package cn.com.yusys.yusp.commons.filter;

import cn.com.yusys.yusp.commons.dto.Contr;
import cn.com.yusys.yusp.commons.security.SecurityUtils;
import cn.com.yusys.yusp.commons.service.UserService;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:cn/com/yusys/yusp/commons/filter/AccessFilter.class */
public class AccessFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(AccessFilter.class);
    private static final int MAX_REFRESH_TIME = 60000;
    private List<? extends Contr> needAuthUrls;

    @Autowired
    private UserService userCacheService;
    private List<String> ignoreUrls;
    private List<String> ignoreResources;
    private AntPathMatcher matcher = new AntPathMatcher();
    private UrlPathHelper pathHelper = new UrlPathHelper();

    @Value("${application.web.ignore-urls:/error,/actuator/**,/actuatorApp}")
    private String ignoreUrlStrs = null;

    @Value("${application.web.ignore-resources:.css,.js,.html,.ttf,.woff,.svg,.eot,.png,.gif,.ico,.json}")
    private String ignoreResourcesStrs = null;

    @Value("${application.filter.serviceauth.enabled:false}")
    private boolean enableServiceFilter = false;
    private long lastRefresh = System.currentTimeMillis();

    public void init(FilterConfig filterConfig) throws ServletException {
        log.info("Create access permission interceptor!");
        if (null == this.ignoreUrlStrs) {
            return;
        }
        this.ignoreUrls = (List) Arrays.asList(this.ignoreUrlStrs.split(",")).stream().map(str -> {
            return str.trim();
        }).collect(Collectors.toList());
        if (null == this.ignoreResourcesStrs) {
            return;
        }
        this.ignoreResources = (List) Arrays.asList(this.ignoreResourcesStrs.split(",")).stream().map(str2 -> {
            return str2.trim();
        }).collect(Collectors.toList());
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        boolean z = true;
        if (this.enableServiceFilter && StringUtils.isNoneBlank(new CharSequence[]{httpServletRequest.getHeader("appName")})) {
            z = false;
        }
        if (!z) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String lookupPathForRequest = this.pathHelper.getLookupPathForRequest(httpServletRequest);
        String currentUserToken = SecurityUtils.getCurrentUserToken();
        if (log.isDebugEnabled()) {
            log.debug("AccessFilter enter utl:[{}] , ip:[{}:{}]", new Object[]{lookupPathForRequest, servletRequest.getRemoteAddr(), Integer.valueOf(servletRequest.getRemotePort())});
        }
        boolean z2 = false;
        if (null != this.ignoreUrls) {
            z2 = this.ignoreUrls.stream().anyMatch(str -> {
                return this.matcher.matchStart(str, lookupPathForRequest);
            });
        }
        if (!z2 && null != this.ignoreResources) {
            z2 = this.ignoreResources.stream().anyMatch(str2 -> {
                return lookupPathForRequest.endsWith(str2);
            });
        }
        try {
            if (!z2) {
                if (null == currentUserToken) {
                    log.error("User information not obtained in request [{}], request not authorized", lookupPathForRequest);
                } else {
                    String userCode = this.userCacheService.getUserCode(currentUserToken);
                    if (log.isDebugEnabled()) {
                        log.debug("loginCode:[{}];token:[{}]", userCode, currentUserToken);
                    }
                    if (!StringUtils.isEmpty(userCode)) {
                        if (this.needAuthUrls == null || System.currentTimeMillis() - this.lastRefresh > 60000) {
                            this.needAuthUrls = this.userCacheService.findAllContrUrl(currentUserToken);
                            this.lastRefresh = System.currentTimeMillis();
                        }
                        if (null == this.needAuthUrls || this.needAuthUrls.isEmpty()) {
                            z2 = true;
                        } else if (this.needAuthUrls.stream().anyMatch(contr -> {
                            return this.matcher.match(contr.getContrUrl(), lookupPathForRequest);
                        })) {
                            List contr2 = this.userCacheService.getMenuandContr(userCode, (String) null, currentUserToken).getContr();
                            if (contr2 != null && contr2.size() > 0) {
                                z2 = contr2.stream().anyMatch(contr3 -> {
                                    return Objects.nonNull(contr3.getContrUrl()) && this.matcher.match(contr3.getContrUrl(), lookupPathForRequest);
                                });
                            }
                        } else {
                            z2 = true;
                        }
                    }
                }
            }
            if (z2) {
                filterChain.doFilter(servletRequest, servletResponse);
            } else {
                httpServletResponse.sendError(403, "user forbidden from yusp access filter");
            }
        } catch (Exception e) {
            log.error("AccessFilter exception:[{}]", e.getMessage());
            e.printStackTrace();
            throw e;
        }
    }

    public void destroy() {
    }
}
