package com.digiwin.athena.ania.configuration;

import cn.hutool.core.util.StrUtil;
import com.digiwin.athena.appcore.exception.BusinessException;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springdoc.core.Constants;
import org.springframework.beans.factory.annotation.Value;

@WebFilter(filterName = "webSecurityFilter", urlPatterns = {Constants.DEFAULT_API_DOCS_URL, "/swagger-ui/*", "/actuator/*"})
/* loaded from: input_file:WEB-INF/classes/com/digiwin/athena/ania/configuration/WebSecurityFilter.class */
public class WebSecurityFilter implements Filter {

    @Value("${rest-url.appToken}")
    private String appToken;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) WebSecurityFilter.class);
    private static final Set<String> interceptSet = new HashSet();
    private static final Set<String> chainSet = new HashSet();

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String contextPath = httpServletRequest.getContextPath();
        String replaceAll = httpServletRequest.getRequestURI().replaceAll("/+", "/");
        if (StrUtil.isNotBlank(contextPath)) {
            replaceAll = replaceAll.substring(contextPath.length());
        }
        if (interceptSet.contains(replaceAll)) {
            checkAuth(httpServletRequest);
        }
        if (replaceAll.startsWith("/actuator") && !chainSet.contains(replaceAll)) {
            checkAuth(httpServletRequest);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void checkAuth(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("asaToken");
        String header = httpServletRequest.getHeader("Referer");
        if (StrUtil.isNotBlank(header) && !header.contains(this.appToken)) {
            throw BusinessException.create("没有权限访问");
        }
        if (StrUtil.isBlank(header)) {
            if (StrUtil.isBlank(parameter) || !parameter.equals(this.appToken)) {
                throw BusinessException.create("没有权限访问");
            }
        }
    }

    static {
        interceptSet.add(Constants.DEFAULT_API_DOCS_URL);
        interceptSet.add(Constants.DEFAULT_SWAGGER_UI_PATH);
        interceptSet.add("/swagger-ui/*");
        chainSet.add("/actuator/health");
        chainSet.add("/actuator/healthcheck");
        chainSet.add("/actuator/prometheus");
    }
}
