package org.njgzr.security.base.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.njgzr.security.base.AuthorizedUser;
import org.njgzr.security.base.Contance;
import org.njgzr.security.base.Result;
import org.njgzr.security.base.token.JWTToken;
import org.njgzr.security.cache.LoginCacheService;
import org.njgzr.security.event.LoginSuccessEvent;
import org.njgzr.security.interfaces.ConfigGetService;
import org.njgzr.security.service.JwtService;
import org.njgzr.security.utils.HttpResponseHelper;
import org.njgzr.security.utils.JWTUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:org/njgzr/security/base/filter/JWTFilter.class */
public class JWTFilter extends BasicHttpAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(JWTFilter.class);
    private JwtService jwtService;
    private LoginCacheService loginCache;
    private ApplicationContext applicationContext;
    private ConfigGetService configGetService;

    protected boolean isLoginAttempt(ServletRequest servletRequest, ServletResponse servletResponse) {
        return getAuthzHeader(servletRequest) != null;
    }

    protected boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        JWTToken createToken = createToken(servletRequest, servletResponse);
        if (createToken == null) {
            return onLoginFailure(createToken, new ExpiredCredentialsException("身份验证过期，请重新登录"), servletRequest, servletResponse);
        }
        String val = createToken.getVal();
        if (JWTUtil.isTokenExpired(val)) {
            return onLoginFailure(createToken, new ExpiredCredentialsException("用户会话超时"), servletRequest, servletResponse);
        }
        if (!this.loginCache.existSession(DigestUtils.md5Hex(val))) {
            return onLoginFailure(createToken, new ExpiredCredentialsException("该账号在其他地方登陆，您已被强制退出。"), servletRequest, servletResponse);
        }
        try {
            Subject subject = getSubject(servletRequest, servletResponse);
            subject.login(createToken);
            return onLoginSuccess(createToken, subject, servletRequest, servletResponse);
        } catch (AuthenticationException e) {
            return onLoginFailure(createToken, e, servletRequest, servletResponse);
        }
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        return false;
    }

    protected boolean preHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        String headerToken = this.configGetService.headerToken();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
        httpServletResponse.setHeader("Access-Control-Expose-Headers", StringUtils.isBlank(headerToken) ? Contance.HEADER : headerToken);
        if (!httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
            return super.preHandle(servletRequest, servletResponse);
        }
        httpServletResponse.setStatus(HttpStatus.OK.value());
        return false;
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (!(authenticationToken instanceof JWTToken)) {
            return true;
        }
        JWTToken jWTToken = (JWTToken) authenticationToken;
        AuthorizedUser authorizedUser = (AuthorizedUser) subject.getPrincipal();
        log.debug("user request success:" + authorizedUser.getLoginName());
        if (!this.jwtService.shouldRefreshToken(jWTToken.getVal())) {
            return true;
        }
        log.debug("user token refresh:" + authorizedUser.getLoginName());
        new HttpResponseHelper(servletResponse).resposeJwtToken(this.jwtService.refreshToken(jWTToken.getVal(), authorizedUser.getLoginName()), this.configGetService.headerToken());
        this.applicationContext.publishEvent(new LoginSuccessEvent(authorizedUser, WebUtils.toHttp(servletRequest), jWTToken.getVal(), true));
        return true;
    }

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        String tokenFromRequest = getTokenFromRequest(servletRequest);
        if (StringUtils.isNotBlank(tokenFromRequest)) {
            return new JWTToken(tokenFromRequest);
        }
        return null;
    }

    private String getTokenFromRequest(ServletRequest servletRequest) {
        return getAuthzHeader(servletRequest);
    }

    protected String getAuthzHeader(ServletRequest servletRequest) {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        String headerToken = this.configGetService.headerToken();
        return http.getHeader(StringUtils.isBlank(headerToken) ? Contance.HEADER : headerToken);
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        this.loginCache.removeSession(JWTUtil.getKey(getTokenFromRequest(servletRequest)));
        new HttpResponseHelper(servletResponse).responseJson(Result.fail(401, authenticationException.getMessage()).toJson());
        return false;
    }

    public JWTFilter(JwtService jwtService, LoginCacheService loginCacheService, ApplicationContext applicationContext, ConfigGetService configGetService) {
        this.jwtService = jwtService;
        this.loginCache = loginCacheService;
        this.applicationContext = applicationContext;
        this.configGetService = configGetService;
    }
}
