package org.apache.dubbo.admin.interceptor;

import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.apache.dubbo.admin.annotation.Authority;
import org.apache.dubbo.admin.controller.UserController;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@Component
/* loaded from: input_file:BOOT-INF/classes/org/apache/dubbo/admin/interceptor/AuthInterceptor.class */
public class AuthInterceptor extends HandlerInterceptorAdapter {

    @Value("${admin.check.authority:true}")
    private boolean checkAuthority;

    @Value("${admin.check.sessionTimeoutMilli:3600000}")
    private long sessionTimeoutMilli;

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod) || !this.checkAuthority) {
            return true;
        }
        Method method = ((HandlerMethod) obj).getMethod();
        Authority authority = (Authority) method.getDeclaredAnnotation(Authority.class);
        if (null == authority) {
            authority = (Authority) method.getDeclaringClass().getDeclaredAnnotation(Authority.class);
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (null == authority || !authority.needLogin()) {
            return true;
        }
        if (StringUtils.isEmpty(header)) {
            rejectedResponse(httpServletResponse);
            return false;
        }
        UserController.User user = UserController.tokenMap.get(header);
        if (null == user || System.currentTimeMillis() - user.getLastUpdateTime() > this.sessionTimeoutMilli) {
            rejectedResponse(httpServletResponse);
            return false;
        }
        user.setLastUpdateTime(System.currentTimeMillis());
        return true;
    }

    private static void rejectedResponse(@NotNull HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
    }
}
