package com.lenovo.cloud.framework.tenant.core.security;

import cn.hutool.core.collection.CollUtil;
import com.lenovo.cloud.framework.common.exception.enums.GlobalErrorCodeConstants;
import com.lenovo.cloud.framework.common.pojo.CommonResult;
import com.lenovo.cloud.framework.common.util.servlet.ServletUtils;
import com.lenovo.cloud.framework.security.core.LoginUser;
import com.lenovo.cloud.framework.security.core.util.SecurityFrameworkUtils;
import com.lenovo.cloud.framework.tenant.config.TenantProperties;
import com.lenovo.cloud.framework.tenant.core.context.TenantContextHolder;
import com.lenovo.cloud.framework.tenant.core.service.TenantFrameworkService;
import com.lenovo.cloud.framework.web.config.WebProperties;
import com.lenovo.cloud.framework.web.core.filter.ApiRequestFilter;
import com.lenovo.cloud.framework.web.core.handler.GlobalExceptionHandler;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Iterator;
import java.util.Objects;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:com/lenovo/cloud/framework/tenant/core/security/TenantSecurityWebFilter.class */
public class TenantSecurityWebFilter extends ApiRequestFilter {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TenantSecurityWebFilter.class);
    private final TenantProperties tenantProperties;
    private final AntPathMatcher pathMatcher;
    private final GlobalExceptionHandler globalExceptionHandler;
    private final TenantFrameworkService tenantFrameworkService;

    public TenantSecurityWebFilter(TenantProperties tenantProperties, WebProperties webProperties, GlobalExceptionHandler globalExceptionHandler, TenantFrameworkService tenantFrameworkService) {
        super(webProperties);
        this.tenantProperties = tenantProperties;
        this.pathMatcher = new AntPathMatcher();
        this.globalExceptionHandler = globalExceptionHandler;
        this.tenantFrameworkService = tenantFrameworkService;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        Long tenantId = TenantContextHolder.getTenantId();
        LoginUser loginUser = SecurityFrameworkUtils.getLoginUser();
        if (loginUser != null) {
            if (tenantId == null) {
                tenantId = loginUser.getTenantId();
                TenantContextHolder.setTenantId(tenantId);
            } else if (!Objects.equals(loginUser.getTenantId(), TenantContextHolder.getTenantId())) {
                log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]", new Object[]{loginUser.getTenantId(), loginUser.getId(), loginUser.getUserType(), TenantContextHolder.getTenantId(), httpServletRequest.getRequestURI(), httpServletRequest.getMethod()});
                ServletUtils.writeJSON(httpServletResponse, CommonResult.error(GlobalErrorCodeConstants.FORBIDDEN.getCode(), "您无权访问该租户的数据"));
                return;
            }
        }
        if (isIgnoreUrl(httpServletRequest)) {
            if (tenantId == null) {
                TenantContextHolder.setIgnore(true);
            }
        } else if (tenantId == null) {
            log.error("[doFilterInternal][URL({}/{}) 未传递租户编号]", httpServletRequest.getRequestURI(), httpServletRequest.getMethod());
            ServletUtils.writeJSON(httpServletResponse, CommonResult.error(GlobalErrorCodeConstants.BAD_REQUEST.getCode(), "请求的租户标识未传递，请进行排查"));
            return;
        } else {
            try {
                this.tenantFrameworkService.validTenant(tenantId);
            } catch (Throwable th) {
                ServletUtils.writeJSON(httpServletResponse, this.globalExceptionHandler.allExceptionHandler(httpServletRequest, th));
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean isIgnoreUrl(HttpServletRequest httpServletRequest) {
        if (CollUtil.contains(this.tenantProperties.getIgnoreUrls(), httpServletRequest.getRequestURI())) {
            return true;
        }
        Iterator<String> it = this.tenantProperties.getIgnoreUrls().iterator();
        while (it.hasNext()) {
            if (this.pathMatcher.match(it.next(), httpServletRequest.getRequestURI())) {
                return true;
            }
        }
        return false;
    }
}
