package com.feingto.cloud.gateway.filters.pre;

import com.feingto.cloud.domain.api.BaseApi;
import com.feingto.cloud.domain.oauth2.ClientDetail;
import com.feingto.cloud.gateway.filters.support.GwFilterConstants;
import com.feingto.cloud.gateway.filters.support.RequestHelper;
import com.feingto.cloud.security.SecurityUtils;
import com.feingto.cloud.security.oauth2.common.exceptions.CustomOAuth2Exception;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor;
import org.springframework.security.oauth2.provider.authentication.TokenExtractor;

/* loaded from: input_file:com/feingto/cloud/gateway/filters/pre/JwtAuthenticationFilter.class */
public class JwtAuthenticationFilter extends ZuulFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
    private static final TokenExtractor tokenExtractor = new BearerTokenExtractor();
    private final RequestHelper helper;

    public JwtAuthenticationFilter(RequestHelper requestHelper) {
        this.helper = requestHelper;
    }

    public String filterType() {
        return "pre";
    }

    public int filterOrder() {
        return 11;
    }

    public boolean shouldFilter() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        return Objects.isNull(currentContext.getThrowable()) && currentContext.containsKey(GwFilterConstants.API_KEY);
    }

    public Object run() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        log.debug("OAuth filter >>> {} >>> {}", request.getMethod(), request.getRequestURL());
        BaseApi baseApi = (BaseApi) currentContext.get(GwFilterConstants.API_KEY);
        Authentication extract = tokenExtractor.extract(request);
        if (!Objects.nonNull(extract)) {
            failedAuthentication(currentContext, baseApi, CustomOAuth2Exception.ErrorType.UNAUTHORIZED);
            return null;
        }
        try {
            String str = (String) extract.getPrincipal();
            Map parseToken = SecurityUtils.parseToken(str);
            String str2 = (String) parseToken.get("client_id");
            List<String> list = (List) (parseToken.containsKey("user_name") ? SecurityUtils.getAuthoritiesFromClient(str2) : SecurityUtils.getAuthoritiesFromClaims(parseToken)).stream().map(str3 -> {
                return (String) ClientDetail.eliminateAuthority.apply(str3);
            }).collect(Collectors.toList());
            log.debug(">>>>>> client_id: {}, authorities: {}", str2, list);
            currentContext.set("access_token".toUpperCase(), str);
            currentContext.set("client_id", str2);
            currentContext.set("authorities", list);
            if (baseApi.isAuthorized()) {
                filterApiAuth(currentContext, list, baseApi.getStage() + ":" + baseApi.getSn());
            }
            return null;
        } catch (CustomOAuth2Exception e) {
            failedAuthentication(currentContext, baseApi, CustomOAuth2Exception.ErrorType.INVALID_TOKEN);
            return null;
        }
    }

    private void filterApiAuth(RequestContext requestContext, List<String> list, String str) {
        log.debug(">>>>>> API permission check >>> {}", str);
        Optional.of(list).filter(list2 -> {
            return list2.stream().anyMatch(str2 -> {
                return str2.equals(str);
            });
        }).orElseGet(() -> {
            this.helper.setResponseOAuth2Exception(requestContext, CustomOAuth2Exception.ErrorType.ACCESS_DENIED);
            return null;
        });
    }

    private void failedAuthentication(RequestContext requestContext, BaseApi baseApi, CustomOAuth2Exception.ErrorType errorType) {
        if (baseApi.isAuthorized()) {
            this.helper.setResponseOAuth2Exception(requestContext, errorType);
        }
    }
}
