package com.goldkinn.user.api.sso.filetr;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.cloud.common.util.base.Result;
import com.cloud.common.util.enums.ResultEnum;
import com.dtyunxi.rest.RestResponse;
import com.dtyunxi.yundt.cube.center.user.api.IToken4GJ;
import com.dtyunxi.yundt.cube.center.user.api.dto.response.TokenVerifiedRetDto;
import com.goldkinn.redis.service.RedisUtil;
import com.goldkinn.user.api.dto.response.LoginUserInfoVo;
import com.goldkinn.user.api.enums.LoginUserInfo;
import com.goldkinn.user.api.enums.UserAgent;
import com.goldkinn.user.api.query.IUserExt2QueryApi;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.annotation.Resource;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;

@WebFilter(urlPatterns = {"${cloud.user.sso.urlPatterns:/*}"})
@Configuration
@ConfigurationProperties("cloud.user.sso")
@Order(100)
@ConditionalOnExpression("${cloud.user.sso.enablev2:false}")
/* loaded from: input_file:com/goldkinn/user/api/sso/filetr/UserSsoFilterV2.class */
public class UserSsoFilterV2 implements Filter {
    public static final String ACCESS_TOKEN = "Access-Token";
    private List<String> whiteList;

    @Value("${goldkinn.feign.system.token:system-internal-weoupqwnlkjdfsasds}")
    public String systemToken;

    @Value("${cloud.user.ssoRedisPrefix}")
    private String APPLICATION_CACHE;

    @Value("${cloud.user.tenantId:1}")
    Long defaultTenantId;

    @Resource
    IToken4GJ identityTokenService;

    @Resource
    RedisUtil<String> redisUtil;

    @Autowired
    IUserExt2QueryApi userQueryApi;
    private static final Logger log = LoggerFactory.getLogger(UserSsoFilterV2.class);
    public static String TOKEN_PERFIX = "USER_DDUNION_";
    public static String IDENTITY_SUCCESS_CODE = "0";

    public void init(FilterConfig filterConfig) throws ServletException {
        log.info("==== [SsoFilter.v2.init]: SUCCESS.");
        log.info("==== [SsoFilter.v2.url.whiteList]: \n{}", JSON.toJSONString(this.whiteList, new SerializerFeature[]{SerializerFeature.PrettyFormat}));
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setHeader("Content-Type", "application/json; charset=UTF-8");
        String replaceAll = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()).replaceAll("[/]+$", "");
        log.debug("==== [sso.v2.current.path]: {}", replaceAll);
        if (checkWhiteList(this.whiteList, replaceAll)) {
            filterChain.doFilter(servletRequest, httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader(ACCESS_TOKEN);
        if (StringUtils.isEmpty(header)) {
            log.debug("==== [sso.v2.un_authorized]: {}");
            httpServletResponse.getWriter().write(JSON.toJSONString(Result.error(ResultEnum.COM_UN_AUTHORIZED)));
            httpServletResponse.getWriter().flush();
            httpServletResponse.getWriter().close();
            return;
        }
        log.debug("sso.v2.accessToken {}", header);
        if (header.equals(this.systemToken)) {
            filterChain.doFilter(servletRequest, httpServletResponse);
            return;
        }
        try {
            log.info("\n==== [sso.v2.accessToken]: {}", JSON.toJSONString(header, new SerializerFeature[]{SerializerFeature.PrettyFormat}));
            RestResponse isValid = this.identityTokenService.isValid(header);
            log.info("\n==== [sso.v2.tokenResult]: {}", JSON.toJSONString(isValid, new SerializerFeature[]{SerializerFeature.PrettyFormat}));
            if (!StringUtils.equals(isValid.getResultCode(), IDENTITY_SUCCESS_CODE)) {
                httpServletResponse.getWriter().write(JSON.toJSONString(Result.error(ResultEnum.COM_UN_LOGIN)));
                httpServletResponse.getWriter().flush();
                httpServletResponse.getWriter().close();
                return;
            }
            TokenVerifiedRetDto tokenVerifiedRetDto = (TokenVerifiedRetDto) isValid.getData();
            Long valueOf = Long.valueOf(Long.parseLong(tokenVerifiedRetDto.getTenantId()));
            com.goldkinn.common.dto.RestResponse<LoginUserInfoVo> userInfoByUnionId = this.userQueryApi.getUserInfoByUnionId(tokenVerifiedRetDto.getDdUnionId());
            if (userInfoByUnionId.getData() == null) {
                httpServletResponse.getWriter().write(JSON.toJSONString(Result.error(ResultEnum.COM_UN_LOGIN)));
                httpServletResponse.getWriter().flush();
                httpServletResponse.getWriter().close();
                return;
            }
            LoginUserInfoVo loginUserInfoVo = (LoginUserInfoVo) userInfoByUnionId.getData();
            LoginUserInfo loginUserInfo = new LoginUserInfo();
            BeanUtils.copyProperties(loginUserInfoVo, loginUserInfo);
            loginUserInfo.setId(Long.valueOf(Long.parseLong(loginUserInfoVo.getId())));
            loginUserInfo.setTenantId(valueOf);
            loginUserInfo.setToken(header);
            UserAgent.set(loginUserInfo);
            filterChain.doFilter(servletRequest, httpServletResponse);
            UserAgent.remove();
        } catch (Exception e) {
            log.error("sso.v2{}", e);
            httpServletResponse.getWriter().write(JSON.toJSONString(Result.error(ResultEnum.COM_UN_LOGIN)));
            httpServletResponse.getWriter().flush();
            httpServletResponse.getWriter().close();
        }
    }

    public void destroy() {
        log.info("==== [SsoFilter.v2]: DESTROY.");
    }

    public void setWhiteList(List<String> list) {
        this.whiteList = list;
    }

    public boolean checkWhiteList(List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (filterUrls(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    private boolean filterUrls(String str, String str2) {
        return Pattern.compile(getRegPath(str)).matcher(str2).matches();
    }

    private String getRegPath(String str) {
        char[] charArray = str.toCharArray();
        int length = charArray.length;
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        for (int i = 0; i < length; i++) {
            if (charArray[i] != '*') {
                if (z) {
                    sb.append("[^/]*");
                    z = false;
                }
                if (charArray[i] == '?') {
                    sb.append('.');
                } else {
                    sb.append(charArray[i]);
                }
            } else if (z) {
                sb.append(".*");
                z = false;
            } else if (i + 1 == length) {
                sb.append("[^/]*");
            } else {
                z = true;
            }
        }
        return sb.toString();
    }
}
