package com.jxdinfo.hussar.config.front.config;

import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.jxdinfo.hussar.bsp.constant.Constants;
import com.jxdinfo.hussar.bsp.permit.dao.SysUsersMapper;
import com.jxdinfo.hussar.bsp.permit.model.SysUsers;
import com.jxdinfo.hussar.bsp.permit.service.ISysOnlineHistService;
import com.jxdinfo.hussar.bsp.permit.service.ISysUsersService;
import com.jxdinfo.hussar.bsp.theme.service.IThemeService;
import com.jxdinfo.hussar.common.constant.state.UserStatus;
import com.jxdinfo.hussar.common.exception.LoginSessionException;
import com.jxdinfo.hussar.common.exception.LoginTimeRefuseException;
import com.jxdinfo.hussar.config.front.common.response.ResultCode;
import com.jxdinfo.hussar.config.properties.GlobalProperties;
import com.jxdinfo.hussar.core.shiro.ShiroKit;
import com.jxdinfo.hussar.core.shiro.ShiroUser;
import com.jxdinfo.hussar.core.shiro.sessionlimit.SessionLimit;
import com.jxdinfo.hussar.core.util.SpringContextHolder;
import com.jxdinfo.hussar.core.util.ToolUtil;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.Serializable;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Deque;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.SessionException;
import org.apache.shiro.session.mgt.DefaultSessionKey;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.DependsOn;
import org.springframework.stereotype.Component;

@DependsOn({"springContextHolder"})
@Component
/* loaded from: input_file:com/jxdinfo/hussar/config/front/config/FrontKickoutSessionFilter.class */
public class FrontKickoutSessionFilter extends AccessControlFilter {
    private static Logger logger = LoggerFactory.getLogger(FrontKickoutSessionFilter.class);
    public static final String SYSTEM_MAX_SESSION = "maxSession";
    public static final String KICKOUT = "kickout";
    public static final String LOGIN_NEW_SESSIONID = "loginNewSessionId";
    public static final String LOGIN_NEW_IP = "loginNewIp";
    public static final String CAUSE = "cause";
    public static final String MSG_SYSTEM_MAX_SESSION = "超过系统最大会话数限制！";
    public static final String MSG_KICKOUT = "您已经在别处登录！";
    private SessionManager sessionManager;
    private SessionDAO sessionDAO;
    private String kickoutUrl = "/login?kickout=true";
    public final String ERROR_TIPS = "tips";
    private Long maxSession = 1000000L;

    public SessionDAO getSessionDAO() {
        return this.sessionDAO;
    }

    public void setSessionDAO(SessionDAO sessionDAO) {
        this.sessionDAO = sessionDAO;
    }

