package com.lc.ibps.platform.provider;

import cn.hutool.core.text.StrSpliter;
import com.google.common.util.concurrent.RateLimiter;
import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.auth.constants.ApiGrantType;
import com.lc.ibps.auth.constants.Scope;
import com.lc.ibps.auth.persistence.entity.AuthApiGrantPo;
import com.lc.ibps.auth.repository.AuthApiGrantRepository;
import com.lc.ibps.auth.repository.AuthClientRepository;
import com.lc.ibps.base.core.exception.BaseException;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.core.util.string.StringValidator;
import com.lc.ibps.cloud.entity.APIResult;
import com.lc.ibps.cloud.provider.GenericProvider;
import com.lc.ibps.org.party.persistence.entity.PartyRolePo;
import com.lc.ibps.org.party.persistence.entity.PartyUserPo;
import com.lc.ibps.org.party.repository.PartyRoleRepository;
import com.lc.ibps.org.party.repository.PartyUserRepository;
import com.lc.ibps.platform.api.IAuthApiGrantService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.eclipse.collections.impl.map.mutable.ConcurrentHashMap;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;
import org.springframework.web.bind.annotation.RequestParam;

@Api(tags = {"接口授权管理"}, value = "接口授权管理 ")
@Service
/* loaded from: input_file:com/lc/ibps/platform/provider/PlatformAuthApiGrantProvider.class */
public class PlatformAuthApiGrantProvider extends GenericProvider implements IAuthApiGrantService {

    @Resource
    private AuthClientRepository authClientRepository;

    @Resource
    private AuthApiGrantRepository authApiGrantRepository;

    @Resource
    private PartyRoleRepository partyRoleRepository;

    @Resource
    private PartyUserRepository partyUserRepository;

    @Autowired
    private Environment environment;
    private static Map<String, RateLimiter> rateLimiterCache = new ConcurrentHashMap();

    @ApiOperation(value = "判断接口授权", notes = "根据传入接口地址，判断是否存在接口授权。应用接入标识、用户账号至少必填一个参数.")
    public APIResult<Boolean> hasApiGrant(@RequestParam(name = "uri", required = true) @ApiParam(name = "uri", value = "接口地址", required = true) String str, @RequestParam(name = "clientId", required = false) @ApiParam(name = "clientId", value = "应用接入标识", required = false) String str2, @RequestParam(name = "account", required = false) @ApiParam(name = "account", value = "用户账号", required = false) String str3) {
        APIResult<Boolean> aPIResult = new APIResult<>();
        aPIResult.setData(false);
        List<AuthApiGrantPo> list = null;
        try {
        } catch (Exception e) {
            setExceptionResult(aPIResult, StateEnum.ERROR_SYSTEM_AUTH.getCode(), StateEnum.ERROR_SYSTEM_AUTH.getText(), e);
        }
        if (StringUtil.isBlank(str2) && StringUtil.isBlank(str3)) {
            throw new BaseException("应用接入标识clientId、用户账号account至少必填一个参数");
        }
        if (StringUtil.isNotBlank(str3)) {
            list = this.authApiGrantRepository.findByGrantTypeGrantKey(ApiGrantType.USER.getValue(), str3);
            if (BeanUtils.isEmpty(list)) {
                list = new ArrayList();
            }
            PartyUserPo byAccount = this.partyUserRepository.getByAccount(str3);
            if (BeanUtils.isNotEmpty(byAccount)) {
                List findRoleByUID = this.partyRoleRepository.findRoleByUID(byAccount.getUserId());
                if (BeanUtils.isNotEmpty(findRoleByUID)) {
                    Iterator it = findRoleByUID.iterator();
                    while (it.hasNext()) {
                        List findByGrantTypeGrantKey = this.authApiGrantRepository.findByGrantTypeGrantKey(ApiGrantType.ROLE.getValue(), ((PartyRolePo) it.next()).getRoleAlias());
                        if (BeanUtils.isNotEmpty(findByGrantTypeGrantKey)) {
                            list.removeAll(findByGrantTypeGrantKey);
                            list.addAll(findByGrantTypeGrantKey);
                        }
                    }
                }
            }
        }
        if (BeanUtils.isNotEmpty(list)) {
            hasGrant(str, aPIResult, list);
        } else if (BeanUtils.isEmpty(list) && StringUtil.isNotBlank(str2)) {
            if (!this.authClientRepository.isValidScope(str2, Scope.API.getValue())) {
                throw new BaseException("Auth client is not validated for api scope.");
            }
            List<AuthApiGrantPo> findByGrantTypeGrantKey2 = this.authApiGrantRepository.findByGrantTypeGrantKey(ApiGrantType.CLIENT.getValue(), str2);
            if (BeanUtils.isNotEmpty(findByGrantTypeGrantKey2)) {
                hasGrant(str, aPIResult, findByGrantTypeGrantKey2);
            }
        }
        return aPIResult;
    }

