepository;
import com.lc.ibps.auth.repository.AuthClientRepository;
import com.lc.ibps.base.core.cache.LocalCaffeineCacheEngine;
import com.lc.ibps.base.core.exception.BaseException;
import com.lc.ibps.base.core.util.AppUtil;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.core.util.string.StringValidator;
import com.lc.ibps.base.web.context.ContextUtil;
import com.lc.ibps.cloud.entity.APIResult;
import com.lc.ibps.cloud.oauth.helper.RegDataToUser;
import com.lc.ibps.cloud.oauth.server.provider.IRegService;
import com.lc.ibps.org.app.persistence.entity.AppresPo;
import com.lc.ibps.org.app.repository.AppresRepository;
import com.lc.ibps.org.auth.persistence.entity.ResourcesPo;
import com.lc.ibps.org.auth.persistence.entity.RoleResourcePo;
import com.lc.ibps.org.auth.repository.ResourcesRepository;
import com.lc.ibps.org.auth.repository.RoleResourceRepository;
import com.lc.ibps.org.party.persistence.entity.DefaultPartyRolePo;
import com.lc.ibps.org.party.persistence.entity.DefaultPartyUserPo;
import com.lc.ibps.org.party.persistence.entity.PartyRolePo;
import com.lc.ibps.org.party.persistence.entity.PartyUserPo;
import com.lc.ibps.org.party.repository.PartyRoleRepository;
import com.lc.ibps.org.party.repository.PartyUserRepository;
import com.lc.ibps.platform.config.AuthConfigure;
import com.lc.ibps.platform.config.MobileLoginConfig;
import com.lc.ibps.platform.config.PermissionConfig;
import com.lc.ibps.register.persistence.entity.RegDataPo;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/lc/ibps/platform/service/ApiGrantService.class */
public class ApiGrantService {
    private static final Logger logger = LoggerFactory.getLogger(ApiGrantService.class);
    private static final Map<String, RateLimiter> rateLimiterCache = new ConcurrentHashMap();
    private AuthConfigure authConfigure;
    private MobileLoginConfig mobileLoginConfig;
    private PermissionConfig permissionConfig;
    private AuthClientRepository authClientRepository;
    private AuthAppApiRepository authApiRepository;
    private AuthApiGrantRepository authApiGrantRepository;
    private ResourcesRepository resourcesRepository;
    private AppresRepository appresRepository;
    private PartyRoleRepository partyRoleRepository;
    private RoleResourceRepository roleResourceRepository;
    private PartyUserRepository partyUserRepository;
    private IRegService regService;

    @Autowired
    public void setAuthConfigure(AuthConfigure authConfigure) {
        this.authConfigure = authConfigure;
    }

    @Autowired
    public void setMobileLoginConfig(MobileLoginConfig mobileLoginConfig) {
        this.mobileLoginConfig = mobileLoginConfig;
    }

    @Autowired
    public void setPermissionConfig(PermissionConfig permissionConfig) {
        this.permissionConfig = permissionConfig;
    }

    @Autowired
    public void setAuthClientRepository(AuthClientRepository authClientRepository) {
        this.authClientRepository = authClientRepository;
    }

    @Autowired
    public void setAuthApiRepository(AuthAppApiRepository authAppApiRepository) {
        this.authApiRepository = authAppApiRepository;
    }

    @Autowired
    public void setAuthApiGrantRepository(AuthApiGrantRepository authApiGrantRepository) {
        this.authApiGrantRepository = authApiGrantRepository;
    }

    @Autowired
    public void setResourcesRepository(ResourcesRepository resourcesRepository) {
        this.resourcesRepository = resourcesRepository;
    }

    @Autowired
    public void setAppresRepository(AppresRepository appresRepository) {
        this.appresRepository = appresRepository;
    }

    @Autowired
    public void setPartyRoleRepository(PartyRoleRepository partyRoleRepository) {
        this.partyRoleRepository = partyRoleRepository;
    }

    @Autowired
    public void setRoleResourceRepository(RoleResourceRepository roleResourceRepository) {
        this.roleResourceRepository = roleResourceRepository;
    }

