package com.luter.heimdall.boot.web.interceptor;

import com.luter.heimdall.core.annotation.RequiresPermission;
import com.luter.heimdall.core.annotation.RequiresPermissions;
import com.luter.heimdall.core.annotation.RequiresRole;
import com.luter.heimdall.core.annotation.RequiresRoles;
import com.luter.heimdall.core.annotation.RequiresUser;
import com.luter.heimdall.core.config.ConfigManager;
import com.luter.heimdall.core.config.HeimdallProperties;
import com.luter.heimdall.core.fuction.AbcVoidFunction;
import com.luter.heimdall.core.manager.AuthorizationManager;
import com.luter.heimdall.core.token.SimpleToken;
import com.luter.heimdall.core.utils.PathUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:com/luter/heimdall/boot/web/interceptor/HeimdallAuthorizeInterceptor.class */
public class HeimdallAuthorizeInterceptor implements HandlerInterceptor {
    private static final transient Logger log = LoggerFactory.getLogger(HeimdallAuthorizeInterceptor.class);
    private static final PathUtil PATH_UTIL = new PathUtil();
    public static final String[] DEFAULT_STATIC_RESOURCE = {"/static/**", "/images/**", "/css/**", "/js/**", "/favicon*", "/error"};
    private AuthorizationManager authorizationManager;
    AbcVoidFunction<HttpServletRequest, HttpServletResponse, SimpleToken> success;
    AbcVoidFunction<HttpServletRequest, HttpServletResponse, Throwable> error;

    public HeimdallAuthorizeInterceptor(AuthorizationManager authorizationManager) {
        this.authorizationManager = authorizationManager;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        String method = httpServletRequest.getMethod();
        String requestURI = httpServletRequest.getRequestURI();
        if (method.equalsIgnoreCase(HttpMethod.OPTIONS.name())) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        String anyAnnotationsName = getAnyAnnotationsName(handlerMethod);
        if (null != anyAnnotationsName) {
            log.info("[HeimdallAuthorizeInterceptor::preHandle]::Annotation: [@{}] is detected with method:[{}], and the path based authorization function will be ignored.Annotation=[{}] authorization will be activated.", new Object[]{anyAnnotationsName, handlerMethod.getMethod(), anyAnnotationsName});
            return true;
        }
        HeimdallProperties config = ConfigManager.getConfig();
        if (!config.getAuthority().isEnabled()) {
            log.warn("[HeimdallAuthorizeInterceptor::preHandle]::  Attention: The authorization interceptor was disabled ");
            return true;
        }
        boolean z = PATH_UTIL.isMatch(config.getAuthority().getIncludes(), requestURI) && !PATH_UTIL.isMatch(config.getAuthority().getExcludes(), requestURI);
        log.debug("[HeimdallAuthorizeInterceptor::preHandle]::method = [{}], uri = [{}], matched = [{}]", new Object[]{method, requestURI, Boolean.valueOf(z)});
        if (!z) {
            return true;
        }
        log.info("[HeimdallAuthorizeInterceptor::preHandle]::Authorization rules were matched . resource = [{}:{}]", method, requestURI);
        try {
            SimpleToken currentToken = this.authorizationManager.getAuthenticationManager().getCurrentToken(true);
            this.authorizationManager.isAuthorized(currentToken.getDetails(), method, requestURI, true);
            log.debug("[HeimdallAuthorizeInterceptor::preHandle]:: Access permitted. resource = [{}:{}], user = [{}]", new Object[]{method, requestURI, currentToken.getDetails()});
            if (null != this.success) {
                this.success.accept(httpServletRequest, httpServletResponse, currentToken);
            }
            return true;
        } catch (Throwable th) {
            log.debug("[HeimdallAuthorizeInterceptor::preHandle]:: Remove all data from ThreadLocal of AuthSecurityUtil when authorization exception occurs");
            log.warn("[HeimdallAuthorizeInterceptor::preHandle]:: Access Denied. resource = [{}:{}],error = {}", new Object[]{method, requestURI, th.getMessage()});
            if (null == this.error) {
                throw th;
            }
            this.error.accept(httpServletRequest, httpServletResponse, th);
            return true;
        }
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) {
        log.debug("[postHandle]::request [{}:{}]", httpServletRequest.getMethod(), httpServletRequest.getRequestURI());
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) {
        log.debug("[afterCompletion]::request [{}:{}]", httpServletRequest.getMethod(), httpServletRequest.getRequestURI());
    }

    private static String getAnyAnnotationsName(HandlerMethod handlerMethod) {
        if (!handlerMethod.hasMethodAnnotation(RequiresUser.class) && !handlerMethod.hasMethodAnnotation(RequiresRole.class)) {
            if (handlerMethod.hasMethodAnnotation(RequiresRoles.class)) {
                return RequiresRoles.class.getSimpleName();
            }
            if (handlerMethod.hasMethodAnnotation(RequiresPermission.class)) {
                return RequiresPermission.class.getSimpleName();
            }
            if (handlerMethod.hasMethodAnnotation(RequiresPermissions.class)) {
                return RequiresPermissions.class.getSimpleName();
            }
            return null;
        }
        return RequiresRole.class.getSimpleName();
    }

    private static boolean isAnyAnnotationsExist(HandlerMethod handlerMethod) {
        return handlerMethod.hasMethodAnnotation(RequiresUser.class) || handlerMethod.hasMethodAnnotation(RequiresRole.class) || handlerMethod.hasMethodAnnotation(RequiresRoles.class) || handlerMethod.hasMethodAnnotation(RequiresPermission.class) || handlerMethod.hasMethodAnnotation(RequiresPermissions.class);
    }

    public AuthorizationManager getAuthorizationManager() {
        return this.authorizationManager;
    }

    public HeimdallAuthorizeInterceptor setAuthorizationManager(AuthorizationManager authorizationManager) {
        this.authorizationManager = authorizationManager;
        return this;
    }

    public HeimdallAuthorizeInterceptor onSuccess(AbcVoidFunction<HttpServletRequest, HttpServletResponse, SimpleToken> abcVoidFunction) {
        this.success = abcVoidFunction;
        return this;
    }

    public HeimdallAuthorizeInterceptor onError(AbcVoidFunction<HttpServletRequest, HttpServletResponse, Throwable> abcVoidFunction) {
        this.error = abcVoidFunction;
        return this;
    }
}
