package com.digiwin.athena.appcore.auth.filter;

import com.digiwin.athena.appcore.AppCoreProperties;
import com.digiwin.athena.appcore.auth.AppAuthContextHolder;
import com.digiwin.athena.appcore.auth.GlobalConstant;
import com.digiwin.athena.appcore.auth.domain.AuthoredUser;
import com.digiwin.athena.appcore.auth.service.TokenVerifyService;
import com.digiwin.athena.appcore.exception.AppError;
import com.digiwin.athena.appcore.exception.BusinessException;
import com.digiwin.athena.appcore.util.JsonUtils;
import com.digiwin.athena.appcore.util.SecurityTokenCommonUtils;
import com.digiwin.athena.appcore.web.RequestMatcher;
import com.jugg.agile.framework.core.util.JaStringUtil;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Stream;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.core.Ordered;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/app-core-starter-1.0.13-beta-SNAPSHOT.jar:com/digiwin/athena/appcore/auth/filter/UserTokenAuthenticationFilter.class */
public class UserTokenAuthenticationFilter extends OncePerRequestFilter implements Ordered {
    private TokenVerifyService iamService;
    private AppCoreProperties.Auth auth;
    private List<RequestMatcher> requestMatchers;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UserTokenAuthenticationFilter.class);
    public static final String[] AUTH_WHITELIST = {"/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js", "/webjars/**", "/swagger-resources/**", "/**/api-docs/**", "/**/env/**", "/error", "/druid/**", "/api/test", "/v2/api-docs", "/swagger-resources", "/swagger-resources/**", "/configuration/ui", "/configuration/security", "/swagger-ui.html", "/webjars/**", "/actuator/**", "/test/**", "/**/tool/**"};

    public UserTokenAuthenticationFilter(AppCoreProperties.Auth auth, TokenVerifyService tokenVerifyService) {
        this.iamService = tokenVerifyService;
        this.auth = auth;
        if (StringUtils.isEmpty(this.auth.getWhiteList())) {
            this.requestMatchers = RequestMatcher.antMatchers(AUTH_WHITELIST);
        } else {
            this.requestMatchers = RequestMatcher.antMatchers((String[]) Stream.concat(Stream.of((Object[]) this.auth.getWhiteList()), Stream.of((Object[]) AUTH_WHITELIST)).toArray(i -> {
                return new String[i];
            }));
        }
    }

    private boolean inWriteList(HttpServletRequest httpServletRequest) {
        if (this.requestMatchers == null) {
            return false;
        }
        Iterator<RequestMatcher> it = this.requestMatchers.iterator();
        while (it.hasNext()) {
            if (it.next().matches(httpServletRequest)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        AppAuthContextHolder.clearContext();
        if (httpServletRequest.getMethod().matches(HttpMethod.OPTIONS.name())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        setCustomRequestHeader(httpServletRequest);
        String header = httpServletRequest.getHeader("digi-middleware-auth-user");
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getHeader("token");
        }
        AuthoredUser authoredUser = null;
        AuthoredUser authoredUser2 = null;
        String header2 = httpServletRequest.getHeader("security-token");
        if (!StringUtils.isEmpty(header2)) {
            authoredUser = SecurityTokenCommonUtils.getAuthoredUserBySecurityToken(header2);
            if (null != authoredUser && StringUtils.isEmpty(authoredUser.getToken())) {
                authoredUser.setToken(header);
            }
        }
        if (authoredUser == null) {
            header2 = null;
            try {
                authoredUser = this.iamService.getUserInfo(header);
                this.iamService.verifyAndExchangeIamToken(authoredUser);
            } catch (BusinessException e) {
                if (!inWriteList(httpServletRequest) && AuthCheck.isCheckAuth(httpServletRequest)) {
                    writeUnAuth(httpServletRequest, httpServletResponse, e);
                    return;
                }
            }
        } else {
            this.iamService.verifyAndExchangeIamToken(authoredUser);
        }
        String requestProxyToken = getRequestProxyToken(httpServletRequest);
        if (JaStringUtil.isNotEmpty(requestProxyToken)) {
            try {
                authoredUser2 = this.iamService.getUserInfo(requestProxyToken);
                if (authoredUser2 != null && JaStringUtil.isNotEmpty(authoredUser.getTenantId()) && JaStringUtil.isNotEmpty(authoredUser2.getTenantId())) {
                    if (authoredUser.getTenantId().equals(authoredUser2.getTenantId())) {
                        authoredUser2 = null;
                        requestProxyToken = null;
                    } else {
                        httpServletRequest.setAttribute(GlobalConstant.PROXY_AUTH_USER, authoredUser2);
                        AppAuthContextHolder.getContext().setProxyAuthoredUser(authoredUser2);
                    }
                }
            } catch (Exception e2) {
                this.logger.error("代理token失效:" + requestProxyToken, e2);
            }
        }
        if (authoredUser != null) {
            if (StringUtils.isEmpty(header2)) {
                header2 = authoredUser2 != null ? SecurityTokenCommonUtils.generateSecurityToken("", requestProxyToken, authoredUser2, authoredUser) : SecurityTokenCommonUtils.generateSecurityToken("", header, authoredUser, null);
            }
            httpServletRequest.setAttribute("digi-middleware-auth-user-data", authoredUser);
            AppAuthContextHolder.getContext().setSecurityToken(header2);
            AppAuthContextHolder.getContext().setAuthoredUser(authoredUser);
            AppAuthContextHolder.getContext().setProxyToken(requestProxyToken);
        }
        String header3 = httpServletRequest.getHeader("routerKey");
        if (StringUtils.hasText(header3)) {
            MDC.put("routerKey", header3);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        AppAuthContextHolder.clearContext();
    }

    private String getRequestProxyToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("proxy_token");
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getHeader(GlobalConstant.IAM_IDENTITY_TYPE_PROXY_TOKEN3);
        }
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getHeader(GlobalConstant.IAM_IDENTITY_TYPE_PROXY_TOKEN2);
        }
        return header;
    }

    private void writeUnAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, BusinessException businessException) throws IOException {
        if (JaStringUtil.isEmpty(businessException.getBizErrorCode())) {
            throw businessException;
        }
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json");
        httpServletResponse.getWriter().println(JsonUtils.objectToString(AppError.getBaseResultG(httpServletRequest.getRequestURL().toString(), businessException)));
    }

    @Override // org.springframework.core.Ordered
    public int getOrder() {
        return Integer.MIN_VALUE;
    }

    private void setCustomRequestHeader(HttpServletRequest httpServletRequest) {
        try {
            HashMap hashMap = new HashMap(16);
            Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String nextElement = headerNames.nextElement();
                hashMap.put(nextElement, httpServletRequest.getHeader(nextElement));
            }
            AppAuthContextHolder.getContext().setRequestHeader(hashMap);
        } catch (Exception e) {
            this.logger.warn("请求头赋值失败");
        }
    }
}