    public Long getMaxSession() {
        return this.maxSession;
    }

    public void setMaxSession(Long l) {
        this.maxSession = l;
    }

    public void setKickoutUrl(String str) {
        this.kickoutUrl = str;
    }

    public void setSessionManager(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        Serializable removeLast;
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        String requestURI = http.getRequestURI();
        String usreAgent = getUsreAgent(http);
        String ip = getIP(http);
        logger.debug(String.format("URL:%s | IP: %s | USER-AGENT: %s", requestURI, ip, usreAgent));
        String parameter = http.getParameter("tips");
        if (parameter != null) {
            http.setAttribute("tips", parameter);
        } else {
            http.setAttribute("tips", "");
        }
        Subject subject = getSubject(servletRequest, servletResponse);
        Boolean valueOf = Boolean.valueOf(subject.isRemembered());
        Session session = subject.getSession();
        ShiroUser user = ShiroKit.getUser();
        if (ToolUtil.isEmpty(user)) {
            HashMap hashMap = new HashMap();
            hashMap.put("code", Integer.valueOf(ResultCode.UN_AUTHORIZED.getCode()));
            hashMap.put("msg", ResultCode.UN_AUTHORIZED.getMessage());
            out(servletResponse, hashMap);
        }
        GlobalProperties globalProperties = (GlobalProperties) SpringContextHolder.getBean(GlobalProperties.class);
        if (valueOf.booleanValue()) {
            ISysUsersService iSysUsersService = (ISysUsersService) SpringContextHolder.getBean(ISysUsersService.class);
            IThemeService iThemeService = (IThemeService) SpringContextHolder.getBean(IThemeService.class);
            SysUsers sysUsers = (SysUsers) iSysUsersService.getOne((Wrapper) ((QueryWrapper) new QueryWrapper().eq("USER_ACCOUNT", user.getAccount())).eq("ACCOUNT_STATUS", UserStatus.OK.getCode()), false);
            session.setAttribute("sessionFlag", true);
            session.setAttribute("shiroUser", user);
            session.setAttribute("userId", user.getId());
            session.setAttribute("theme", iThemeService.getUserTheme());
            if (sysUsers != null && "1".equals(sysUsers.getLoginTimeLimit())) {
                session.setAttribute("startTime", sysUsers.getAccessLoginStartTime());
                session.setAttribute("endTime", sysUsers.getAccessLoginEndTime());
            }
            session.setAttribute("online", ((ISysOnlineHistService) SpringContextHolder.getBean(ISysOnlineHistService.class)).addRecord());
        }
        if (!subject.isAuthenticated() && !valueOf.booleanValue()) {
            if (user != null && session.getAttribute("csrfFlag") == null) {
                session.setAttribute("csrfFlag", true);
                http.getRequestDispatcher(this.kickoutUrl).forward(servletRequest, servletResponse);
                return false;
            }
            http.getRequestURI();
            http.getRemoteHost();
            if (http.getHeader("x-requested-with") != null && "XMLHttpRequest".equalsIgnoreCase(http.getHeader("x-requested-with"))) {
                http2.setHeader("sessionstatus", "timeout");
                return false;
            }
            if (http.getHeader("Referer") != null) {
                return false;
            }
            saveRequestAndRedirectToLogin(servletRequest, servletResponse);
            return false;
        }
        String str = session.getAttribute("startTime") == null ? "" : (String) session.getAttribute("startTime");
        String str2 = session.getAttribute("endTime") == null ? "" : (String) session.getAttribute("endTime");
        if (!Arrays.asList(Constants.MANAGE_USER).contains(user.getAccount()) && ToolUtil.isNotEmpty(str) && ToolUtil.isNotEmpty(str2)) {
            boolean z = false;
            Date date = new Date();
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("HH:mm:ss");
            try {
                Date parse = simpleDateFormat.parse(str);
                Date parse2 = simpleDateFormat.parse(str2);
                Date parse3 = simpleDateFormat.parse(simpleDateFormat.format(date));
                if (parse.getTime() <= parse3.getTime()) {
                    if (parse3.getTime() <= parse2.getTime()) {
                        z = true;
                    }
                }
            } catch (ParseException e) {
                e.printStackTrace();
            }
            if (!z) {
                subject.logout();
                throw new LoginTimeRefuseException(user.getName(), "当前时间禁止登录");
            }
        }
        if (!globalProperties.isSessionLimit()) {
            return true;
        }
        SysUsersMapper sysUsersMapper = (SysUsersMapper) SpringContextHolder.getBean(SysUsersMapper.class);
        SessionLimit sessionLimit = (SessionLimit) SpringContextHolder.getBean(SessionLimit.class);
        SysUsers sysUsers2 = (SysUsers) sysUsersMapper.selectById(user.getId());
        String id = user.getId();
        Serializable id2 = session.getId();
        String remoteAddr = http.getRemoteAddr();
        if (this.maxSession.longValue() != -1 && globalProperties.isKickoutAfter()) {
            long currentTimeMillis = System.currentTimeMillis();
            for (Session session2 : this.sessionDAO.getActiveSessions()) {
                if (((Boolean) session2.getAttribute("sessionFlag")) == null || currentTimeMillis - session2.getLastAccessTime().getTime() > session2.getTimeout()) {
                    if (!subject.isRemembered() || !id2.equals(session2.getId())) {
                        this.sessionDAO.delete(session2);
                    }
                }
            }
            Collection activeSessions = this.sessionDAO.getActiveSessions();
            if (globalProperties.isSessionLimit() && activeSessions.size() >= this.maxSession.longValue()) {
                try {
                    Session session3 = this.sessionManager.getSession(new DefaultSessionKey(id2));
                    if (session3 != null) {
                        session3.setAttribute("kickout", true);
                        session3.setAttribute("loginNewSessionId", id2);
                        session3.setAttribute("loginNewIp", remoteAddr);
                        session3.setAttribute("cause", "maxSession");
                    }
                } catch (SessionException e2) {
                    e2.printStackTrace();
                }
            }
        }
        String name = user.getName();
        int intValue = sysUsers2.getMaxSessions().intValue();
        if (intValue != -1) {
            Deque<Serializable> userSession = sessionLimit.getUserSession(id);
            if (!userSession.contains(id2) && session.getAttribute("kickout") == null) {
                userSession.push(id2);
                sessionLimit.addUserSession(id, userSession);
            }
            if (userSession.size() > intValue && !valueOf.booleanValue()) {
                if (globalProperties.isKickoutAfter()) {
                    removeLast = userSession.removeFirst();
                    logger.debug(String.format("踢出后者操作： 当前用户: %s (%s) 的最大允许会话数为: %s ,已经在别处登录，别处登录的SessionId为：%s，当前SessionId： %s 不允许登录，当前请求地址为: %s , 客户端IP: %s , 浏览器信息: %s", name, id, Integer.valueOf(intValue), removeLast, id2, requestURI, ip, usreAgent));
                } else {
                    removeLast = userSession.removeLast();
                    logger.debug(String.format("踢出前者操作： 当前用户: %s (%s) 的最大允许会话数为: %s ,已经在别处登录，别处登录的SessionId为：%s，已经被踢出，当前SessionId： %s ,当前请求地址为: %s , 客户端IP: %s , 浏览器信息: %s", name, id, Integer.valueOf(intValue), removeLast, id2, requestURI, ip, usreAgent));
                }
                sessionLimit.addUserSession(id, userSession);
                try {
                    Session session4 = this.sessionManager.getSession(new DefaultSessionKey(removeLast));
                    if (session4 != null) {
                        session4.setAttribute("kickout", true);
                        session4.setAttribute("loginNewSessionId", id2);
                        session4.setAttribute("loginNewIp", remoteAddr);
                    }
                } catch (SessionException e3) {
                    e3.printStackTrace();
                }
            }
        }
        if (((Boolean) session.getAttribute("kickout")) == null || !((Boolean) session.getAttribute("kickout")).booleanValue()) {
            return true;
        }
        String str3 = (String) session.getAttribute("cause");
        logger.debug(String.format("当前会话被踢出： 当前用户: %s (%s) 的最大允许会话数为: %s ,已经在别处登录，当前被踢出的SessionId为：%s，已经被踢出，当前请求地址为: %s , 客户端IP: %s , 浏览器信息: %s", name, id, Integer.valueOf(intValue), id2, requestURI, ip, usreAgent));
        subject.logout();
        if ("maxSession".equals(str3)) {
            throw new LoginSessionException(name, "超过系统最大会话数限制！");
        }
        throw new LoginSessionException(name, "您已经在别处登录！");
    }

