package com.digiwin.athena.auth.aspect;

import cn.hutool.core.convert.Convert;
import cn.hutool.core.map.MapUtil;
import cn.hutool.core.util.ReflectUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.digiwin.athena.auth.annotation.FuncAuth;
import com.digiwin.athena.auth.domain.QueryAuthParam;
import com.digiwin.athena.auth.metadata.domain.AuthorityPolicy;
import com.digiwin.athena.auth.metadata.enums.AuthModeEnum;
import com.digiwin.athena.auth.metadata.enums.PermissionPolicyEnum;
import com.digiwin.athena.auth.service.AuthService;
import com.digiwin.athena.auth.service.MongoDataService;
import com.digiwin.athena.auth.service.TemplateService;
import com.digiwin.athena.auth.service.UserService;
import com.digiwin.athena.auth.util.AuthHelper;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Aspect
@Component
/* loaded from: input_file:com/digiwin/athena/auth/aspect/FuncAuthAspect.class */
public class FuncAuthAspect {

    @Autowired(required = false)
    private AuthService authService;

    @Autowired(required = false)
    private MongoDataService mongoDataService;

    @Autowired(required = false)
    private TemplateService templateService;

    @Autowired
    private UserService userService;

    @Autowired
    private AuthHelper authHelper;

    @Value("${designer.auth.mode:FORBID}")
    private String authMode;

    @Value("${designer.domain:default}")
    private String designerDomain;

    @Before("@annotation(funcAuth)")
    public void funcAuthCheck(JoinPoint joinPoint, FuncAuth funcAuth) {
        List<AuthorityPolicy> javaList;
        if (AuthModeEnum.FORBID.name().equals(this.authMode)) {
            return;
        }
        String resourceId = funcAuth.resourceId();
        String[] actions = funcAuth.actions();
        Object[] args = joinPoint.getArgs();
        String resourceType = getResourceType(funcAuth, args);
        if (this.templateService == null || !validateTemplateAuth()) {
            if (StrUtil.isNumeric(resourceId)) {
                resourceId = ((List) Arrays.stream(args).filter(obj -> {
                    return obj != null;
                }).collect(Collectors.toList())).size() > Convert.toInt(resourceId).intValue() ? String.valueOf(args[Convert.toInt(resourceId).intValue()]) : null;
            } else if (resourceId.startsWith(AuthHelper.VAR_PREFIX)) {
                resourceId = this.authHelper.getVarValue(args, resourceId);
            } else if (resourceId.startsWith(AuthHelper.PRIMARY_PREFIX)) {
                resourceId = getPkValue(args, resourceId, funcAuth.primaryKey());
            } else if (resourceId.startsWith(AuthHelper.JSON_PREFIX)) {
                resourceId = this.authHelper.getJSONValue(resourceId, args);
            }
            if (AuthModeEnum.LOCAL.name().equals(this.authMode)) {
                javaList = this.authService.queryFuncAuthPolicy(new QueryAuthParam().setUserId(this.userService.getCurrentUser()).setResourceType(resourceType).setResourceId(resourceId));
            } else {
                if (this.userService == null) {
                    throw new RuntimeException("请实现com.digiwin.athena.auth.service.UserService接口");
                }
                JSONObject jSONObject = (JSONObject) JSON.parseObject(((HttpRequest) HttpUtil.createPost(this.designerDomain + "/athena-designer/auth/queryAuthPolicy").body(JSON.toJSONString(new QueryAuthParam().setUserId(this.userService.getCurrentUser()).setResourceType(resourceType).setResourceId(resourceId))).addHeaders(MapUtil.builder("digi-middleware-auth-user", this.userService.getToken()).build())).execute().body(), JSONObject.class);
                if (jSONObject.getInteger("code").intValue() != 0) {
                    throw new RuntimeException("查询权限失败");
                }
                javaList = jSONObject.getJSONArray("data").toJavaList(AuthorityPolicy.class);
            }
            if (((List) javaList.stream().filter(authorityPolicy -> {
                return "deny".equals(authorityPolicy.getEffect());
            }).collect(Collectors.toList())).stream().filter(authorityPolicy2 -> {
                return authorityPolicy2.getAction().stream().anyMatch(str -> {
                    return Arrays.stream(actions).anyMatch(str -> {
                        return (resourceType + str).equals(str);
                    });
                });
            }).findAny().isPresent()) {
                throw new RuntimeException("无权访问该接口!");
            }
            Boolean bool = false;
            List list = (List) javaList.stream().filter(authorityPolicy3 -> {
                return "allow".equals(authorityPolicy3.getEffect());
            }).collect(Collectors.toList());
            if (list.stream().filter(authorityPolicy4 -> {
                return authorityPolicy4.getAction().stream().anyMatch(str -> {
                    return str.endsWith(":*");
                });
            }).findAny().isPresent()) {
                bool = true;
            }
            if (bool.booleanValue()) {
                return;
            }
            Iterator it = list.iterator();
            while (it.hasNext()) {
                Iterator it2 = ((AuthorityPolicy) it.next()).getAction().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        String str = (String) it2.next();
                        if (Arrays.stream(actions).anyMatch(str2 -> {
                            return (resourceType + str2).equals(str);
                        })) {
                            bool = true;
                            break;
                        }
                    }
                }
            }
            if (!bool.booleanValue()) {
                throw new RuntimeException("无权访问该接口!");
            }
        }
    }

