package com.mbap.gateway.component;

import cn.hutool.core.convert.Convert;
import com.alibaba.fastjson.JSON;
import com.mbap.gateway.ignore.service.IgnoreService;
import com.mbap.mybatis.ty.service.BaseDao;
import com.mbap.util.lang.StringUtil;
import eu.bitwalker.useragentutils.UserAgent;
import eu.bitwalker.useragentutils.Version;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import org.apache.commons.lang.time.DateFormatUtils;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@RefreshScope
@Component("com.mbap.gateway.component.AuthorizationManager")
/* loaded from: input_file:com/mbap/gateway/component/AuthorizationManager.class */
public class AuthorizationManager implements ReactiveAuthorizationManager<AuthorizationContext> {
    private static Logger LOGGER = LoggerFactory.getLogger("GatewayLogger");

    @Autowired
    private RedisTemplate<String, Object> redisTemplate;

    @Autowired
    private BaseDao baseService;

    @Autowired
    private IgnoreService ignoreService;

    @Value("${isAccess:false}")
    private boolean isAccess;
    private List<String> permitAll;

    @PostConstruct
    public void init() {
        this.permitAll = this.ignoreService.get();
    }

    public String getFinalPath(ServerWebExchange serverWebExchange) {
        LinkedHashMap<String, Object> realPath = getRealPath(serverWebExchange.getRequest());
        String obj = realPath.get("url").toString();
        return "[" + realPath.get("type").toString().toUpperCase() + "]/" + realPath.get("servername").toString() + obj;
    }

    public Mono<AuthorizationDecision> check(Mono<Authentication> mono, AuthorizationContext authorizationContext) {
        ServerWebExchange exchange = authorizationContext.getExchange();
        LinkedHashMap<String, Object> realPath = getRealPath(exchange.getRequest());
        String obj = realPath.get("url").toString();
        String upperCase = realPath.get("type").toString().toUpperCase();
        String obj2 = realPath.get("servername").toString();
        String str = "[" + upperCase + "]/" + obj2 + obj;
        if (permitAll(str)) {
            LOGGER.info("当前请求 : " + str + " 属于【免接口权限验证的资源】");
            m42xe3a92f9d(exchange, "/" + obj2 + obj, upperCase, new AuthorizationDecision(true));
            return Mono.just(new AuthorizationDecision(true));
        }
        Mono<AuthorizationDecision> defaultIfEmpty = mono.map(authentication -> {
            return new AuthorizationDecision(m41x59c4920d(exchange, authentication, str));
        }).defaultIfEmpty(o000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000super(exchange));
        AuthorizationDecision authorizationDecision = (AuthorizationDecision) defaultIfEmpty.block();
        if (authorizationDecision == null || !authorizationDecision.isGranted()) {
            LOGGER.info("当前请求 : " + str + " 【无权访问】");
        }
        m42xe3a92f9d(exchange, "/" + obj2 + obj, upperCase, authorizationDecision);
        return defaultIfEmpty;
    }

    private AuthorizationDecision o000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000super(ServerWebExchange serverWebExchange) {
        return serverWebExchange.getRequest().getMethod().name().equals("OPTIONS") ? new AuthorizationDecision(true) : new AuthorizationDecision(false);
    }

    public boolean permitAll(String str) {
        return this.permitAll.stream().filter(str2 -> {
            return str2.equals(str);
        }).findFirst().isPresent();
    }

