package com.feingto.cloud.gateway.filters.pre;

import com.feingto.cloud.core.http.client.HttpResult;
import com.feingto.cloud.core.json.JSON;
import com.feingto.cloud.dto.oauth.ClientDetailApiDTO;
import com.feingto.cloud.gateway.filters.support.GwFilterConstants;
import com.feingto.cloud.gateway.filters.support.RequestHelper;
import com.feingto.cloud.gateway.store.domain.Api;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.jwt.JwtHelper;
import org.springframework.security.oauth2.common.util.JsonParser;
import org.springframework.security.oauth2.common.util.JsonParserFactory;

/* loaded from: input_file:com/feingto/cloud/gateway/filters/pre/OAuthAccessFilter.class */
public class OAuthAccessFilter extends ZuulFilter {
    private static final Logger log = LoggerFactory.getLogger(OAuthAccessFilter.class);
    private final JsonParser objectMapper = JsonParserFactory.create();
    private final RequestHelper helper = new RequestHelper();

    public String filterType() {
        return "pre";
    }

    public int filterOrder() {
        return 11;
    }

    public boolean shouldFilter() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        return currentContext.getThrowable() == null && currentContext.containsKey(GwFilterConstants.API_KEY) && !"Debug".equalsIgnoreCase((String) currentContext.get("X-Ca-Debug")) && !"Mock".equalsIgnoreCase((String) currentContext.get("X-Ca-Debug"));
    }

    public Object run() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        log.info("OAuth filter >>> {} >>> {}", request.getMethod(), request.getRequestURL());
        Api api = (Api) currentContext.get(GwFilterConstants.API_KEY);
        currentContext.set(GwFilterConstants.AUTHORITY_ACCESS_HEADER, Boolean.TRUE);
        String str = (String) currentContext.get(GwFilterConstants.ACCESS_TOKEN_HEADER);
        if (str == null && api.isAuthorized()) {
            accessDenied();
            return null;
        }
        if (str == null) {
            return null;
        }
        Map parseMap = this.objectMapper.parseMap(JwtHelper.decode(str).getClaims());
        log.debug("JWT access_token: {}, deserialize claims: {}", str, JSON.build().obj2json(parseMap));
        if (parseMap.containsKey("client_id")) {
            currentContext.set(GwFilterConstants.AUTHORITY_CLIENT_ID_HEADER, parseMap.get("client_id"));
        }
        if (parseMap.containsKey("users")) {
            currentContext.set(GwFilterConstants.AUTHORITY_CLIENT_USERS_HEADER, parseMap.get("users"));
        }
        if (!parseMap.containsKey("apiIds")) {
            return null;
        }
        List object2list = JSON.build().object2list(parseMap.get("apiIds"), ClientDetailApiDTO.class);
        currentContext.set(GwFilterConstants.AUTHORITY_CLIENT_APIS_HEADER, object2list);
        if (!api.isAuthorized() || !object2list.stream().noneMatch(clientDetailApiDTO -> {
            return clientDetailApiDTO.getApiId().equals(api.getSn()) && clientDetailApiDTO.getStage().equals(api.getStage());
        })) {
            return null;
        }
        accessDenied();
        return null;
    }

    private void accessDenied() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        log.debug("{} >>> {} >>> {}", new Object[]{request.getMethod(), request.getRequestURL(), "Access Denied."});
        currentContext.set(GwFilterConstants.AUTHORITY_ACCESS_HEADER, Boolean.FALSE);
        try {
            this.helper.setResponse(HttpResult.unAuthrized());
        } catch (Throwable th) {
            log.error(th.getMessage(), th);
            this.helper.setErrorResponse(th);
        }
    }
}
