package com.digiwin.dap.middle.ram.filter;

import com.digiwin.dap.middle.ram.constant.Constant;
import com.digiwin.dap.middle.ram.constant.I18nError;
import com.digiwin.dap.middle.ram.domain.enums.PolicyType;
import com.digiwin.dap.middle.ram.domain.enums.TargetType;
import com.digiwin.dap.middle.ram.service.AppAuthCheckService;
import com.digiwin.dap.middle.ram.service.PolicyQueryService;
import com.digiwin.dap.middle.ram.util.MatcherUtils;
import com.digiwin.dap.middleware.domain.DapEnv;
import com.digiwin.dap.middleware.domain.FilterOrderEnum;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.exception.DapException;
import com.digiwin.dap.middleware.util.ExceptionUtils;
import com.digiwin.dap.middleware.util.TokenUtils;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.core.Ordered;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/digiwin/dap/middle/ram/filter/AppAuthCheckFilter.class */
public class AppAuthCheckFilter extends OncePerRequestFilter implements Ordered {
    private final DapEnv dapEnv;
    private final boolean appCheck;
    private final AppAuthCheckService appAuthCheckService;
    private final PolicyQueryService policyQueryService;

    public AppAuthCheckFilter(DapEnv dapEnv, boolean z, AppAuthCheckService appAuthCheckService, PolicyQueryService policyQueryService) {
        this.dapEnv = dapEnv;
        this.appCheck = z;
        this.appAuthCheckService = appAuthCheckService;
        this.policyQueryService = policyQueryService;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            MappingRegistry pattern = this.policyQueryService.getPattern(PolicyType.AppCheck.name());
            if (!pattern.isEmpty() && MatcherUtils.matches(httpServletRequest, pattern)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if ("/api/iam/v2/identity/token/analyze/internal".equals(httpServletRequest.getRequestURI()) && !Boolean.parseBoolean(httpServletRequest.getParameter("appCheck"))) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            String header = httpServletRequest.getHeader(Constant.HTTP_HEADER_APP_TOKEN_KEY);
            if (this.appCheck && StringUtils.isEmpty(header)) {
                throw new BusinessException(I18nError.APP_TOKEN_NONE);
            }
            if (!(TokenUtils.getTenantId() == null || TokenUtils.getAuthoredSys() == null || TokenUtils.getAuthoredSys().isInside()) && this.policyQueryService.findPolicyIdByTarget(PolicyType.AppCheck.name(), TargetType.Sys.name(), TokenUtils.getSysId()).isEmpty()) {
                this.appAuthCheckService.checkAppAuth(TokenUtils.getAuthoredUser(), TokenUtils.getAuthoredSys());
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (DapException e) {
            ExceptionUtils.writeUnAuth(httpServletRequest, httpServletResponse, this.dapEnv.getAppName(), e);
        } catch (Exception e2) {
            ExceptionUtils.writeUnAuth(httpServletRequest, httpServletResponse, this.dapEnv.getAppName(), I18nError.APP_AUTH_CHECK);
        }
    }

    public int getOrder() {
        return FilterOrderEnum.APP_CHECK.order();
    }
}
