package cn.weforward.framework.ext;

import cn.weforward.common.util.AntPathPattern;
import cn.weforward.common.util.StringUtil;
import cn.weforward.framework.ApiException;
import cn.weforward.framework.Authorizer;
import cn.weforward.framework.WeforwardSession;
import cn.weforward.framework.util.RequestUtil;
import cn.weforward.protocol.Request;
import cn.weforward.protocol.ops.Right;
import cn.weforward.protocol.ops.User;
import cn.weforward.protocol.ops.UserService;
import cn.weforward.protocol.support.NamingConverter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/weforward/framework/ext/UserAuthorizer.class */
public class UserAuthorizer implements Authorizer {
    private static final Logger _Logger = LoggerFactory.getLogger(UserAuthorizer.class);
    protected UserService m_UserService;
    protected List<String> m_IgnoreUris;
    protected List<String> m_IgnoreCheckRightUris;
    protected int m_Options;
    protected int m_DefaultRightRule = 128;

    public void setDefaultRightRule(String str) {
        if ("allow".equalsIgnoreCase(str)) {
            this.m_DefaultRightRule = 1;
        } else if ("disallow".equalsIgnoreCase(str)) {
            this.m_DefaultRightRule = 128;
        } else {
            this.m_DefaultRightRule = 0;
        }
    }

    public void setUserService(UserService userService) {
        this.m_UserService = userService;
    }

    public void setIgnoreUris(List<String> list) {
        if (list == null) {
            this.m_IgnoreUris = Collections.emptyList();
        } else {
            this.m_IgnoreUris = new ArrayList(list);
            Collections.sort(this.m_IgnoreUris, new Comparator<String>() { // from class: cn.weforward.framework.ext.UserAuthorizer.1
                @Override // java.util.Comparator
                public int compare(String str, String str2) {
                    return str.compareToIgnoreCase(str2);
                }
            });
        }
    }

    public void setIgnoreCheckRightUris(List<String> list) {
        if (list == null) {
            this.m_IgnoreCheckRightUris = Collections.emptyList();
        } else {
            this.m_IgnoreCheckRightUris = new ArrayList(list);
            Collections.sort(this.m_IgnoreCheckRightUris, new Comparator<String>() { // from class: cn.weforward.framework.ext.UserAuthorizer.2
                @Override // java.util.Comparator
                public int compare(String str, String str2) {
                    return str.compareToIgnoreCase(str2);
                }
            });
        }
    }

    @Override // cn.weforward.framework.Authorizer
    public void auth(Request request) throws ApiException {
        String method = RequestUtil.getMethod(request);
        if (StringUtil.isEmpty(method)) {
            throw new ApiException(ApiException.CODE_METHOD_NOT_EXISTS, "方法名为空");
        }
        User userByAccess = this.m_UserService.getUserByAccess(request.getAccess().getAccessId());
        WeforwardSession session = WeforwardSession.TLS.getSession();
        if (session != null && userByAccess != null) {
            session.bindOperator(userByAccess);
        }
        if (match(this.m_IgnoreUris, method) != null) {
            return;
        }
        if (userByAccess == null) {
            throw ApiException.NO_LOGIN;
        }
        if (match(this.m_IgnoreCheckRightUris, method) == null && !checkRight(userByAccess, method)) {
            _Logger.error("验证失败:" + method + "," + userByAccess.getName() + "," + userByAccess.getRights());
            throw ApiException.AUTH_FAILED;
        }
    }

    private static String match(List<String> list, String str) {
        if (list == null) {
            return null;
        }
        for (String str2 : list) {
            if (!StringUtil.isEmpty(str2) && match(str2, str)) {
                return str2;
            }
        }
        return null;
    }

    private static boolean match(Right right, String str) {
        return match(NamingConverter.camelToWf(right.getUriPattern()), str);
    }

    private static boolean match(String str, String str2) {
        return AntPathPattern.match(str, str2);
    }

    protected boolean checkRight(User user, String str) {
        Right right = null;
        for (Right right2 : getRight(user)) {
            if (match(right2, str)) {
                right = right2;
                if (right2.getRule() == 128) {
                    break;
                }
            }
        }
        if (right == null) {
            return false;
        }
        if (1 == right.getRule()) {
            return true;
        }
        return 128 != right.getRule() && this.m_DefaultRightRule == 1;
    }

    private List<Right> getRight(User user) {
        return user.getRights();
    }
}