    private boolean validateTemplateAuth() {
        String templateId = this.templateService.getTemplateId();
        if (!StrUtil.isNotBlank(templateId)) {
            return false;
        }
        this.templateService.removeTemplateId();
        if (!this.authService.queryAuthority(this.userService.getCurrentUser(), this.userService.getTenantId()).stream().filter(authority -> {
            return "result:mgr".equals(authority.getAccreditRole()) || "tenant:super".equals(authority.getAccreditRole());
        }).findAny().isPresent()) {
            JSONObject queryTemplateById = this.templateService.queryTemplateById(templateId);
            if (queryTemplateById == null) {
                throw new RuntimeException("找不到模板!");
            }
            String string = queryTemplateById.getString("type");
            Long l = queryTemplateById.getLong("userId");
            if ("public".equals(string) && !l.equals(this.userService.getCurrentUserId())) {
                throw new RuntimeException("无权访问该接口");
            }
        }
        this.templateService.setTemplateId(templateId);
        return true;
    }

    private String getEntityPkValue(String str, Object[] objArr) {
        return str.startsWith(AuthHelper.VAR_PREFIX) ? this.authHelper.getVarValue(objArr, str) : str.startsWith(AuthHelper.JSON_PREFIX) ? this.authHelper.getJSONValue(str, objArr) : String.valueOf(objArr[Convert.toInt(str).intValue()]);
    }

    private String getResourceType(FuncAuth funcAuth, Object[] objArr) {
        String resourceType = funcAuth.resourceType();
        if (resourceType.startsWith(AuthHelper.VAR_PREFIX)) {
            String[] split = resourceType.substring(resourceType.indexOf(":") + 1, resourceType.length()).split(AuthHelper.SEPARATOR);
            String str = split[0];
            String str2 = split[1];
            int length = objArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Object obj = objArr[i];
                if (obj.getClass().getSimpleName().equals(str)) {
                    resourceType = PermissionPolicyEnum.getResourceTypeByRole(String.valueOf(ReflectUtil.getFieldValue(obj, str2)));
                    break;
                }
                i++;
            }
        } else if (StrUtil.isNumeric(resourceType)) {
            resourceType = String.valueOf(objArr[Convert.toInt(resourceType).intValue()]);
        } else if (resourceType.startsWith(AuthHelper.JSON_PREFIX)) {
            resourceType = PermissionPolicyEnum.getResourceTypeByRole(this.authHelper.getJSONValue(resourceType, objArr));
        }
        return resourceType;
    }

    private String getPkValue(Object[] objArr, String str, String str2) {
        if (this.mongoDataService == null) {
            throw new RuntimeException("请实现com.digiwin.athena.auth.service.MongoDataService接口!");
        }
        String entityPkValue = getEntityPkValue(str2, objArr);
        String[] split = str.substring(str.indexOf(":") + 1, str.length()).split(AuthHelper.OR_OPERATOR);
        String str3 = null;
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String[] split2 = split[i].split(AuthHelper.SEPARATOR);
            String str4 = split2[0];
            String str5 = split2[1];
            String str6 = split2[2];
            JSONObject queryOne = this.mongoDataService.queryOne(str4, str5, entityPkValue);
            if (queryOne != null) {
                str3 = queryOne.getString(str6);
                break;
            }
            i++;
        }
        if (StrUtil.isBlank(str3)) {
            throw new RuntimeException("找不到该实体对应的应用!");
        }
        return str3;
    }
}