    private void out(ServletResponse servletResponse, Map<String, Object> map) throws IOException {
        servletResponse.setCharacterEncoding("UTF-8");
        PrintWriter writer = servletResponse.getWriter();
        writer.println(JSON.toJSONString(map));
        writer.flush();
        writer.close();
    }

    private String getIP(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("X-Requested-For：").append(httpServletRequest.getHeader("X-Requested-For")).append(" , ");
        stringBuffer.append("X-Forwarded-For：").append(httpServletRequest.getHeader("X-Forwarded-For")).append(" , ");
        stringBuffer.append("Proxy-Client-IP：").append(httpServletRequest.getHeader("Proxy-Client-IP")).append(" , ");
        stringBuffer.append("WL-Proxy-Client-IP：").append(httpServletRequest.getHeader("WL-Proxy-Client-IP")).append(" , ");
        stringBuffer.append("HTTP_CLIENT_IP：").append(httpServletRequest.getHeader("HTTP_CLIENT_IP")).append(" , ");
        stringBuffer.append("HTTP_X_FORWARDED_FOR：").append(httpServletRequest.getHeader("HTTP_X_FORWARDED_FOR")).append(" , ");
        stringBuffer.append("RemoteAddr：").append(httpServletRequest.getRemoteAddr());
        return stringBuffer.toString();
    }

    private String getUsreAgent(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("User-Agent");
    }
}
