package org.aoju.bus.goalie.filter;

import java.net.InetSocketAddress;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import org.aoju.bus.base.consts.ErrorCode;
import org.aoju.bus.base.entity.OAuth2;
import org.aoju.bus.core.exception.BusinessException;
import org.aoju.bus.core.toolkit.BeanKit;
import org.aoju.bus.core.toolkit.CollKit;
import org.aoju.bus.core.toolkit.StringKit;
import org.aoju.bus.goalie.Assets;
import org.aoju.bus.goalie.Config;
import org.aoju.bus.goalie.Context;
import org.aoju.bus.goalie.metric.Authorize;
import org.aoju.bus.goalie.metric.Delegate;
import org.aoju.bus.goalie.metric.Token;
import org.aoju.bus.goalie.registry.AssetsRegistry;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

@Order(-2147483646)
/* loaded from: input_file:org/aoju/bus/goalie/filter/AuthorizeFilter.class */
public class AuthorizeFilter implements WebFilter {
    private final Authorize authorize;
    private final AssetsRegistry registry;

    public AuthorizeFilter(Authorize authorize, AssetsRegistry assetsRegistry) {
        this.authorize = authorize;
        this.registry = assetsRegistry;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        Context context = Context.get(serverWebExchange);
        Map<String, String> requestMap = context.getRequestMap();
        context.setFormat(Context.Format.valueOf(requestMap.get(Config.FORMAT)));
        context.setChannel(Context.Channel.getChannel(requestMap.get(Config.X_REMOTE_CHANNEL)));
        context.setToken(serverWebExchange.getRequest().getHeaders().getFirst(Config.X_ACCESS_TOKEN));
        Assets assets = this.registry.getAssets(requestMap.get(Config.METHOD), requestMap.get(Config.VERSION));
        if (null == assets) {
            return Mono.error(new BusinessException(ErrorCode.EM_100500));
        }
        checkMethod(serverWebExchange.getRequest(), assets);
        checkTokenIfNecessary(context, assets, requestMap);
        fillXParam(serverWebExchange, requestMap);
        cleanParam(requestMap);
        context.setAssets(assets);
        return webFilterChain.filter(serverWebExchange);
    }

    private void checkMethod(ServerHttpRequest serverHttpRequest, Assets assets) {
        if (Objects.equals(serverHttpRequest.getMethod(), assets.getHttpMethod())) {
            return;
        }
        if (Objects.equals(assets.getHttpMethod(), HttpMethod.GET)) {
            throw new BusinessException(ErrorCode.EM_100200);
        }
        if (!Objects.equals(assets.getHttpMethod(), HttpMethod.POST)) {
            throw new BusinessException(ErrorCode.EM_100508);
        }
        throw new BusinessException(ErrorCode.EM_100201);
    }

    private void checkTokenIfNecessary(Context context, Assets assets, Map<String, String> map) {
        if (assets.isToken()) {
            if (StringKit.isBlank((CharSequence) context.getToken())) {
                throw new BusinessException(ErrorCode.EM_100106);
            }
            Delegate authorize = this.authorize.authorize(new Token(context.getToken(), context.getChannel().getTokenType().intValue()));
            if (!authorize.isOk()) {
                throw new BusinessException(authorize.getMessage().errcode, authorize.getMessage().errmsg);
            }
            OAuth2 oAuth2 = authorize.getOAuth2();
            if (!apiPermissions(oAuth2, assets)) {
                throw new BusinessException(ErrorCode.EM_100500, "没有权限");
            }
            BeanKit.beanToMap((Object) oAuth2, false, true).forEach((str, obj) -> {
                map.put(str, obj.toString());
            });
        }
    }

    private void cleanParam(Map<String, String> map) {
        map.remove(Config.METHOD);
        map.remove(Config.FORMAT);
        map.remove(Config.VERSION);
        map.remove(Config.SIGN);
    }

    private void fillXParam(ServerWebExchange serverWebExchange, Map<String, String> map) {
        InetSocketAddress remoteAddress;
        String first = serverWebExchange.getRequest().getHeaders().getFirst("x_remote_ip");
        if (StringKit.isBlank((CharSequence) first) && null != (remoteAddress = serverWebExchange.getRequest().getRemoteAddress())) {
            first = remoteAddress.getAddress().getHostAddress();
        }
        map.put("x_remote_ip", first);
    }

    private boolean apiPermissions(OAuth2 oAuth2, Assets assets) {
        if (CollKit.isEmpty((Collection<?>) assets.getRoleIds()) || StringKit.isEmpty(oAuth2.getX_role_id())) {
            return false;
        }
        boolean z = false;
        Iterator<String> it = assets.getRoleIds().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (oAuth2.getX_role_id().contains(it.next())) {
                z = true;
                break;
            }
        }
        return z;
    }
}
