package cc.vihackerframework.core.auth.aspect;

import cc.vihackerframework.core.annotation.auth.PreAuth;
import cc.vihackerframework.core.api.ResultCode;
import cc.vihackerframework.core.entity.CurrentUser;
import cc.vihackerframework.core.exception.Asserts;
import cc.vihackerframework.core.util.SecurityUtil;
import cc.vihackerframework.core.util.StringUtil;
import cn.hutool.core.bean.BeanUtil;
import jakarta.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.util.PatternMatchUtils;
import org.springframework.util.StringUtils;

@Aspect
/* loaded from: input_file:cc/vihackerframework/core/auth/aspect/PreAuthAspect.class */
public class PreAuthAspect {
    private static final Logger log = LoggerFactory.getLogger(PreAuthAspect.class);
    private ApplicationContext ac;
    private final HttpServletRequest request;

    public PreAuthAspect(HttpServletRequest httpServletRequest) {
        this.request = httpServletRequest;
    }

    @Around("@annotation(cc.vihackerframework.core.annotation.auth.PreAuth)")
    public Object preAuth(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        hasAuth(proceedingJoinPoint);
        return proceedingJoinPoint.proceed();
    }

    private void hasAuth(ProceedingJoinPoint proceedingJoinPoint) {
        if (!((Boolean) this.ac.getEnvironment().getProperty("vihacker.security.enabled", Boolean.class, false)).booleanValue()) {
            log.debug("全局校验权限已经关闭");
            return;
        }
        Method method = proceedingJoinPoint.getSignature().getMethod();
        PreAuth preAuth = null;
        if (proceedingJoinPoint.getSignature() instanceof MethodSignature) {
            method = proceedingJoinPoint.getSignature().getMethod();
            if (method != null) {
                preAuth = (PreAuth) method.getAnnotation(PreAuth.class);
            }
        }
        String name = method != null ? method.getName() : "";
        PreAuth annotation = proceedingJoinPoint.getTarget().getClass().getAnnotation(PreAuth.class);
        if (preAuth == null && annotation == null) {
            log.debug("执行方法[{}]无需校验权限", name);
            return;
        }
        if (preAuth != null && !preAuth.enabled()) {
            log.debug("执行方法[{}]无需校验权限", name);
            return;
        }
        if (annotation != null && !annotation.enabled()) {
            log.debug("执行方法[{}]无需校验权限", name);
            return;
        }
        if (!hasAuthority(preAuth.hasAuthority())) {
            Asserts.fail(ResultCode.FORBIDDEN.build("执行方法[%s]需要[%s]权限", new Object[]{name, preAuth.hasAuthority()}));
        }
        if (hasRole(preAuth.hasRole())) {
            return;
        }
        Asserts.fail(ResultCode.FORBIDDEN.build("执行方法[%s]需要[%s]角色", new Object[]{name, preAuth.hasRole()}));
    }

    private boolean hasRole(String str) {
        CurrentUser currentUser = SecurityUtil.getCurrentUser(this.request);
        return BeanUtil.isEmpty(currentUser, new String[0]) || StringUtil.isBlank(str) || currentUser.getAccount().equalsIgnoreCase("admin") || StringUtil.equalsIgnoreCase(currentUser.getRoleCode(), str);
    }

    private boolean hasAuthority(String str) {
        CurrentUser currentUser = SecurityUtil.getCurrentUser(this.request);
        if (BeanUtil.isEmpty(currentUser, new String[0]) || StringUtil.isBlank(str) || currentUser.getAccount().equalsIgnoreCase("admin")) {
            return true;
        }
        return AuthorityUtils.authorityListToSet(currentUser.getAuthorities()).stream().filter(StringUtils::hasText).anyMatch(str2 -> {
            return PatternMatchUtils.simpleMatch(str, str2);
        });
    }
}
