package com.diboot.iam.annotation.process;

import com.diboot.core.util.S;
import com.diboot.core.util.V;
import com.diboot.iam.annotation.BindPermission;
import com.diboot.iam.config.Cons;
import com.diboot.iam.exception.PermissionException;
import com.diboot.iam.starter.IamBaseProperties;
import com.diboot.iam.util.AnnotationUtils;
import com.diboot.iam.util.IamSecurityUtils;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.servlet.HandlerMapping;

@Aspect
@Component
/* loaded from: input_file:com/diboot/iam/annotation/process/BindPermissionAspect.class */
public class BindPermissionAspect {
    private static final Logger log = LoggerFactory.getLogger(BindPermissionAspect.class);

    @Autowired
    private IamBaseProperties iamBaseProperties;

    @Pointcut("@annotation(com.diboot.iam.annotation.BindPermission)")
    public void pointCut() {
    }

    @Before("pointCut()")
    public void before(JoinPoint joinPoint) {
        if (!this.iamBaseProperties.isEnablePermissionCheck()) {
            log.debug("BindPermission权限检查已停用，如需启用请删除配置项: diboot.iam.enable-permission-check");
            return;
        }
        if (IamSecurityUtils.getSubject().hasRole(Cons.ROLE_SUPER_ADMIN)) {
            return;
        }
        HttpServletRequest request = RequestContextHolder.getRequestAttributes().getRequest();
        String permissionCode = ApiPermissionCache.getPermissionCode(request.getMethod(), formatUriMapping(request));
        if (permissionCode == null) {
            return;
        }
        if (permissionCode.endsWith(":" + ((BindPermission) AnnotationUtils.getAnnotation(joinPoint.getSignature().getMethod(), BindPermission.class)).code())) {
            try {
                IamSecurityUtils.getSubject().checkPermission(permissionCode);
            } catch (Exception e) {
                throw new PermissionException(e);
            }
        }
    }

    private String formatUriMapping(HttpServletRequest httpServletRequest) {
        String substringAfter = V.notEmpty(httpServletRequest.getContextPath()) && !httpServletRequest.getContextPath().equals("/") ? S.substringAfter(httpServletRequest.getRequestURI(), httpServletRequest.getContextPath()) : httpServletRequest.getRequestURI();
        Map map = (Map) httpServletRequest.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
        if (V.notEmpty(map)) {
            for (Map.Entry entry : map.entrySet()) {
                if (substringAfter.endsWith("/" + entry.getValue())) {
                    substringAfter = S.substringBeforeLast(substringAfter, "/" + entry.getValue()) + "/{" + ((String) entry.getKey()) + "}";
                } else if (substringAfter.contains("/" + entry.getValue() + "/")) {
                    substringAfter = S.replace(substringAfter, "/" + entry.getValue() + "/", "/{" + ((String) entry.getKey()) + "}/");
                }
            }
        }
        return substringAfter;
    }
}
