package com.gomyck.config.local.security.jwt;

import com.alibaba.fastjson.JSONObject;
import com.gomyck.config.local.common.constant.CKConstants;
import com.gomyck.config.local.profile.SecurityProfile;
import com.gomyck.config.local.security.jwt.session.CkSessionManager;
import com.gomyck.config.local.security.user.SecurityUserInfo;
import com.gomyck.util.CookieUtils;
import com.gomyck.util.R;
import com.gomyck.util.ResponseWriter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
/* loaded from: input_file:com/gomyck/config/local/security/jwt/JwtAuthenticationTokenFilter.class */
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationTokenFilter.class);

    @Autowired
    SecurityProfile securityProfile;

    @Autowired
    private JwtTokenUtils jwtTokenUtils;

    @Autowired
    private CkSessionManager userRepository;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException, IOException {
        String token = this.jwtTokenUtils.getToken(httpServletRequest);
        if (!StringUtils.isEmpty(token)) {
            String usernameFromToken = this.jwtTokenUtils.getUsernameFromToken(token);
            logger.debug("checking authentication {}", usernameFromToken);
            if (usernameFromToken != null && SecurityContextHolder.getContext().getAuthentication() == null) {
                SecurityUserInfo findByUserName = this.userRepository.findByUserName(usernameFromToken);
                if (this.jwtTokenUtils.validateToken(token, findByUserName).booleanValue()) {
                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(findByUserName, (Object) null, findByUserName.getAuthorities());
                    usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                    logger.debug("authenticated user {}, setting security context", usernameFromToken);
                    SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                } else {
                    boolean z = false;
                    for (String str : this.securityProfile.getAllowUrlPattern()) {
                        logger.debug("checking authentication {}", str);
                        logger.debug("checking authentication {}", httpServletRequest.getRequestURI());
                        if (httpServletRequest.getRequestURI().contains(str)) {
                            z = true;
                        }
                    }
                    if (!canRedirectRequest(httpServletRequest) && !httpServletRequest.getRequestURI().contains(this.securityProfile.getLoginReqUri()) && !z) {
                        authFail(httpServletResponse, true);
                        return;
                    }
                }
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public static void authFail(HttpServletResponse httpServletResponse, boolean z) {
        if (!z) {
            ResponseWriter.write(JSONObject.toJSONString(R.error(901, "无权访问")));
        } else {
            ResponseWriter.write(JSONObject.toJSONString(R.error(905, "认证失败")));
            CookieUtils.addCookie(httpServletResponse, CKConstants.Security.GET_TOKEN_KEY, "", 0);
        }
    }

    public static boolean canRedirectRequest(HttpServletRequest httpServletRequest) {
        return !"POST".equalsIgnoreCase(httpServletRequest.getMethod());
    }
}
