package org.miaixz.bus.goalie.filter;

import java.net.InetSocketAddress;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.miaixz.bus.core.basic.entity.OAuth2;
import org.miaixz.bus.core.basic.normal.ErrorCode;
import org.miaixz.bus.core.bean.copier.CopyOptions;
import org.miaixz.bus.core.lang.exception.BusinessException;
import org.miaixz.bus.core.xyz.BeanKit;
import org.miaixz.bus.core.xyz.StringKit;
import org.miaixz.bus.goalie.Assets;
import org.miaixz.bus.goalie.Config;
import org.miaixz.bus.goalie.Context;
import org.miaixz.bus.goalie.metric.Authorize;
import org.miaixz.bus.goalie.metric.Delegate;
import org.miaixz.bus.goalie.metric.Token;
import org.miaixz.bus.goalie.registry.AssetsRegistry;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

@Order(-2147483646)
/* loaded from: input_file:org/miaixz/bus/goalie/filter/AuthorizeFilter.class */
public class AuthorizeFilter implements WebFilter {
    private final Authorize authorize;
    private final AssetsRegistry registry;

    public AuthorizeFilter(Authorize authorize, AssetsRegistry assetsRegistry) {
        this.authorize = authorize;
        this.registry = assetsRegistry;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        Context context = Context.get(serverWebExchange);
        Map<String, String> requestMap = context.getRequestMap();
        context.setFormat(Context.Format.valueOf(requestMap.get(Config.FORMAT)));
        context.setChannel(Context.Channel.getChannel(requestMap.get(Config.X_REMOTE_CHANNEL)));
        context.setToken(serverWebExchange.getRequest().getHeaders().getFirst(Config.X_ACCESS_TOKEN));
        Assets assets = this.registry.getAssets(requestMap.get(Config.METHOD), requestMap.get(Config.VERSION));
        if (null == assets) {
            return Mono.error(new BusinessException(ErrorCode.EM_100500));
        }
        checkMethod(serverWebExchange.getRequest(), assets);
        checkTokenIfNecessary(context, assets, requestMap);
        checkAppId(assets, requestMap);
        fillXParam(serverWebExchange, requestMap);
        cleanParam(requestMap);
        context.setAssets(assets);
        return webFilterChain.filter(serverWebExchange);
    }

    private void checkMethod(ServerHttpRequest serverHttpRequest, Assets assets) {
        if (Objects.equals(serverHttpRequest.getMethod(), assets.getHttpMethod())) {
            return;
        }
        if (Objects.equals(assets.getHttpMethod(), HttpMethod.GET)) {
            throw new BusinessException(ErrorCode.EM_100200);
        }
        if (!Objects.equals(assets.getHttpMethod(), HttpMethod.POST)) {
            throw new BusinessException(ErrorCode.EM_100508);
        }
        throw new BusinessException(ErrorCode.EM_100201);
    }

    private void checkTokenIfNecessary(Context context, Assets assets, Map<String, String> map) {
        if (assets.isToken()) {
            if (StringKit.isBlank(context.getToken())) {
                throw new BusinessException(ErrorCode.EM_100106);
            }
            Delegate authorize = this.authorize.authorize(new Token(context.getToken(), context.getChannel().getTokenType().intValue(), assets));
            if (!authorize.isOk()) {
                throw new BusinessException(authorize.getMessage().errcode, authorize.getMessage().errmsg);
            }
            OAuth2 oAuth2 = authorize.getOAuth2();
            HashMap hashMap = new HashMap();
            BeanKit.beanToMap(oAuth2, hashMap, CopyOptions.of().setTransientSupport(false).setIgnoreCase(true));
            hashMap.forEach((str, obj) -> {
                map.put(str, obj.toString());
            });
        }
    }

    private void cleanParam(Map<String, String> map) {
        map.remove(Config.METHOD);
        map.remove(Config.FORMAT);
        map.remove(Config.VERSION);
        map.remove(Config.SIGN);
    }

    private void fillXParam(ServerWebExchange serverWebExchange, Map<String, String> map) {
        if (StringKit.isBlank(serverWebExchange.getRequest().getHeaders().getFirst("x_remote_ip"))) {
            String first = serverWebExchange.getRequest().getHeaders().getFirst("X-Forwarded-For");
            if (StringKit.isBlank(first)) {
                InetSocketAddress remoteAddress = serverWebExchange.getRequest().getRemoteAddress();
                if (null != remoteAddress) {
                    first = remoteAddress.getAddress().getHostAddress();
                }
            } else {
                first = first.contains(",") ? first.split(",")[0] : first;
            }
            map.put("x_remote_ip", first);
        }
    }

    private void checkAppId(Assets assets, Map<String, String> map) {
        String str = assets.getMethod().split("\\.")[0];
        map.putIfAbsent("x_app_id", str);
        String str2 = map.get("x_app_id");
        if (StringKit.isNotBlank(str2) && !str.equals(str2)) {
            throw new BusinessException(ErrorCode.EM_100511);
        }
    }
}
