package com.feingto.cloud.core.aspectj;

import com.feingto.cloud.core.annotation.HasAuthorize;
import com.feingto.cloud.core.annotation.HasRole;
import com.feingto.cloud.security.SecurityUtils;
import java.util.Optional;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Component;

@Aspect
@ConditionalOnClass(name = {"org.aspectj.lang.annotation.Aspect", "org.springframework.context.annotation.EnableAspectJAutoProxy"})
@ConditionalOnProperty({"security.oauth2.client.client-id"})
@Component
/* loaded from: input_file:com/feingto/cloud/core/aspectj/AuthorizeAspectj.class */
public class AuthorizeAspectj {
    @Pointcut("@annotation(com.feingto.cloud.core.annotation.HasAuthorize)")
    public void authAspect() {
    }

    @Pointcut("@annotation(com.feingto.cloud.core.annotation.HasRole)")
    public void roleAspect() {
    }

    @Around("authAspect()")
    public Object doPermissionsAround(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        Optional.ofNullable(proceedingJoinPoint.getSignature().getMethod().getAnnotation(HasAuthorize.class)).filter(hasAuthorize -> {
            return SecurityUtils.hasSystemAuthorize(hasAuthorize.logical(), hasAuthorize.value());
        }).orElseThrow(() -> {
            return new AccessDeniedException("Unauthorized");
        });
        return proceedingJoinPoint.proceed();
    }

    @Around("roleAspect()")
    public Object doRolesAround(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        Optional.ofNullable(proceedingJoinPoint.getSignature().getMethod().getAnnotation(HasRole.class)).filter(hasRole -> {
            return SecurityUtils.hasSystemRole(hasRole.logical(), hasRole.value());
        }).orElseThrow(() -> {
            return new AccessDeniedException("Unauthorized");
        });
        return proceedingJoinPoint.proceed();
    }
}