    /* renamed from: Ô000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000String, reason: contains not printable characters */
    private boolean m41x59c4920d(ServerWebExchange serverWebExchange, Authentication authentication, String str) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        Jwt jwt = (Jwt) authentication.getPrincipal();
        String obj = jwt.getClaim("client_id").toString();
        List list = request.getHeaders().get("#getway_req_method");
        String str2 = "";
        if (list != null && list.size() > 0) {
            str2 = JSON.parseObject((String) list.get(0)).getString("client_ip");
        }
        if (jwt != null && jwt.getClaim("user_name") != null && "402881f7347e754501347e9d325c0003".equals(jwt.getClaim("id").toString())) {
            return true;
        }
        if (jwt != null && jwt.getClaim("user_name") != null && this.ignoreService.getNoCheckPermissionUrl().contains(str)) {
            return true;
        }
        boolean z = false;
        for (Map map : this.baseService.findBySql2Map(true, "select r.resourcekey resourcekey,  c.wrongnum wrongnum,c.writelist writelist,c.blacklist blacklist  from sys_oauth_client c left join sys_oauth_client_resource\n    \t\t\t cr on c.id=cr.clientid left join sys_oauth_resource r on cr.resourceid=r.id where c.clientname =? and c.deleted=0 ", new Object[]{obj})) {
            if (map.get("resourcekey") != null && str.indexOf(map.get("resourcekey").toString()) != -1) {
                z = true;
                if (map.get("blacklist") != null && StringUtil.isNotEmpty(map.get("blacklist").toString()) && ipMatch(map.get("blacklist").toString(), str2)) {
                    z = false;
                }
                if (map.get("writelist") != null && StringUtil.isNotEmpty(map.get("writelist").toString()) && !ipMatch("127.0.0.1," + map.get("writelist").toString(), str2)) {
                    z = false;
                }
            }
        }
        if (!z || jwt == null || this.redisTemplate.opsForValue().get("AUTH:BLACKLIST:client:" + obj) != null) {
            return false;
        }
        if (jwt.getClaim("user_name") != null && this.redisTemplate.opsForValue().get("AUTH:BLACKLIST:staffid:" + jwt.getClaim("id").toString()) != null) {
            return false;
        }
        List list2 = (List) Convert.toList(String.class, this.redisTemplate.opsForHash().get("AUTH:RESOURCE_OWNERS_MAP", str)).stream().map(str3 -> {
            return "OWNER_" + str3;
        }).collect(Collectors.toList());
        List list3 = Convert.toList(String.class, authentication.getAuthorities());
        Stream stream = list2.stream();
        list3.getClass();
        if (!stream.anyMatch((v1) -> {
            return r1.contains(v1);
        })) {
            return false;
        }
        if (jwt == null || jwt.getClaim("user_name") == null) {
            return true;
        }
        List list4 = Convert.toList(String.class, this.redisTemplate.opsForHash().get("AUTH:RESOURCE_EXCLUDE_MAP", jwt.getClaim("user_name").toString()));
        return list4.isEmpty() || !list4.contains(str);
    }

    /* renamed from: Õ000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000class, reason: contains not printable characters */
    private void m42xe3a92f9d(ServerWebExchange serverWebExchange, String str, String str2, AuthorizationDecision authorizationDecision) {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("#req_method", str2);
            jSONObject.put("#access_path", str);
            jSONObject.put("client_ip", getHeadProperties(serverWebExchange.getRequest(), "ip"));
            jSONObject.put("#is_pass", true);
            jSONObject.put("#req_start", System.currentTimeMillis());
            if (this.isAccess && (authorizationDecision == null || !authorizationDecision.isGranted())) {
                jSONObject.put("#is_pass", false);
                String headProperties = getHeadProperties(serverWebExchange.getRequest(), "referer");
                String uri = serverWebExchange.getRequest().getURI().toString();
                int ordinal = serverWebExchange.getResponse().getStatusCode().ordinal();
                String format = DateFormatUtils.format(System.currentTimeMillis(), "yyyy-MM-dd HH:mm:ss");
                String headProperties2 = getHeadProperties(serverWebExchange.getRequest(), "User-Agent");
                UserAgent parseUserAgentString = UserAgent.parseUserAgentString(headProperties2);
                String name = parseUserAgentString.getOperatingSystem().getName();
                String name2 = parseUserAgentString.getBrowser().getName();
                Version version = parseUserAgentString.getBrowser().getVersion(headProperties2);
                this.baseService.execNoResultSql("insert into log_access (id,type,createTime,user_ggent,oper_system,browser,browser_ver,client_ip,oper_staff,referer,requ_method,orgi_path,actu_path,requ_time,resp_stat,is_pass) values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)", new Object[]{UUID.randomUUID().toString().replace("-", ""), "6", format, headProperties2, name, name2, version != null ? version.getVersion() : "", getHeadProperties(serverWebExchange.getRequest(), "ip"), "", headProperties, str2, str, uri, 0L, Integer.valueOf(ordinal), false});
            }
            serverWebExchange.mutate().request(serverWebExchange.getRequest().mutate().header("#getway_req_method", new String[]{jSONObject.toString()}).build()).build();
        } catch (JSONException e) {
            LOGGER.error("将请求相关信息添加到请求头中出现异常", e);
        }
    }

