package com.goldkinn.user.api.sso.filetr;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.cloud.common.util.base.Result;
import com.cloud.common.util.enums.ResultEnum;
import com.goldkinn.user.api.enums.LoginUserInfo;
import com.goldkinn.user.api.enums.UserAgent;
import com.goldkinn.user.api.sso.constant.JwtConstant;
import com.goldkinn.user.api.sso.utils.JwtUtils;
import com.goldkinn.user.api.sso.utils.SsoRedisUtils;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;

@WebFilter(urlPatterns = {"${cloud.user.sso.urlPatterns:/*}"})
@Configuration
@ConfigurationProperties("cloud.user.sso")
@Order(50)
@ConditionalOnExpression("${cloud.user.sso.enable:false}")
/* loaded from: input_file:com/goldkinn/user/api/sso/filetr/UserSsoFilter.class */
public class UserSsoFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(UserSsoFilter.class);
    private static final String ACCESS_TOKEN = "Access-Token";
    private static final String REDIS_KEY_PREFIX = "cloud:sso:SSO_TOKEN_";
    private List<String> whiteList;

    @Value("${goldkinn.feign.system.token:system-internal-weoupqwnlkjdfsasds}")
    public String systemToken;

    @Value("${cloud.user.ssoRedisPrefix}")
    private String APPLICATION_CACHE;

    public void init(FilterConfig filterConfig) throws ServletException {
        log.info("==== [SsoFilter.init]: SUCCESS.");
        log.info("==== [SsoFilter.url.whiteList]: \n{}", JSON.toJSONString(this.whiteList, new SerializerFeature[]{SerializerFeature.PrettyFormat}));
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setHeader("Content-Type", "application/json; charset=UTF-8");
        String replaceAll = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()).replaceAll("[/]+$", "");
        log.debug("==== [sso.current.path]: {}", replaceAll);
        if (checkWhiteList(this.whiteList, replaceAll)) {
            filterChain.doFilter(servletRequest, httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("Access-Token");
        if (StringUtils.isEmpty(header)) {
            log.debug("==== [sso.un_authorized]: {}");
            httpServletResponse.getWriter().write(JSON.toJSONString(Result.error(ResultEnum.COM_UN_AUTHORIZED)));
            httpServletResponse.getWriter().flush();
            httpServletResponse.getWriter().close();
            return;
        }
        log.debug("accessToken {}", header);
        if (header.equals(this.systemToken)) {
            filterChain.doFilter(servletRequest, httpServletResponse);
            return;
        }
        LoginUserInfo loginUserInfo = null;
        try {
            loginUserInfo = JwtUtils.validateLogin(header);
        } catch (Exception e) {
            log.error("解析token失败");
        }
        if (null == loginUserInfo) {
            filterChain.doFilter(servletRequest, httpServletResponse);
            return;
        }
        if (null == loginUserInfo.getId()) {
            httpServletResponse.getWriter().write(JSON.toJSONString(Result.error(ResultEnum.COM_UN_LOGIN)));
            return;
        }
        if (!SsoRedisUtils.isExists(genSsoCacheKey(loginUserInfo.getId()))) {
            httpServletResponse.getWriter().write(JSON.toJSONString(Result.error(ResultEnum.COM_UN_LOGIN)));
            return;
        }
        loginUserInfo.setToken(header);
        UserAgent.set(loginUserInfo);
        servletRequest.getRequestDispatcher(((HttpServletRequest) servletRequest).getServletPath()).forward(servletRequest, servletResponse);
        UserAgent.remove();
    }

    public String genSsoCacheKey(Long l) {
        return this.APPLICATION_CACHE + ":" + JwtConstant.TOKEN_REDIS_PREFIX + l;
    }

    public void destroy() {
        log.info("==== [SsoFilter]: DESTROY.");
    }

    public void setWhiteList(List<String> list) {
        this.whiteList = list;
    }

    public boolean checkWhiteList(List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (filterUrls(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    private boolean filterUrls(String str, String str2) {
        return Pattern.compile(getRegPath(str)).matcher(str2).matches();
    }

    private String getRegPath(String str) {
        char[] charArray = str.toCharArray();
        int length = charArray.length;
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        for (int i = 0; i < length; i++) {
            if (charArray[i] != '*') {
                if (z) {
                    sb.append("[^/]*");
                    z = false;
                }
                if (charArray[i] == '?') {
                    sb.append('.');
                } else {
                    sb.append(charArray[i]);
                }
            } else if (z) {
                sb.append(".*");
                z = false;
            } else if (i + 1 == length) {
                sb.append("[^/]*");
            } else {
                z = true;
            }
        }
        return sb.toString();
    }
}
