package com.lenovo.cloud.gateway.filter.security;

import cn.hutool.core.util.StrUtil;
import com.fasterxml.jackson.core.type.TypeReference;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.lenovo.cloud.framework.common.core.KeyValue;
import com.lenovo.cloud.framework.common.pojo.CommonResult;
import com.lenovo.cloud.framework.common.util.cache.CacheUtils;
import com.lenovo.cloud.framework.common.util.date.LocalDateTimeUtils;
import com.lenovo.cloud.framework.common.util.json.JsonUtils;
import com.lenovo.cloud.gateway.util.SecurityFrameworkUtils;
import com.lenovo.cloud.gateway.util.WebFrameworkUtils;
import com.lenovo.cloud.module.system.api.oauth2.OAuth2TokenApi;
import com.lenovo.cloud.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
import java.time.Duration;
import java.util.Objects;
import org.springframework.cloud.client.loadbalancer.reactive.ReactorLoadBalancerExchangeFilterFunction;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@Component
/* loaded from: input_file:BOOT-INF/classes/com/lenovo/cloud/gateway/filter/security/TokenAuthenticationFilter.class */
public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
    private static final TypeReference<CommonResult<OAuth2AccessTokenCheckRespDTO>> CHECK_RESULT_TYPE_REFERENCE = new TypeReference<CommonResult<OAuth2AccessTokenCheckRespDTO>>() { // from class: com.lenovo.cloud.gateway.filter.security.TokenAuthenticationFilter.1
    };
    private static final LoginUser LOGIN_USER_EMPTY = new LoginUser();
    private final WebClient webClient;
    private final LoadingCache<KeyValue<Long, String>, LoginUser> loginUserCache = CacheUtils.buildAsyncReloadingCache(Duration.ofMinutes(1), new CacheLoader<KeyValue<Long, String>, LoginUser>() { // from class: com.lenovo.cloud.gateway.filter.security.TokenAuthenticationFilter.2
        @Override // com.google.common.cache.CacheLoader
        public LoginUser load(KeyValue<Long, String> keyValue) {
            return TokenAuthenticationFilter.this.buildUser(TokenAuthenticationFilter.this.checkAccessToken(keyValue.getKey(), keyValue.getValue()).block());
        }
    });

    public TokenAuthenticationFilter(ReactorLoadBalancerExchangeFilterFunction reactorLoadBalancerExchangeFilterFunction) {
        this.webClient = WebClient.builder().filter(reactorLoadBalancerExchangeFilterFunction).build();
    }

    @Override // org.springframework.cloud.gateway.filter.GlobalFilter
    public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
        SecurityFrameworkUtils.removeLoginUser(serverWebExchange);
        String obtainAuthorization = SecurityFrameworkUtils.obtainAuthorization(serverWebExchange);
        return StrUtil.isEmpty(obtainAuthorization) ? gatewayFilterChain.filter(serverWebExchange) : getLoginUser(serverWebExchange, obtainAuthorization).defaultIfEmpty(LOGIN_USER_EMPTY).flatMap(loginUser -> {
            if (loginUser == LOGIN_USER_EMPTY || loginUser.getExpiresTime() == null || LocalDateTimeUtils.beforeNow(loginUser.getExpiresTime())) {
                return gatewayFilterChain.filter(serverWebExchange);
            }
            SecurityFrameworkUtils.setLoginUser(serverWebExchange, loginUser);
            return gatewayFilterChain.filter(serverWebExchange.mutate().request(builder -> {
                SecurityFrameworkUtils.setLoginUserHeader(builder, loginUser);
            }).build());
        });
    }

    private Mono<LoginUser> getLoginUser(ServerWebExchange serverWebExchange, String str) {
        Long tenantId = WebFrameworkUtils.getTenantId(serverWebExchange);
        KeyValue value = new KeyValue().setKey(tenantId).setValue(str);
        LoginUser ifPresent = this.loginUserCache.getIfPresent(value);
        return ifPresent != null ? Mono.just(ifPresent) : checkAccessToken(tenantId, str).flatMap(str2 -> {
            LoginUser buildUser = buildUser(str2);
            if (buildUser == null) {
                return Mono.empty();
            }
            this.loginUserCache.put(value, buildUser);
            return Mono.just(buildUser);
        });
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [org.springframework.web.reactive.function.client.WebClient$RequestHeadersSpec] */
    private Mono<String> checkAccessToken(Long l, String str) {
        return this.webClient.get().uri(OAuth2TokenApi.URL_CHECK, uriBuilder -> {
            return uriBuilder.queryParam("accessToken", str).build(new Object[0]);
        }).headers(httpHeaders -> {
            WebFrameworkUtils.setTenantIdHeader(l, httpHeaders);
        }).retrieve().bodyToMono(String.class);
    }

    private LoginUser buildUser(String str) {
        CommonResult commonResult = (CommonResult) JsonUtils.parseObject(str, CHECK_RESULT_TYPE_REFERENCE);
        if (commonResult == null) {
            return null;
        }
        if (!commonResult.isError()) {
            OAuth2AccessTokenCheckRespDTO oAuth2AccessTokenCheckRespDTO = (OAuth2AccessTokenCheckRespDTO) commonResult.getData();
            return new LoginUser().setId(oAuth2AccessTokenCheckRespDTO.getUserId()).setUserType(oAuth2AccessTokenCheckRespDTO.getUserType()).setInfo(oAuth2AccessTokenCheckRespDTO.getUserInfo()).setTenantId(oAuth2AccessTokenCheckRespDTO.getTenantId()).setScopes(oAuth2AccessTokenCheckRespDTO.getScopes()).setExpiresTime(oAuth2AccessTokenCheckRespDTO.getExpiresTime());
        }
        if (Objects.equals(commonResult.getCode(), Integer.valueOf(HttpStatus.UNAUTHORIZED.value()))) {
            return LOGIN_USER_EMPTY;
        }
        return null;
    }

    @Override // org.springframework.core.Ordered
    public int getOrder() {
        return -100;
    }
}
