package com.mbap.gateway.component;

import com.alibaba.fastjson.JSONObject;
import com.mbap.gateway.logger.CustomGatewayLogger;
import com.mbap.util.lang.StringUtil;
import eu.bitwalker.useragentutils.UserAgent;
import eu.bitwalker.useragentutils.Version;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import javax.annotation.PostConstruct;
import org.apache.commons.lang.time.DateFormatUtils;
import org.json.JSONException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.core.env.Environment;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@RefreshScope
@Component("AuthorizationManager")
/* loaded from: input_file:com/mbap/gateway/component/AuthorizationManager.class */
public class AuthorizationManager implements ReactiveAuthorizationManager<AuthorizationContext> {

    @Autowired
    private RedisTemplate<String, Object> redisTemplate;

    @Autowired
    private Environment environment;
    private List<String> authenticatedUrl;

    @Autowired
    private EntryPoint entryPoint;

    @Value("${isAccess:false}")
    private boolean isAccess;

    @PostConstruct
    public void init() {
        String trim = this.environment.getProperty("server.servlet.context-path", "").trim();
        if ("/".equals(trim) || !StringUtils.hasLength(trim)) {
            trim = "";
        }
        this.authenticatedUrl = new LinkedList();
        this.authenticatedUrl.add("[GET]" + trim + "/gateway/list");
        this.authenticatedUrl.add("[GET]" + trim + "/gateway/{id}");
        this.authenticatedUrl.add("[POST]" + trim + "/gateway/add");
        this.authenticatedUrl.add("[POST]" + trim + "/gateway/update");
        this.authenticatedUrl.add("[DELETE]" + trim + "/gateway/delete");
        this.authenticatedUrl.add("[GET]" + trim + "/gateway/uniqueness");
    }

    public Mono<AuthorizationDecision> check(Mono<Authentication> mono, AuthorizationContext authorizationContext) {
        ServerWebExchange exchange = authorizationContext.getExchange();
        String finalPath = getFinalPath(exchange);
        if (!isNeedAuthenticatedUrl(finalPath)) {
            CustomGatewayLogger.record("当前请求 : " + finalPath + " 属于【免接口权限验证的资源】");
            addProPertiesToHeader(exchange, finalPath.split("\\]")[0].substring(1), finalPath.split("\\]")[1], new AuthorizationDecision(true));
            return Mono.just(new AuthorizationDecision(true));
        }
        Mono<AuthorizationDecision> defaultIfEmpty = mono.map(authentication -> {
            return new AuthorizationDecision(true);
        }).defaultIfEmpty(isOptions(exchange));
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        try {
            addProPertiesToHeader(exchange, finalPath.split("\\]")[0].substring(1), finalPath.split("\\]")[1], (AuthorizationDecision) newSingleThreadExecutor.submit(() -> {
                return (AuthorizationDecision) defaultIfEmpty.block();
            }).get());
        } catch (InterruptedException e) {
            CustomGatewayLogger.error("权限检查执行异常", e);
            Thread.currentThread().interrupt();
        } catch (Exception e2) {
            CustomGatewayLogger.error("权限检查执行异常", e2);
        }
        newSingleThreadExecutor.shutdown();
        return defaultIfEmpty;
    }

    public String getFinalPath(ServerWebExchange serverWebExchange) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        String path = request.getURI().getPath();
        String methodValue = request.getMethodValue();
        if (request.getQueryParams() != null && !CollectionUtils.isEmpty((Collection) request.getQueryParams().get("_method")) && StringUtil.isNotEmpty((String) ((List) request.getQueryParams().get("_method")).get(0))) {
            methodValue = (String) ((List) request.getQueryParams().get("_method")).get(0);
        }
        String str = path.split("/")[1];
        return "[" + methodValue + "]/" + str + path.substring(1 + str.length());
    }

    private AuthorizationDecision isOptions(ServerWebExchange serverWebExchange) {
        HttpMethod method = serverWebExchange.getRequest().getMethod();
        return (ObjectUtils.isEmpty(method) || !"OPTIONS".equals(method.name())) ? new AuthorizationDecision(false) : new AuthorizationDecision(true);
    }

    public boolean isNeedAuthenticatedUrl(String str) {
        if (this.authenticatedUrl.contains(str)) {
            return true;
        }
        for (int i = 0; i < this.authenticatedUrl.size(); i++) {
            AntPathMatcher antPathMatcher = new AntPathMatcher();
            String str2 = this.authenticatedUrl.get(i);
            if (StringUtil.isNotEmpty(str2) && antPathMatcher.match(str2, str)) {
                return true;
            }
        }
        return false;
    }

