package com.jxdinfo.hussar.system.shrio;

import com.alibaba.fastjson.JSON;
import com.jxdinfo.hussar.bpm.common.response.ResultCode;
import com.jxdinfo.hussar.bsp.tenant.model.SysUser;
import com.jxdinfo.hussar.core.util.ToolUtil;
import com.jxdinfo.hussar.system.utils.ShiroUser;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.DependsOn;
import org.springframework.stereotype.Component;

@DependsOn({"springContextHolder"})
@Component
/* loaded from: input_file:com/jxdinfo/hussar/system/shrio/KickoutSessionFilter.class */
public class KickoutSessionFilter extends AccessControlFilter {
    private static Logger logger = LoggerFactory.getLogger(KickoutSessionFilter.class);
    private SessionDAO sessionDAO;
    private SessionManager sessionManager;
    public final String ERROR_TIPS = "tips";
    private Long maxSession = 1000000L;

    public SessionDAO getSessionDAO() {
        return this.sessionDAO;
    }

    public void setSessionDAO(SessionDAO sessionDAO) {
        this.sessionDAO = sessionDAO;
    }

    public Long getMaxSession() {
        return this.maxSession;
    }

    public void setMaxSession(Long l) {
        this.maxSession = l;
    }

    public SessionManager getSessionManager() {
        return this.sessionManager;
    }

    public void setSessionManager(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        logger.debug(String.format("URL:%s | IP: %s | USER-AGENT: %s", http.getRequestURI(), getIP(http), getUsreAgent(http)));
        String parameter = http.getParameter("tips");
        if (parameter != null) {
            http.setAttribute("tips", parameter);
        } else {
            http.setAttribute("tips", "");
        }
        Subject subject = getSubject(servletRequest, servletResponse);
        Boolean valueOf = Boolean.valueOf(subject.isRemembered());
        Session session = subject.getSession();
        SysUser user = ShiroUser.getUser();
        if (ToolUtil.isEmpty(user)) {
            HashMap hashMap = new HashMap();
            hashMap.put("code", Integer.valueOf(ResultCode.UN_AUTHORIZED.getCode()));
            hashMap.put("msg", ResultCode.UN_AUTHORIZED.getMessage());
            out(servletResponse, hashMap);
        }
        if (subject.isAuthenticated() || valueOf.booleanValue()) {
            return true;
        }
        if (user != null && session.getAttribute("csrfFlag") == null) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("code", Integer.valueOf(ResultCode.UN_AUTHORIZED.getCode()));
            hashMap2.put("msg", ResultCode.UN_AUTHORIZED.getMessage());
            out(servletResponse, hashMap2);
            return false;
        }
        http.getRequestURI();
        http.getRemoteHost();
        if (http.getHeader("x-requested-with") == null || !"XMLHttpRequest".equalsIgnoreCase(http.getHeader("x-requested-with"))) {
            return http.getHeader("Referer") == null ? false : false;
        }
        http2.setHeader("sessionstatus", "timeout");
        return false;
    }

    private void out(ServletResponse servletResponse, Map<String, Object> map) throws IOException {
        servletResponse.setCharacterEncoding("UTF-8");
        PrintWriter writer = servletResponse.getWriter();
        writer.println(JSON.toJSONString(map));
        writer.flush();
        writer.close();
    }

    private String getIP(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("X-Requested-For：").append(httpServletRequest.getHeader("X-Requested-For")).append(" , ");
        stringBuffer.append("X-Forwarded-For：").append(httpServletRequest.getHeader("X-Forwarded-For")).append(" , ");
        stringBuffer.append("Proxy-Client-IP：").append(httpServletRequest.getHeader("Proxy-Client-IP")).append(" , ");
        stringBuffer.append("WL-Proxy-Client-IP：").append(httpServletRequest.getHeader("WL-Proxy-Client-IP")).append(" , ");
        stringBuffer.append("HTTP_CLIENT_IP：").append(httpServletRequest.getHeader("HTTP_CLIENT_IP")).append(" , ");
        stringBuffer.append("HTTP_X_FORWARDED_FOR：").append(httpServletRequest.getHeader("HTTP_X_FORWARDED_FOR")).append(" , ");
        stringBuffer.append("RemoteAddr：").append(httpServletRequest.getRemoteAddr());
        return stringBuffer.toString();
    }

    private String getUsreAgent(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("User-Agent");
    }
}
