package top.dcenter.ums.security.core.permission.filter;

import java.io.IOException;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import top.dcenter.ums.security.core.api.permission.service.UriAuthorizeService;
import top.dcenter.ums.security.core.consts.SecurityConstants;
import top.dcenter.ums.security.core.util.MvcUtil;

/* loaded from: input_file:top/dcenter/ums/security/core/permission/filter/UriAuthorizeFilter.class */
public class UriAuthorizeFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(UriAuthorizeFilter.class);
    private final UriAuthorizeService uriAuthorizeService;

    public UriAuthorizeFilter(UriAuthorizeService uriAuthorizeService) {
        this.uriAuthorizeService = uriAuthorizeService;
    }

    protected void doFilterInternal(@NotNull HttpServletRequest httpServletRequest, @NotNull HttpServletResponse httpServletResponse, @NotNull FilterChain filterChain) throws ServletException, IOException {
        String pathWithinApplication = MvcUtil.getUrlPathHelper().getPathWithinApplication(httpServletRequest);
        if (!this.uriAuthorizeService.isUriContainsInUriSet(this.uriAuthorizeService.getUriAuthoritiesOfAllRole().orElse(new HashMap(0)).keySet(), pathWithinApplication).booleanValue()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Map<String, Set<String>> orElse = this.uriAuthorizeService.getUriAuthoritiesOfUserRole(authentication).orElse(new HashMap(0));
        Object principal = authentication.getPrincipal();
        String id = httpServletRequest.getSession(true).getId();
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String requestURI = httpServletRequest.getRequestURI();
        long epochMilli = Instant.now().toEpochMilli();
        String header = httpServletRequest.getHeader("referer");
        String header2 = httpServletRequest.getHeader(SecurityConstants.HEADER_USER_AGENT);
        String method = httpServletRequest.getMethod();
        if (this.uriAuthorizeService.isUriContainsInUriSet(orElse.keySet(), pathWithinApplication).booleanValue()) {
            log.info("URI权限控制-放行: sid={}, user={}, ip={}, uri={}, method={}, time={}, referer={}, agent={}", new Object[]{id, principal, remoteAddr, requestURI, method, Long.valueOf(epochMilli), header, header2});
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            log.warn("URI权限控制-禁止: sid={}, user={}, ip={}, uri={}, method={}, time={}, referer={}, agent={}", new Object[]{id, principal, remoteAddr, requestURI, method, Long.valueOf(epochMilli), header, header2});
            this.uriAuthorizeService.handlerError(HttpStatus.FORBIDDEN.value(), httpServletResponse);
        }
    }
}
