package com.diboot.iam.shiro;

import com.diboot.core.util.ContextHolder;
import com.diboot.core.util.JSON;
import com.diboot.core.util.V;
import com.diboot.core.vo.JsonResult;
import com.diboot.core.vo.Status;
import com.diboot.iam.service.IamLoginTraceService;
import com.diboot.iam.util.IamSecurityUtils;
import com.diboot.iam.util.TokenUtils;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import lombok.Generated;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:com/diboot/iam/shiro/StatelessAccessControlFilter.class */
public class StatelessAccessControlFilter extends BasicHttpAuthenticationFilter {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(StatelessAccessControlFilter.class);

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        IamLoginTraceService iamLoginTraceService;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String requestToken = TokenUtils.getRequestToken(httpServletRequest);
        if (V.isEmpty(requestToken)) {
            log.debug("token: {} 验证失败, uri={}", requestToken, httpServletRequest.getRequestURI());
            return false;
        }
        log.debug("token: {} 验证通过", requestToken);
        String cachedUserInfoStr = TokenUtils.getCachedUserInfoStr(requestToken);
        if (!IamSecurityUtils.getSubject().isAuthenticated() && cachedUserInfoStr != null) {
            IamAuthToken iamAuthToken = new IamAuthToken(cachedUserInfoStr);
            iamAuthToken.setAuthtoken(requestToken);
            iamAuthToken.setValidPassword(false);
            IamSecurityUtils.getSubject().login(iamAuthToken);
            log.debug("token: {} 保活完成, uri={}", requestToken, httpServletRequest.getRequestURI());
        }
        String responseNewTokenIfRequired = TokenUtils.responseNewTokenIfRequired(servletResponse, cachedUserInfoStr);
        if (!V.notEmpty(responseNewTokenIfRequired) || (iamLoginTraceService = (IamLoginTraceService) ContextHolder.getBean(IamLoginTraceService.class)) == null) {
            return true;
        }
        iamLoginTraceService.saveTokenRefreshTrace(responseNewTokenIfRequired, requestToken);
        return true;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        log.debug("Token认证失败： onAccessDenied");
        responseJson((HttpServletResponse) servletResponse, new JsonResult(Status.FAIL_INVALID_TOKEN));
        return false;
    }

    protected void responseJson(HttpServletResponse httpServletResponse, JsonResult jsonResult) {
        httpServletResponse.setStatus(HttpStatus.OK.value());
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("UTF-8");
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            try {
                writer.write(JSON.stringify(jsonResult));
                writer.flush();
                if (writer != null) {
                    writer.close();
                }
            } finally {
            }
        } catch (IOException e) {
            log.error("处理异步请求异常", e);
        }
    }
}
