package com.digiwin.athena.auth.aspect;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.map.MapUtil;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.digiwin.athena.auth.annotation.DataAuth;
import com.digiwin.athena.auth.context.DataAuthContext;
import com.digiwin.athena.auth.domain.QueryAuthParam;
import com.digiwin.athena.auth.metadata.domain.AuthorityPolicy;
import com.digiwin.athena.auth.metadata.domain.ResourceCondition;
import com.digiwin.athena.auth.metadata.enums.AuthModeEnum;
import com.digiwin.athena.auth.service.AuthService;
import com.digiwin.athena.auth.service.DataCountService;
import com.digiwin.athena.auth.service.UserService;
import com.digiwin.athena.auth.util.AuthHelper;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.stereotype.Component;

@Aspect
@Component
/* loaded from: input_file:com/digiwin/athena/auth/aspect/DataAuthAspect.class */
public class DataAuthAspect {

    @Autowired(required = false)
    @Lazy
    private AuthService authService;

    @Autowired(required = false)
    @Lazy
    private DataCountService dataCountService;

    @Autowired
    @Lazy
    private UserService userService;

    @Autowired
    @Lazy
    private AuthHelper authHelper;

    @Value("${designer.auth.mode:FORBID}")
    private String authMode;

    @Value("${designer.auth.dbType:MONGO}")
    private String authDbType;

    @Value("${designer.domain:default}")
    private String designerDomain;

    @Pointcut("execution(* org.springframework.data.mongodb.core.MongoTemplate.find(..))")
    public void executeFind() {
    }

    @Before("@annotation(dataAuth)")
    public void dataAuthCheck(JoinPoint joinPoint, DataAuth dataAuth) {
        List<AuthorityPolicy> javaList;
        if (AuthModeEnum.FORBID.name().equals(this.authMode)) {
            return;
        }
        if (!this.authDbType.equals("MONGO")) {
            throw new RuntimeException("仅支持MongoDB数据源使用数据权限!");
        }
        String resourceType = dataAuth.resourceType();
        String resourceId = dataAuth.resourceId();
        Object[] args = joinPoint.getArgs();
        String jSONValue = resourceId.startsWith(AuthHelper.JSON_PREFIX) ? this.authHelper.getJSONValue(resourceId, args) : this.authHelper.getVarValue(args, resourceId);
        if (AuthModeEnum.LOCAL.name().equals(this.authMode)) {
            javaList = this.authService.queryDataAuthPolicy(this.userService.getCurrentUser(), resourceType, jSONValue);
        } else {
            if (this.userService == null) {
                throw new RuntimeException("请实现com.digiwin.athena.auth.service.UserService接口");
            }
            JSONObject jSONObject = (JSONObject) JSON.parseObject(((HttpRequest) HttpUtil.createPost(this.designerDomain + "/athena-designer/auth/queryDataAuthPolicy").body(JSON.toJSONString(new QueryAuthParam().setUserId(this.userService.getCurrentUser()).setResourceId(jSONValue).setResourceType(resourceType))).addHeaders(MapUtil.builder("digi-middleware-auth-user", this.userService.getToken()).build())).execute().body(), JSONObject.class);
            if (jSONObject.getInteger("code").intValue() != 0) {
                throw new RuntimeException("查询权限失败");
            }
            javaList = jSONObject.getJSONArray("data").toJavaList(AuthorityPolicy.class);
        }
        if (CollUtil.isEmpty(javaList)) {
            DataAuthContext.setMongoCondition(MapUtil.builder(resourceType, Criteria.where("1").is("2")).build());
            return;
        }
        Criteria criteria = new Criteria();
        Boolean bool = true;
        ArrayList arrayList = new ArrayList();
        Iterator<AuthorityPolicy> it = javaList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            List<ResourceCondition> conditions = it.next().getConditions();
            if (CollUtil.isEmpty(conditions)) {
                bool = false;
                break;
            }
            for (ResourceCondition resourceCondition : conditions) {
                arrayList.add(Criteria.where(resourceCondition.getField()).is(resourceCondition.getValue()));
            }
        }
        if (bool.booleanValue()) {
            criteria.orOperator((Criteria[]) ArrayUtil.toArray(arrayList, Criteria.class));
        } else {
            criteria = null;
        }
        DataAuthContext.setMongoCondition(MapUtil.builder(resourceType, criteria).build());
        if (dataAuth.throwException() && bool.booleanValue()) {
            if (this.dataCountService.count(resourceType, this.authHelper.getJSONValue(dataAuth.pkValue(), args), criteria).longValue() <= 0) {
                throw new RuntimeException("无权访问改接口!");
            }
        }
    }

    @Around("executeFind()")
    public Object aroundExecuteFind(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        Object[] args = proceedingJoinPoint.getArgs();
        if (args.length != 3) {
            DataAuthContext.removeMongoCondition();
            return proceedingJoinPoint.proceed();
        }
        String valueOf = String.valueOf(args[2]);
        Query query = (Query) args[0];
        Map<String, Criteria> mongoCondition = DataAuthContext.getMongoCondition();
        if (mongoCondition == null) {
            DataAuthContext.removeMongoCondition();
            return proceedingJoinPoint.proceed();
        }
        Criteria criteria = mongoCondition.get(valueOf);
        if (criteria != null) {
            query.addCriteria(criteria);
        }
        args[0] = query;
        DataAuthContext.removeMongoCondition();
        return proceedingJoinPoint.proceed(args);
    }
}
