package com.jxdinfo.hussar.authentication.intercepeor;

import com.jxdinfo.hussar.authentication.exception.InvalidTokenException;
import com.jxdinfo.hussar.authentication.properties.ClientAuthScopeProperties;
import com.jxdinfo.hussar.base.cloud.model.client.SysAuthClientModel;
import com.jxdinfo.hussar.base.cloud.service.SysAuthClientDetailsService;
import com.jxdinfo.hussar.platform.core.base.apiresult.ApiResponse;
import com.jxdinfo.hussar.platform.core.constants.enums.ExceptionCodeEnum;
import com.jxdinfo.hussar.platform.core.utils.HussarUtils;
import com.jxdinfo.hussar.platform.core.utils.JsonUtil;
import com.jxdinfo.hussar.support.cache.util.DefaultCacheUtil;
import com.jxdinfo.hussar.support.cache.util.HussarCacheUtil;
import com.jxdinfo.hussar.support.security.integration.authentication.support.wrapper.HussarHttpServletResponseWrapper;
import com.jxdinfo.hussar.support.security.plugin.dao.cache.properties.SecurityCacheProperties;
import com.jxdinfo.hussar.support.security.plugin.oauth2.exception.SecurityOAuth2Exception;
import java.io.PrintWriter;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;

@Component
/* loaded from: input_file:com/jxdinfo/hussar/authentication/intercepeor/BpmHandlerInterceptor.class */
public class BpmHandlerInterceptor implements HandlerInterceptor {

    @Autowired
    private SecurityCacheProperties securityCacheProperties;

    @Autowired
    private ClientAuthScopeProperties clientAuthScopeProperties;

    @Autowired
    private SysAuthClientDetailsService sysAuthClientDetailsService;
    Logger logger = LoggerFactory.getLogger(BpmHandlerInterceptor.class);

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String header = httpServletRequest.getHeader("Authorization");
        String header2 = httpServletRequest.getHeader("client-id");
        if (HussarUtils.isNotEmpty(header) && header.equals(DefaultCacheUtil.get("access-token", String.class))) {
            return true;
        }
        if ("hussar-base".equals(header2)) {
            throw new SecurityOAuth2Exception("token无效");
        }
        try {
            List<String> scopeList = this.clientAuthScopeProperties.getScopeList();
            String tokenName = this.securityCacheProperties.getTokenName();
            String servletPath = httpServletRequest.getServletPath();
            String str = (String) HussarCacheUtil.get(tokenName, tokenName + ":oauth2:client-token-index:" + header2);
            SysAuthClientModel sysAuthClientModel = new SysAuthClientModel();
            sysAuthClientModel.setClientId(header2);
            Long valueOf = Long.valueOf(this.sysAuthClientDetailsService.doLoginByClientId(sysAuthClientModel).getAccessTokenValidTime());
            if (HussarUtils.isEmpty(header) || !header.equals(str)) {
                throw new InvalidTokenException("token无效，请重新获取token");
            }
            if (!scopeList.contains(servletPath)) {
                throw new SecurityOAuth2Exception("请求失败，clientId=[" + header2 + "]无权访问url=[" + servletPath + "]");
            }
            HussarCacheUtil.put(tokenName, tokenName + ":oauth2:client-token-index:" + header2, str, valueOf.longValue());
            return true;
        } catch (Exception e) {
            doException(httpServletRequest, httpServletResponse, e);
            return false;
        }
    }

    private void doException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc) throws Exception {
        ApiResponse fail;
        HussarHttpServletResponseWrapper hussarHttpServletResponseWrapper = new HussarHttpServletResponseWrapper(httpServletResponse);
        if (httpServletRequest == null || StringUtils.isEmpty(httpServletRequest.getRequestURI())) {
            this.logger.error("发生认证异常，{}:[{}]", exc.getClass(), exc.getMessage());
        } else {
            this.logger.error("请求路径：{}，发生认证异常，{}:[{}]", new Object[]{httpServletRequest.getRequestURI(), exc.getClass(), exc.getMessage()});
        }
        if (exc instanceof SecurityOAuth2Exception) {
            hussarHttpServletResponseWrapper.setStatus(HttpStatus.OK.value());
            fail = ApiResponse.fail(ExceptionCodeEnum.UNKNOWN_AUTHENTICATION_EXCEPTION.getCode().intValue(), exc.getMessage());
        } else {
            hussarHttpServletResponseWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
            fail = ApiResponse.fail(4107, exc.getMessage());
        }
        httpServletResponse.setContentType("application/json; charset=UTF-8");
        String json = JsonUtil.toJson(fail);
        PrintWriter writer = hussarHttpServletResponseWrapper.getWriter();
        writer.write(json);
        writer.flush();
        writer.close();
    }
}
