package ms.dew.core.web.interceptor;

import com.ecfront.dew.common.$;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.message.AuthException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import ms.dew.Dew;
import ms.dew.core.DewContext;
import ms.dew.core.auth.dto.OptInfo;
import ms.dew.core.web.error.ErrorController;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:ms/dew/core/web/interceptor/BasicHandlerInterceptor.class */
public class BasicHandlerInterceptor extends HandlerInterceptorAdapter {
    private static final Logger logger = LoggerFactory.getLogger(BasicHandlerInterceptor.class);
    private AntPathMatcher pathMatcher = new AntPathMatcher();

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String parameter;
        String parameter2;
        httpServletResponse.addHeader("Access-Control-Allow-Origin", Dew.dewConfig.getSecurity().getCors().getAllowOrigin());
        httpServletResponse.addHeader("Access-Control-Allow-Methods", Dew.dewConfig.getSecurity().getCors().getAllowMethods());
        httpServletResponse.addHeader("Access-Control-Allow-Headers", Dew.dewConfig.getSecurity().getCors().getAllowHeaders());
        httpServletResponse.addHeader("Access-Control-Max-Age", "3600000");
        httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-store");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
        if (httpServletRequest.getMethod().equalsIgnoreCase("OPTIONS") || httpServletRequest.getMethod().equalsIgnoreCase("HEAD")) {
            return super.preHandle(httpServletRequest, httpServletResponse, obj);
        }
        if (Dew.dewConfig.getSecurity().isTokenInHeader()) {
            parameter = httpServletRequest.getHeader(Dew.dewConfig.getSecurity().getTokenFlag());
            parameter2 = httpServletRequest.getHeader(Dew.dewConfig.getSecurity().getTokenKindFlag());
        } else {
            parameter = httpServletRequest.getParameter(Dew.dewConfig.getSecurity().getTokenFlag());
            parameter2 = httpServletRequest.getParameter(Dew.dewConfig.getSecurity().getTokenKindFlag());
        }
        if (parameter != null) {
            parameter = URLDecoder.decode(parameter, "UTF-8");
            if (Dew.dewConfig.getSecurity().isTokenHash()) {
                parameter = $.security.digest.digest(parameter, "MD5");
            }
        }
        if (parameter2 == null) {
            parameter2 = OptInfo.DEFAULT_TOKEN_KIND_FLAG;
        }
        if (Dew.dewConfig.getSecurity().getRouter().isEnabled() && blackRequest(httpServletRequest.getMethod(), httpServletRequest.getRequestURI())) {
            ErrorController.error(httpServletRequest, httpServletResponse, 403, String.format("The current[%S][%s] request is not allowed", httpServletRequest.getRequestURI(), httpServletRequest.getMethod()), AuthException.class.getName());
            return false;
        }
        DewContext dewContext = new DewContext();
        dewContext.setId($.field.createUUID());
        dewContext.setSourceIP(Dew.Util.getRealIP(httpServletRequest));
        dewContext.setRequestUri(httpServletRequest.getRequestURI());
        dewContext.setToken(parameter);
        dewContext.setTokenKind(parameter2);
        DewContext.setContext(dewContext);
        Logger logger2 = logger;
        Object[] objArr = new Object[4];
        objArr[0] = httpServletRequest.getMethod();
        objArr[1] = httpServletRequest.getRequestURI();
        objArr[2] = httpServletRequest.getQueryString() == null ? "" : "?" + httpServletRequest.getQueryString();
        objArr[3] = Dew.context().getSourceIP();
        logger2.trace("[{}] {}{} from {}", objArr);
        return super.preHandle(httpServletRequest, httpServletResponse, obj);
    }

    private boolean blackRequest(String str, String str2) {
        String replaceAll = str2.replaceAll("/+$", "");
        String lowerCase = str.toLowerCase();
        if (lowerCase.equalsIgnoreCase(HttpMethod.OPTIONS.name())) {
            return false;
        }
        List<String> orDefault = Dew.dewConfig.getSecurity().getRouter().getBlackUri().getOrDefault(lowerCase, new ArrayList());
        if (logger.isDebugEnabled()) {
            logger.debug("the black apis are {}", $.json.toJsonString(orDefault));
        }
        return orDefault.stream().anyMatch(str3 -> {
            return this.pathMatcher.match(str3, replaceAll);
        });
    }
}
