package com.digiwin.dap.middleware.dmc.support.auth;

import com.digiwin.dap.middle.support.DefaultDapSecuritySupport;
import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.constant.GlobalConstants;
import com.digiwin.dap.middleware.dmc.constant.DmcConstants;
import com.digiwin.dap.middleware.dmc.constant.I18nError;
import com.digiwin.dap.middleware.dmc.domain.enumeration.LogType;
import com.digiwin.dap.middleware.dmc.entity.objectid.Bucket;
import com.digiwin.dap.middleware.dmc.online.base.ThirdConstants;
import com.digiwin.dap.middleware.dmc.repository.BucketRepository;
import com.digiwin.dap.middleware.dmc.repository.OpLogRepository;
import com.digiwin.dap.middleware.dmc.service.login.LoginContext;
import com.digiwin.dap.middleware.dmc.service.login.token.DriveTokenService;
import com.digiwin.dap.middleware.dmc.support.auth.domain.DriveAuth;
import com.digiwin.dap.middleware.dmc.support.auth.domain.JwtGrantedAuthority;
import com.digiwin.dap.middleware.dmc.support.auth.domain.JwtUser;
import com.digiwin.dap.middleware.dmc.support.context.BucketContextHolder;
import com.digiwin.dap.middleware.dmc.support.context.FileOpTreeContextHolder;
import com.digiwin.dap.middleware.dmc.util.TenantUtil;
import com.digiwin.dap.middleware.dmc.util.UserUtil;
import com.digiwin.dap.middleware.exception.BusinessException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/dmc/support/auth/DmcSecuritySupport.class */
public class DmcSecuritySupport extends DefaultDapSecuritySupport {

    @Value("${dap.middleware.dmc.frame-ancestors:}")
    private String frameAncestors;

    @Autowired
    private LoginContext loginContext;

    @Autowired
    private OpLogRepository opLogRepository;

    @Autowired
    private BucketRepository bucketRepository;

    @Autowired
    private DriveTokenService driveTokenService;

    @Override // com.digiwin.dap.middle.support.DefaultDapSecuritySupport, com.digiwin.dap.middleware.support.DapSecuritySupport
    public String[] getWhiteList() {
        return new String[]{"/**/auth/**", "/**/test/**", "/**/share/**", "/**/preview/**", "/**/download/**", "/**/playvideo/**", "/**/toAnyOne/**", "/api/dmc/v2/buckets/task", "/api/dmc/v2/buckets/apply", "/api/dmc/v2/user/password/**", "/api/dmc/3rd/**"};
    }

    @Override // com.digiwin.dap.middle.support.DefaultDapSecuritySupport, com.digiwin.dap.middleware.support.DapSecuritySupport
    public List<String> getAppTokenWhiteList() {
        List<String> appTokenWhiteList = super.getAppTokenWhiteList();
        appTokenWhiteList.add("/share");
        appTokenWhiteList.add("/preview");
        appTokenWhiteList.add("/playvideo");
        appTokenWhiteList.add("/toAnyOne");
        appTokenWhiteList.add(ThirdConstants.THIRD_PREFIX);
        return appTokenWhiteList;
    }

    @Override // com.digiwin.dap.middle.support.DefaultDapSecuritySupport, com.digiwin.dap.middleware.support.DapSecuritySupport
    public AuthoredUser getLoginUser(HttpServletRequest httpServletRequest, String str) {
        JwtUser analysis = this.loginContext.analysis(str, httpServletRequest);
        setTenantId(httpServletRequest, analysis);
        Iterator<Bucket> it = this.bucketRepository.findByOwner(analysis.getUserId()).iterator();
        while (it.hasNext()) {
            analysis.getBuckets().add(it.next().getName());
        }
        return analysis;
    }

    @Override // com.digiwin.dap.middle.support.DefaultDapSecuritySupport, com.digiwin.dap.middleware.support.DapSecuritySupport
    public AuthoredSys getLoginSys(HttpServletRequest httpServletRequest, String str) {
        if (UserUtil.isIam()) {
            return super.getLoginSys(httpServletRequest, str);
        }
        AuthoredSys authoredSys = new AuthoredSys(str);
        authoredSys.setInside(true);
        return authoredSys;
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public AuthoredUser anonymous() {
        return JwtUser.anonymous();
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public void postProcessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_DRIVE_TOKEN_KEY);
        if (StringUtils.hasLength(header)) {
            this.opLogRepository.saveLog(LogType.EVENT_TRACKING, "解析DriveToken", (String) null);
            if (!this.driveTokenService.validate(header)) {
                throw new BusinessException(I18nError.LOGIN_DRIVE_TOKEN_INVALID);
            }
            DriveAuth data = this.driveTokenService.getData(header);
            UserUtil.getJwtUser().getAuthorities().add(new JwtGrantedAuthority(data));
            httpServletRequest.setAttribute(GlobalConstants.AUTH_ACCESS, data);
        }
        String header2 = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_TENANT_ID_KEY);
        if (header2 != null) {
            JwtUser jwtUser = UserUtil.getJwtUser();
            jwtUser.setTenant(TenantUtil.getTenant(header2));
            this.opLogRepository.saveLog(LogType.EVENT_TRACKING, "旧版多租户方案", jwtUser.getBuckets());
        }
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public void afterProcessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        BucketContextHolder.clearContext();
        FileOpTreeContextHolder.resetContext();
    }

    @Override // com.digiwin.dap.middle.support.DefaultDapSecuritySupport, com.digiwin.dap.middleware.support.DapSecuritySupport
    public void addCustomFilter(HttpSecurity httpSecurity, AuthenticationManager authenticationManager) throws Exception {
        super.addCustomFilter(httpSecurity, authenticationManager);
        httpSecurity.headers().cacheControl();
        httpSecurity.headers().frameOptions().disable();
        if (StringUtils.hasText(this.frameAncestors)) {
            httpSecurity.headers().contentSecurityPolicy("frame-ancestors " + this.frameAncestors);
        } else {
            httpSecurity.headers().contentSecurityPolicy("frame-ancestors *.digiwincloud.com *.digiwincloud.com.cn");
        }
        httpSecurity.addFilterAfter((Filter) new DapAsyncManagerIntegrationFilter(), WebAsyncManagerIntegrationFilter.class);
    }

    private void setTenantId(HttpServletRequest httpServletRequest, JwtUser jwtUser) {
        String header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_ACCESS_TOKEN_KEY);
        if (header == null || !header.startsWith(DmcConstants.DMC_SDK)) {
            return;
        }
        jwtUser.setTenantId(header.replace(DmcConstants.DMC_SDK, ""));
    }
}
