package tech.corefinance.common.service;

import jakarta.annotation.PostConstruct;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.scheduling.annotation.Async;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import tech.corefinance.common.annotation.ControllerManagedResource;
import tech.corefinance.common.annotation.ManualPermissionCheck;
import tech.corefinance.common.annotation.PermissionAction;
import tech.corefinance.common.config.ServiceSecurityConfig;
import tech.corefinance.common.enums.AccessControl;
import tech.corefinance.common.ex.ReflectiveIncorrectFieldException;
import tech.corefinance.common.model.AbstractPermission;
import tech.corefinance.common.model.ResourceAction;
import tech.corefinance.common.repository.ResourceActionRepository;
import tech.corefinance.common.util.CoreFinanceUtil;

@ConditionalOnProperty(prefix = "tech.corefinance.security", name = {"scan-controllers-actions"}, havingValue = "true", matchIfMissing = true)
@Component
/* loaded from: input_file:tech/corefinance/common/service/ControllerScanner.class */
public class ControllerScanner {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private ResourceActionRepository resourceActionRepository;

    @Autowired
    private ServiceSecurityConfig serviceSecurityConfig;

    @Autowired
    private PermissionService permissionService;

    @Autowired
    private RequestMappingHandlerMapping mapping;

    @Autowired
    private CoreFinanceUtil coreFinanceUtil;

    @Async
    @PostConstruct
    public void scan() {
        Map handlerMethods = this.mapping.getHandlerMethods();
        LinkedList linkedList = new LinkedList();
        for (Map.Entry entry : handlerMethods.entrySet()) {
            RequestMappingInfo requestMappingInfo = (RequestMappingInfo) entry.getKey();
            HandlerMethod handlerMethod = (HandlerMethod) entry.getValue();
            Set directPaths = requestMappingInfo.getDirectPaths();
            Method method = handlerMethod.getMethod();
            Class<?> declaringClass = method.getDeclaringClass();
            String name = declaringClass.getName();
            this.logger.debug("{}#{}", name, method.getName());
            Iterator<String> it = this.serviceSecurityConfig.getIgnoreControllerScan().iterator();
            while (true) {
                if (it.hasNext()) {
                    String next = it.next();
                    this.logger.debug("Checking if controller full package contain [{}] or not...", next);
                    if (name.contains(next)) {
                        this.logger.debug("Skipped permission scan for {}", declaringClass);
                        break;
                    }
                } else {
                    Iterator it2 = directPaths.iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            String str = (String) it2.next();
                            this.logger.debug("Validating URL [{}]", str);
                            for (String str2 : this.serviceSecurityConfig.getNoAuthenUrls()) {
                                boolean matches = Pattern.compile(str2.replace("*", ".*")).matcher(str).matches();
                                this.logger.debug("Checking result with pattern [{}] is [{}]", str2, Boolean.valueOf(matches));
                                if (matches) {
                                    break;
                                }
                            }
                        } else {
                            ControllerManagedResource controllerManagedResource = (ControllerManagedResource) declaringClass.getAnnotation(ControllerManagedResource.class);
                            PermissionAction permissionAction = (PermissionAction) method.getAnnotation(PermissionAction.class);
                            ManualPermissionCheck manualPermissionCheck = (ManualPermissionCheck) method.getAnnotation(ManualPermissionCheck.class);
                            if (permissionAction == null && controllerManagedResource == null) {
                                this.logger.error("{}={} have no annotation PermissionAction!", declaringClass.getName(), method.getName());
                                throw new ReflectiveIncorrectFieldException("no_permission_defined");
                            }
                            String resolveResourceType = this.coreFinanceUtil.resolveResourceType(permissionAction, controllerManagedResource);
                            String resolveResourceAction = this.coreFinanceUtil.resolveResourceAction(permissionAction, requestMappingInfo);
                            Iterable<RequestMethod> methods = requestMappingInfo.getMethodsCondition().getMethods();
                            linkedList.addAll(buildListActions(resolveResourceType, resolveResourceAction, directPaths, methods));
                            if (manualPermissionCheck != null) {
                                saveManualCheckPermissions(resolveResourceType, resolveResourceAction, directPaths, methods);
                            }
                        }
                    }
                }
            }
        }
        this.logger.info("{}", linkedList);
        this.resourceActionRepository.saveAll(linkedList);
    }

    private List<ResourceAction> buildListActions(String str, String str2, Iterable<String> iterable, Iterable<RequestMethod> iterable2) {
        LinkedList linkedList = new LinkedList();
        for (String str3 : iterable) {
            Iterator<RequestMethod> it = iterable2.iterator();
            while (it.hasNext()) {
                linkedList.add(new ResourceAction(str, str2, str3, it.next()));
            }
        }
        return linkedList;
    }

    private void saveManualCheckPermissions(String str, String str2, Iterable<String> iterable, Iterable<RequestMethod> iterable2) {
        for (String str3 : iterable) {
            for (RequestMethod requestMethod : iterable2) {
                AbstractPermission newPermission = this.permissionService.newPermission();
                newPermission.setControl(AccessControl.MANUAL_CHECK);
                newPermission.setUrl(str3);
                newPermission.setRoleId(AbstractPermission.ANY_ROLE_APPLIED_VALUE);
                newPermission.setResourceType(str);
                newPermission.setAction(str2);
                newPermission.setRequestMethod(requestMethod);
                this.permissionService.saveOrUpdatePermission(newPermission);
            }
        }
    }
}