    @Autowired
    public void setPartyUserRepository(PartyUserRepository partyUserRepository) {
        this.partyUserRepository = partyUserRepository;
    }

    @Autowired
    public void setRegService(IRegService iRegService) {
        this.regService = iRegService;
    }

    public void limiting(String str, String str2, Long l, Long l2, String str3) {
        double limit = getLimit(str, l, l2);
        if (logger.isDebugEnabled()) {
            logger.debug("Interface[{}] allowed {} requests for 1 second.", str3, Double.valueOf(limit));
        }
        boolean tryAcquire = getRateLimiter(limit, str2).tryAcquire();
        if (logger.isDebugEnabled()) {
            logger.debug("Current limiting is {}.", Boolean.valueOf(tryAcquire));
        }
        if (!tryAcquire) {
            throw new BaseException(StateEnum.ILLEGAL_INTERFACE_LIMITING.getCode(), String.format(StateEnum.ILLEGAL_INTERFACE_LIMITING.getText(), str3), new Object[]{str3});
        }
    }

    public void hasAnonymousApiGrant(String str, String str2, String str3, String str4, APIResult<Boolean> aPIResult) {
        AuthAppApiPo byApiMethodPrefixUri4Cache = this.authApiRepository.getByApiMethodPrefixUri4Cache(str, str3, str4, str2);
        if (BeanUtils.isNotEmpty(byApiMethodPrefixUri4Cache) && StringUtil.isNotBlank(byApiMethodPrefixUri4Cache.getScope()) && byApiMethodPrefixUri4Cache.getScope().contains(ApiScope.ANONYMOUS.getValue())) {
            aPIResult.setData(true);
            String property = AppUtil.getProperty("spring.profiles.active");
            if (Boolean.valueOf(AppUtil.getProperty("app.limit", "true")).booleanValue()) {
                try {
                    limiting(property, byApiMethodPrefixUri4Cache.getApiKey(), byApiMethodPrefixUri4Cache.getLimit(), byApiMethodPrefixUri4Cache.getTestLimit(), str2);
                } catch (Exception e) {
                    aPIResult.addVariable("limit", 0);
                }
            }
        }
    }