    private void hasGrant(String str, APIResult<Boolean> aPIResult, List<AuthApiGrantPo> list) {
        String[] splitPathToArray = StrSpliter.splitPathToArray(str);
        String property = this.environment.getProperty("spring.profiles.active");
        boolean booleanValue = Boolean.valueOf(this.environment.getProperty("app.limit", "true")).booleanValue();
        for (AuthApiGrantPo authApiGrantPo : list) {
            if (authApiGrantPo.getApiUrl().equals(str)) {
                if (booleanValue) {
                    try {
                        limiting(property, authApiGrantPo);
                    } catch (Exception e) {
                        aPIResult.setData(false);
                        aPIResult.addVariable("limit", 0);
                        return;
                    }
                }
                aPIResult.setData(true);
                return;
            }
            String[] splitPathToArray2 = StrSpliter.splitPathToArray(authApiGrantPo.getApiUrl());
            if (splitPathToArray.length == splitPathToArray2.length) {
                boolean z = false;
                int i = 0;
                int length = splitPathToArray.length;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str2 = splitPathToArray[i];
                    String str3 = splitPathToArray2[i];
                    if (!StringValidator.valid("^\\{*\\}$", str3) && !"*".equals(str3) && !str3.equals(str2)) {
                        z = false;
                        break;
                    } else {
                        z = true;
                        i++;
                    }
                }
                if (z) {
                    if (booleanValue) {
                        try {
                            limiting(property, authApiGrantPo);
                        } catch (Exception e2) {
                            aPIResult.setData(false);
                            aPIResult.addVariable("limit", 0);
                            return;
                        }
                    }
                    aPIResult.setData(true);
                    return;
                }
            }
        }
    }

    private void limiting(String str, AuthApiGrantPo authApiGrantPo) {
        double limit = getLimit(str, authApiGrantPo);
        this.logger.debug("Interface[{}] allowed {} requests for 1 second.", authApiGrantPo.getApiUrl(), Double.valueOf(limit));
        boolean tryAcquire = getRateLimiter(limit, authApiGrantPo).tryAcquire();
        this.logger.debug("Current limiting is {}.", Boolean.valueOf(tryAcquire));
        if (!tryAcquire) {
            throw new BaseException("Interface[" + authApiGrantPo.getApiUrl() + "] is limiting.");
        }
    }

    private RateLimiter getRateLimiter(double d, AuthApiGrantPo authApiGrantPo) {
        RateLimiter create;
        if (rateLimiterCache.containsKey(authApiGrantPo.getApiKey())) {
            create = rateLimiterCache.get(authApiGrantPo.getApiKey());
            this.logger.debug("limiter ==> {}, {}, is old.", create, authApiGrantPo.getApiKey());
        } else {
            create = RateLimiter.create(d);
            rateLimiterCache.put(authApiGrantPo.getApiKey(), create);
            this.logger.debug("limiter ==> {}, {} is new, max requests is {} for 1 second.", new Object[]{create, authApiGrantPo.getApiKey(), Double.valueOf(d)});
        }
        return create;
    }

    private double getLimit(String str, AuthApiGrantPo authApiGrantPo) {
        return "prod".equals(str) ? authApiGrantPo.getLimit().doubleValue() : authApiGrantPo.getTestLimit().doubleValue();
    }
}