    public static String getHeadProperties(ServerHttpRequest serverHttpRequest, String str) {
        String first;
        HttpHeaders headers = serverHttpRequest.getHeaders();
        if ("ip".equals(str)) {
            String first2 = headers.getFirst("x-forwarded-for");
            if (first2 != null && first2.length() != 0 && !"unknown".equalsIgnoreCase(first2) && first2.indexOf(",") != -1) {
                first2 = first2.split(",")[0];
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("Proxy-Client-IP");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("WL-Proxy-Client-IP");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("HTTP_CLIENT_IP");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("HTTP_X_FORWARDED_FOR");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = headers.getFirst("X-Real-IP");
            }
            if (first2 == null || first2.length() == 0 || "unknown".equalsIgnoreCase(first2)) {
                first2 = serverHttpRequest.getRemoteAddress().getAddress().getHostAddress();
            }
            first = first2;
        } else {
            first = headers.getFirst(str);
        }
        return first;
    }

    public LinkedHashMap<String, Object> getRealPath(ServerHttpRequest serverHttpRequest) {
        String path = serverHttpRequest.getURI().getPath();
        String methodValue = serverHttpRequest.getMethodValue();
        if (serverHttpRequest.getQueryParams() != null && !CollectionUtils.isEmpty((Collection) serverHttpRequest.getQueryParams().get("_method")) && StringUtil.isNotEmpty((String) ((List) serverHttpRequest.getQueryParams().get("_method")).get(0))) {
            methodValue = (String) ((List) serverHttpRequest.getQueryParams().get("_method")).get(0);
        }
        String str = path.split("/")[1];
        String substring = path.substring(1 + str.length(), path.length());
        List list = (List) this.redisTemplate.opsForValue().get(str);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (CollectionUtils.isEmpty(list)) {
            linkedHashMap.put("url", substring);
            linkedHashMap.put("type", methodValue.toUpperCase());
            linkedHashMap.put("servername", str);
            return linkedHashMap;
        }
        for (int i = 0; i < list.size(); i++) {
            AntPathMatcher antPathMatcher = new AntPathMatcher();
            String obj = ((LinkedHashMap) list.get(i)).get("url").toString();
            if (StringUtil.isNotEmpty(obj)) {
                if (substring.equals(obj)) {
                    return (LinkedHashMap) list.get(i);
                }
                if (antPathMatcher.match(obj, substring)) {
                    linkedHashMap = (LinkedHashMap) list.get(i);
                }
            }
        }
        return linkedHashMap;
    }

    public static boolean ipMatch(String str, String str2) {
        for (String str3 : str.split(",")) {
            if (str2.equals(str3)) {
                return true;
            }
            if (str3.indexOf("/") > 0) {
                int parseInt = Integer.parseInt(str3.substring(str3.lastIndexOf(".") + 1, str3.lastIndexOf("/")));
                int parseInt2 = Integer.parseInt(str3.substring(str3.lastIndexOf("/") + 1));
                for (int i = parseInt; i <= parseInt2; i++) {
                    String str4 = str3.substring(0, str3.lastIndexOf(".")) + "." + i;
                    if (str2.equals(str3.substring(0, str3.lastIndexOf(".")) + "." + i)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public /* bridge */ /* synthetic */ Mono check(Mono mono, Object obj) {
        return check((Mono<Authentication>) mono, (AuthorizationContext) obj);
    }
}
