package cn.sparrowmini.pem.service.impl;

import cn.sparrowmini.common.CurrentUser;
import cn.sparrowmini.pem.model.RequestAuditLog;
import cn.sparrowmini.pem.model.Scope;
import cn.sparrowmini.pem.model.relation.SysroleScope;
import cn.sparrowmini.pem.model.relation.UserScope;
import cn.sparrowmini.pem.model.relation.UserSysrole;
import cn.sparrowmini.pem.service.ScopePermission;
import cn.sparrowmini.pem.service.exception.NoPermissionException;
import cn.sparrowmini.pem.service.repository.RequestAuditLogRepository;
import cn.sparrowmini.pem.service.repository.ScopeRepository;
import cn.sparrowmini.pem.service.repository.SysroleScopeRepository;
import cn.sparrowmini.pem.service.repository.UserScopeRepository;
import cn.sparrowmini.pem.service.repository.UserSysroleRepository;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectWriter;
import javax.servlet.http.HttpServletRequest;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;

@Aspect
@Component
/* loaded from: input_file:cn/sparrowmini/pem/service/impl/ScopePermissionAspect.class */
public class ScopePermissionAspect {
    private static final Logger log = LoggerFactory.getLogger(ScopePermissionAspect.class);

    @Autowired
    private UserScopeRepository userScopeRepository;

    @Autowired
    private SysroleScopeRepository sysroleScopeRepository;

    @Autowired
    private UserSysroleRepository userSysroleRepository;

    @Autowired
    private ScopeRepository scopeRepository;

    @Autowired
    private RequestAuditLogRepository requestAuditLogRepository;

    @Around("@annotation(scopePermission)")
    public Object hasPermission(ProceedingJoinPoint proceedingJoinPoint, ScopePermission scopePermission) throws Throwable {
        HttpServletRequest request = RequestContextHolder.currentRequestAttributes().getRequest();
        log.debug("username {}, scope code: {}", CurrentUser.get(), scopePermission.scope());
        String name = SecurityContextHolder.getContext().getAuthentication().getName();
        ObjectWriter withoutAttribute = new ObjectMapper().writer().withoutAttribute("principal");
        System.out.println(request.getMethod());
        if (!request.getMethod().equals("GET")) {
            this.requestAuditLogRepository.save(new RequestAuditLog(getIpAddr(request), proceedingJoinPoint.toString(), withoutAttribute.writeValueAsString(proceedingJoinPoint.getArgs()), request.getRequestURI()));
        }
        if (name.equalsIgnoreCase("SUPER_SYSADMIN") || SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().equals("SUPER_SYSADMIN");
        })) {
            return proceedingJoinPoint.proceed();
        }
        Scope findByCode = this.scopeRepository.findByCode(scopePermission.scope());
        String id = findByCode != null ? findByCode.getId() : null;
        if (this.userScopeRepository.findById(new UserScope.UserScopePK(name, id)).orElse(null) != null) {
            return proceedingJoinPoint.proceed();
        }
        for (UserSysrole userSysrole : this.userSysroleRepository.findByIdUsername(name)) {
            if (!userSysrole.getSysrole().getCode().equals("SUPER_SYSADMIN") && this.sysroleScopeRepository.findById(new SysroleScope.SysroleScopePK(userSysrole.getId().getSysroleId(), id)).orElse(null) == null) {
            }
            return proceedingJoinPoint.proceed();
        }
        if (this.userScopeRepository.countByIdScopeId(id) > 0 || this.sysroleScopeRepository.countByIdScopeId(id) > 0) {
            throw new NoPermissionException(String.join("-", name, "没有权限", scopePermission.name(), scopePermission.scope()));
        }
        return proceedingJoinPoint.proceed();
    }

    private String getIpAddr(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("x - forwarded - for");
        if (header == null || header.length() == 0 || "unknown".equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("Proxy - Client - IP");
        }
        if (header == null || header.length() == 0 || "unknown".equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("WL - Proxy - Client - IP");
        }
        if (header == null || header.length() == 0 || "unknown".equalsIgnoreCase(header)) {
            header = httpServletRequest.getRemoteAddr();
        }
        return header;
    }
}