    public void hasApiGrant(String str, String str2, String str3, String str4, String str5, String str6, APIResult<Boolean> aPIResult, List<AuthApiGrantPo> list, List<AuthApiGrantPo> list2) {
        if (logger.isDebugEnabled()) {
            logger.debug("Request grant parameter clientId={}, account={}.", str3, str4);
        }
        if (StringUtil.isBlank(str3) && StringUtil.isBlank(str4)) {
            throw new BaseException(StateEnum.ILLEGAL_AUTH_A_PARAMETER_IS_REQUIRED.getCode(), StateEnum.ILLEGAL_AUTH_A_PARAMETER_IS_REQUIRED.getText(), new Object[0]);
        }
        String property = AppUtil.getProperty("app.permission-mode", "exclusion");
        if (StringUtil.isNotBlank(str4)) {
            this.authApiGrantRepository.setSkipInternal();
            list = this.authApiGrantRepository.findByGrantTypeGrantKey(ApiGrantType.USER.getValue(), str4, str, str5, str6);
            this.authApiGrantRepository.removeSkipInternal();
            if (BeanUtils.isEmpty(list)) {
                list = new ArrayList();
            }
            DefaultPartyUserPo defaultPartyUserPo = null;
            if (isMobile(str4)) {
                APIResult aPIResult2 = this.regService.get(str4);
                if (aPIResult2.isSuccess() && BeanUtils.isNotEmpty(aPIResult2.getData())) {
                    defaultPartyUserPo = RegDataToUser.toUser((RegDataPo) aPIResult2.getData());
                }
            }
            if (BeanUtils.isEmpty(defaultPartyUserPo)) {
                defaultPartyUserPo = this.partyUserRepository.getByAccount(str4);
            }
            if (BeanUtils.isNotEmpty(defaultPartyUserPo)) {
                loadByRoles(list, defaultPartyUserPo, str, str5, str6);
                List findByUserId = this.resourcesRepository.findByUserId(defaultPartyUserPo.getUserId(), false);
                ArrayList arrayList = new ArrayList();
                if (BeanUtils.isNotEmpty(findByUserId)) {
                    Iterator it = findByUserId.iterator();
                    while (it.hasNext()) {
                        arrayList.add(((ResourcesPo) it.next()).getAlias());
                    }
                }
                loadResGrants(list, arrayList, str, str5, str6);
                List findByUserId2 = this.appresRepository.findByUserId(defaultPartyUserPo.getUserId(), false);
                ArrayList arrayList2 = new ArrayList();
                if (BeanUtils.isNotEmpty(findByUserId2)) {
                    Iterator it2 = findByUserId2.iterator();
                    while (it2.hasNext()) {
                        arrayList2.add(((AppresPo) it2.next()).getAlias());
                    }
                }
                loadResGrants(list, arrayList2, str, str5, str6);
            }
        }
        if (StringUtil.isNotBlank(str3)) {
            if (!this.authClientRepository.isValidScope4Cache(str3, Scope.API.getValue())) {
                throw new BaseException(StateEnum.ILLEGAL_AUTH_CLIENT_API.getCode(), StateEnum.ILLEGAL_AUTH_CLIENT_API.getText(), new Object[0]);
            }
            this.authApiGrantRepository.setSkipInternal();
            list2 = this.authApiGrantRepository.findByGrantTypeGrantKey(ApiGrantType.CLIENT.getValue(), str3, str, str5, str6);
            this.authApiGrantRepository.removeSkipInternal();
            if (BeanUtils.isEmpty(list2)) {
                list2 = new ArrayList();
            }
        }
        if ("exclusion".equalsIgnoreCase(property)) {
            if (BeanUtils.isNotEmpty(list)) {
                hasGrant(str4, str5, str6, str2, aPIResult, list);
                return;
            } else {
                if (BeanUtils.isNotEmpty(list2)) {
                    hasGrant(str3, str5, str6, str2, aPIResult, list2);
                    return;
                }
                return;
            }
        }
        if (!"un-exclusion".equalsIgnoreCase(property)) {
            throw new BaseException(StateEnum.ERROR_SYSTEM_PERMISSION_MODULE.getCode(), String.format(StateEnum.ERROR_SYSTEM_PERMISSION_MODULE.getText(), property), new Object[]{property});
        }
        list.removeAll(list2);
        list.addAll(list2);
        if (BeanUtils.isNotEmpty(list)) {
            hasGrant(str4, str5, str6, str2, aPIResult, list);
        }
    }

    protected void loadByRoles(List<AuthApiGrantPo> list, PartyUserPo partyUserPo, String str, String str2, String str3) {
        List findRoleByUID = this.partyRoleRepository.findRoleByUID(partyUserPo.getUserId());
        ArrayList arrayList = new ArrayList();
        Iterator it = findRoleByUID.iterator();
        while (it.hasNext()) {
            arrayList.add(((PartyRolePo) it.next()).getRoleAlias());
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it2 = findRoleByUID.iterator();
        while (it2.hasNext()) {
            arrayList2.add(((PartyRolePo) it2.next()).getId());
        }
        loadGrantByRoles(list, arrayList, arrayList2, str, str2, str3);
    }

    protected void loadByContextRoles(List<AuthApiGrantPo> list, String str, String str2, String str3) {
        List list2 = (List) ContextUtil.getCurrentRole();
        ArrayList arrayList = new ArrayList();
        Iterator it = list2.iterator();
        while (it.hasNext()) {
            arrayList.add(((DefaultPartyRolePo) it.next()).getRoleAlias());
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it2 = list2.iterator();
        while (it2.hasNext()) {
            arrayList2.add(((DefaultPartyRolePo) it2.next()).getId());
        }
        loadGrantByRoles(list, arrayList, arrayList2, str, str2, str3);
    }

