package cn.iocoder.yudao.framework.security.core.filter;

import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import cn.iocoder.yudao.framework.common.exception.ServiceException;
import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
import cn.iocoder.yudao.framework.security.config.SecurityProperties;
import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.class */
public class TokenAuthenticationFilter extends OncePerRequestFilter {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TokenAuthenticationFilter.class);
    private final SecurityProperties securityProperties;
    private final GlobalExceptionHandler globalExceptionHandler;
    private final OAuth2TokenApi oauth2TokenApi;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        LoginUser buildLoginUserByHeader = buildLoginUserByHeader(httpServletRequest);
        if (buildLoginUserByHeader == null) {
            String obtainAuthorization = SecurityFrameworkUtils.obtainAuthorization(httpServletRequest, this.securityProperties.getTokenHeader(), this.securityProperties.getTokenParameter());
            if (StrUtil.isNotEmpty(obtainAuthorization)) {
                Integer loginUserType = WebFrameworkUtils.getLoginUserType(httpServletRequest);
                try {
                    buildLoginUserByHeader = buildLoginUserByToken(obtainAuthorization, loginUserType);
                    if (buildLoginUserByHeader == null) {
                        buildLoginUserByHeader = mockLoginUser(httpServletRequest, obtainAuthorization, loginUserType);
                    }
                } catch (Throwable th) {
                    ServletUtils.writeJSON(httpServletResponse, this.globalExceptionHandler.allExceptionHandler(httpServletRequest, th));
                    return;
                }
            }
        }
        if (buildLoginUserByHeader != null) {
            SecurityFrameworkUtils.setLoginUser(buildLoginUserByHeader, httpServletRequest);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private LoginUser buildLoginUserByToken(String str, Integer num) {
        try {
            OAuth2AccessTokenCheckRespDTO oAuth2AccessTokenCheckRespDTO = (OAuth2AccessTokenCheckRespDTO) this.oauth2TokenApi.checkAccessToken(str).getCheckedData();
            if (oAuth2AccessTokenCheckRespDTO == null) {
                return null;
            }
            if (num == null || !ObjectUtil.notEqual(oAuth2AccessTokenCheckRespDTO.getUserType(), num)) {
                return new LoginUser().setId(oAuth2AccessTokenCheckRespDTO.getUserId()).setUserType(oAuth2AccessTokenCheckRespDTO.getUserType()).setInfo(oAuth2AccessTokenCheckRespDTO.getUserInfo()).setTenantId(oAuth2AccessTokenCheckRespDTO.getTenantId()).setScopes(oAuth2AccessTokenCheckRespDTO.getScopes()).setExpiresTime(oAuth2AccessTokenCheckRespDTO.getExpiresTime());
            }
            throw new AccessDeniedException("错误的用户类型");
        } catch (ServiceException e) {
            return null;
        }
    }

    private LoginUser mockLoginUser(HttpServletRequest httpServletRequest, String str, Integer num) {
        if (!this.securityProperties.getMockEnable().booleanValue() || !str.startsWith(this.securityProperties.getMockSecret())) {
            return null;
        }
        return new LoginUser().setId(Long.valueOf(str.substring(this.securityProperties.getMockSecret().length()))).setUserType(num).setTenantId(WebFrameworkUtils.getTenantId(httpServletRequest));
    }

    private LoginUser buildLoginUserByHeader(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(SecurityFrameworkUtils.LOGIN_USER_HEADER);
        if (StrUtil.isEmpty(header)) {
            return null;
        }
        try {
            header = URLDecoder.decode(header, StandardCharsets.UTF_8);
            return (LoginUser) JsonUtils.parseObject(header, LoginUser.class);
        } catch (Exception e) {
            log.error("[buildLoginUserByHeader][解析 LoginUser({}) 发生异常]", header, e);
            throw e;
        }
    }

    @Generated
    public TokenAuthenticationFilter(SecurityProperties securityProperties, GlobalExceptionHandler globalExceptionHandler, OAuth2TokenApi oAuth2TokenApi) {
        this.securityProperties = securityProperties;
        this.globalExceptionHandler = globalExceptionHandler;
        this.oauth2TokenApi = oAuth2TokenApi;
    }
}