    private void addProPertiesToHeader(ServerWebExchange serverWebExchange, String str, String str2, AuthorizationDecision authorizationDecision) {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("#req_method", str2);
            jSONObject.put("#access_path", str);
            jSONObject.put("client_ip", getHeadProperties(serverWebExchange.getRequest(), "ip"));
            jSONObject.put("#is_pass", true);
            jSONObject.put("#req_start", Long.valueOf(System.currentTimeMillis()));
            if (this.isAccess && (authorizationDecision == null || !authorizationDecision.isGranted())) {
                jSONObject.put("#is_pass", false);
                String headProperties = getHeadProperties(serverWebExchange.getRequest(), "referer");
                String uri = serverWebExchange.getRequest().getURI().toString();
                int i = -1;
                HttpStatus statusCode = serverWebExchange.getResponse().getStatusCode();
                if (!ObjectUtils.isEmpty(statusCode)) {
                    i = statusCode.ordinal();
                }
                String format = DateFormatUtils.format(System.currentTimeMillis(), "yyyy-MM-dd HH:mm:ss");
                String headProperties2 = getHeadProperties(serverWebExchange.getRequest(), "User-Agent");
                UserAgent parseUserAgentString = UserAgent.parseUserAgentString(headProperties2);
                String name = parseUserAgentString.getOperatingSystem().getName();
                String name2 = parseUserAgentString.getBrowser().getName();
                Version version = parseUserAgentString.getBrowser().getVersion(headProperties2);
                String version2 = version != null ? version.getVersion() : "";
                String headProperties3 = getHeadProperties(serverWebExchange.getRequest(), "ip");
                String replace = UUID.randomUUID().toString().replace("-", "");
                Object[] objArr = {replace, "6", format, headProperties2, name, name2, version2, headProperties3, "", headProperties, str2, str, uri, 0L, Integer.valueOf(i), false};
                JSONObject jSONObject2 = new JSONObject();
                jSONObject2.put("uuid", replace);
                jSONObject2.put("type", "6");
                jSONObject2.put("createTime", format);
                jSONObject2.put("userAgent", headProperties2);
                jSONObject2.put("operSystem", name);
                jSONObject2.put("browser", name2);
                jSONObject2.put("browserVer", version2);
                jSONObject2.put("clientIP", headProperties3);
                jSONObject2.put("operStaff", "");
                jSONObject2.put("referer", headProperties);
                jSONObject2.put("requestType", str2);
                jSONObject2.put("orgi_path", str);
                jSONObject2.put("actu_path", uri);
                jSONObject2.put("requ_time", 0L);
                jSONObject2.put("resp_stat", Integer.valueOf(i));
                jSONObject2.put("is_pass", false);
                CustomGatewayLogger.record("保存认证失败的访问记录 :" + objArr);
            }
            serverWebExchange.mutate().request(serverWebExchange.getRequest().mutate().header("#getway_req_method", new String[]{jSONObject.toString()}).build()).build();
        } catch (JSONException e) {
            CustomGatewayLogger.error("将请求相关信息添加到请求头中出现异常", e);
        }
    }

    public static String getHeadProperties(ServerHttpRequest serverHttpRequest, String str) {
        String first;
        HttpHeaders headers = serverHttpRequest.getHeaders();
        if ("ip".equals(str)) {
            String first2 = headers.getFirst("x-forwarded-for");
            if (first2 != null && first2.length() != 0 && !"unknown".equalsIgnoreCase(first2) && first2.indexOf(",") != -1) {
                first2 = first2.split(",")[0];
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("Proxy-Client-IP");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("WL-Proxy-Client-IP");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("HTTP_CLIENT_IP");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("HTTP_X_FORWARDED_FOR");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("X-Real-IP");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                InetSocketAddress remoteAddress = serverHttpRequest.getRemoteAddress();
                if (!ObjectUtils.isEmpty(remoteAddress)) {
                    InetAddress address = remoteAddress.getAddress();
                    if (!ObjectUtils.isEmpty(address)) {
                        first2 = address.getHostAddress();
                    }
                }
            }
            first = first2;
        } else {
            first = headers.getFirst(str);
        }
        return first;
    }

    public /* bridge */ /* synthetic */ Mono check(Mono mono, Object obj) {
        return check((Mono<Authentication>) mono, (AuthorizationContext) obj);
    }
}