    private void loadGrantByRoles(List<AuthApiGrantPo> list, List<String> list2, List<String> list3, String str, String str2, String str3) {
        if (BeanUtils.isNotEmpty(list3)) {
            this.authApiGrantRepository.setSkipInternal();
            List findByGrantTypeGrantKeys = this.authApiGrantRepository.findByGrantTypeGrantKeys(ApiGrantType.ROLE.getValue(), list2, str, str2, str3);
            this.authApiGrantRepository.removeSkipInternal();
            if (BeanUtils.isNotEmpty(findByGrantTypeGrantKeys)) {
                list.removeAll(findByGrantTypeGrantKeys);
                list.addAll(findByGrantTypeGrantKeys);
            }
            List findByPcResRoleIds = this.roleResourceRepository.findByPcResRoleIds(list3);
            ArrayList arrayList = new ArrayList();
            Iterator it = findByPcResRoleIds.iterator();
            while (it.hasNext()) {
                arrayList.add(((RoleResourcePo) it.next()).getResId());
            }
            List findByIds = this.resourcesRepository.findByIds(arrayList);
            ArrayList arrayList2 = new ArrayList();
            if (BeanUtils.isNotEmpty(findByIds)) {
                Iterator it2 = findByIds.iterator();
                while (it2.hasNext()) {
                    arrayList2.add(((ResourcesPo) it2.next()).getAlias());
                }
            }
            loadResGrants(list, arrayList2, str, str2, str3);
            List findByAppResRoleIds = this.roleResourceRepository.findByAppResRoleIds(list3);
            ArrayList arrayList3 = new ArrayList();
            Iterator it3 = findByAppResRoleIds.iterator();
            while (it3.hasNext()) {
                arrayList3.add(((RoleResourcePo) it3.next()).getResId());
            }
            List findByIds2 = this.appresRepository.findByIds(arrayList3);
            ArrayList arrayList4 = new ArrayList();
            if (BeanUtils.isNotEmpty(findByIds2)) {
                Iterator it4 = findByIds2.iterator();
                while (it4.hasNext()) {
                    arrayList4.add(((AppresPo) it4.next()).getAlias());
                }
            }
            loadResGrants(list, arrayList4, str, str2, str3);
        }
    }

    private void loadResGrants(List<AuthApiGrantPo> list, List<String> list2, String str, String str2, String str3) {
        if (BeanUtils.isNotEmpty(list2)) {
            this.authApiGrantRepository.setSkipInternal();
            List findByGrantTypeGrantKeys = this.authApiGrantRepository.findByGrantTypeGrantKeys(ApiGrantType.RES.getValue(), list2, str, str2, str3);
            this.authApiGrantRepository.removeSkipInternal();
            if (BeanUtils.isNotEmpty(findByGrantTypeGrantKeys)) {
                list.removeAll(findByGrantTypeGrantKeys);
                list.addAll(findByGrantTypeGrantKeys);
            }
        }
    }

    private void hasGrant(String str, String str2, String str3, String str4, APIResult<Boolean> aPIResult, List<AuthApiGrantPo> list) {
        String property = AppUtil.getProperty("spring.profiles.active");
        boolean z = false;
        boolean isSubmitLimitEnabled = this.authConfigure.isSubmitLimitEnabled();
        boolean isSubmitLimit = this.authConfigure.isSubmitLimit();
        boolean booleanValue = Boolean.valueOf(AppUtil.getProperty("app.limit", "true")).booleanValue();
        boolean booleanValue2 = Boolean.valueOf(AppUtil.getProperty("app.permission.risk.ignore", "true")).booleanValue();
        if (StringUtil.isBlank(str3)) {
            str3 = "/";
        }
        for (AuthApiGrantPo authApiGrantPo : list) {
            if (StringUtil.isNotBlank(authApiGrantPo.getSubmitContrl()) && logger.isDebugEnabled()) {
                logger.debug("SubmitContrl => {}", authApiGrantPo.getSubmitContrl());
            }
            boolean isMatchUrl = booleanValue2 ? isMatchUrl("app.permission", str, str4, authApiGrantPo) : isMatchWholeUrl("app.permission", str, str4, authApiGrantPo);
            String str5 = (String) Optional.ofNullable(authApiGrantPo.getHttpMethod()).orElse("");
            String str6 = (String) Optional.ofNullable(authApiGrantPo.getApiPrefix()).orElse("/");
            if (StringUtil.isBlank(str2) && "/".equals(str3)) {
                z = true;
            } else if (str5.equalsIgnoreCase(str2) && str6.equalsIgnoreCase(str3)) {
                z = true;
            }
            if (isMatchUrl && z) {
                if (isSubmitLimitEnabled && isSubmitLimit && "Y".equalsIgnoreCase(authApiGrantPo.getSubmitContrl())) {
                    aPIResult.setData(false);
                    aPIResult.addVariable("submit.limit", 0);
                    return;
                }
                if (booleanValue) {
                    try {
                        limiting(property, authApiGrantPo.getApiKey(), authApiGrantPo.getLimit(), authApiGrantPo.getTestLimit(), str4);
                    } catch (Exception e) {
                        aPIResult.setData(false);
                        aPIResult.addVariable("limit", 0);
                        return;
                    }
                }
                aPIResult.setData(true);
                return;
            }
        }
    }

    private boolean isMatchUrl(String str, String str2, String str3, AuthApiGrantPo authApiGrantPo) {
        Cache<String, Object> orCreateCaffeineCache = getOrCreateCaffeineCache(this.permissionConfig.getCacheName(), this.permissionConfig.getMaximumSize(), this.permissionConfig.getDuration());
        String build = StringUtil.build(new Object[]{"permission-url:", str3, ":", authApiGrantPo.getApiUrl() + ":", str2});
        Boolean bool = (Boolean) LocalCaffeineCacheEngine.get(orCreateCaffeineCache, build);
        if (bool != null) {
            return bool.booleanValue();
        }
        boolean isMatchUrlReg = StringValidator.isMatchUrlReg(str3, new String[]{authApiGrantPo.getApiUrl()});
        orCreateCaffeineCache.put(build, Boolean.valueOf(isMatchUrlReg));
        return isMatchUrlReg;
    }

    private boolean isMatchWholeUrl(String str, String str2, String str3, AuthApiGrantPo authApiGrantPo) {
        Cache<String, Object> orCreateCaffeineCache = getOrCreateCaffeineCache(this.permissionConfig.getCacheName(), this.permissionConfig.getMaximumSize(), this.permissionConfig.getDuration());
        String build = StringUtil.build(new Object[]{"permission-url:", str3, ":", authApiGrantPo.getApiUrl() + ":", str2 + ":whole"});
        Boolean bool = (Boolean) LocalCaffeineCacheEngine.get(orCreateCaffeineCache, build);
        if (bool != null) {
            return bool.booleanValue();
        }
        boolean isMatchWholeUrl = StringValidator.isMatchWholeUrl(str3, new String[]{authApiGrantPo.getApiUrl()});
        orCreateCaffeineCache.put(build, Boolean.valueOf(isMatchWholeUrl));
        return isMatchWholeUrl;
    }

    private boolean isMobile(String str) {
        Cache<String, Object> orCreateCaffeineCache = getOrCreateCaffeineCache(this.mobileLoginConfig.getCacheName(), this.mobileLoginConfig.getMaximumSize(), this.mobileLoginConfig.getDuration());
        Boolean bool = (Boolean) LocalCaffeineCacheEngine.get(orCreateCaffeineCache, str);
        if (bool != null) {
            return bool.booleanValue();
        }
        boolean isMobile = StringValidator.isMobile(str);
        orCreateCaffeineCache.put(str, Boolean.valueOf(isMobile));
        return isMobile;
    }

    private Cache<String, Object> getOrCreateCaffeineCache(String str, long j, long j2) {
        return LocalCaffeineCacheEngine.getOrCreateCache(str, j, j2, TimeUnit.MINUTES);
    }

    private RateLimiter getRateLimiter(double d, String str) {
        RateLimiter create;
        if (rateLimiterCache.containsKey(str)) {
            create = rateLimiterCache.get(str);
            if (logger.isDebugEnabled()) {
                logger.debug("limiter ==> {}, {}, is old.", create, str);
            }
        } else {
            create = RateLimiter.create(d);
            rateLimiterCache.put(str, create);
            if (logger.isDebugEnabled()) {
                logger.debug("limiter ==> {}, {} is new, max requests is {} for 1 second.", new Object[]{create, str, Double.valueOf(d)});
            }
        }
        return create;
    }

    private double getLimit(String str, Long l, Long l2) {
        return str.contains("prod") ? l.doubleValue() : l2.doubleValue();
    }
}
