package net.hasor.dataway.authorization;

import java.lang.reflect.Method;
import net.hasor.core.spi.SpiTrigger;
import net.hasor.dataway.DatawayApi;
import net.hasor.dataway.DatawayService;
import net.hasor.dataway.config.CorsUtils;
import net.hasor.dataway.spi.AuthorizationChainSpi;
import net.hasor.utils.StringUtils;
import net.hasor.web.Invoker;
import net.hasor.web.InvokerChain;
import net.hasor.web.InvokerConfig;
import net.hasor.web.InvokerFilter;
import net.hasor.web.Mapping;

/* loaded from: input_file:net/hasor/dataway/authorization/InterfaceAuthorizationFilter.class */
public class InterfaceAuthorizationFilter implements InvokerFilter {
    private SpiTrigger spiTrigger = null;
    private DatawayService datawayService = null;
    private String uiAdminBaseUri;

    public InterfaceAuthorizationFilter(String str) {
        this.uiAdminBaseUri = null;
        this.uiAdminBaseUri = (str + "/api/").replaceAll("/+", "/");
    }

    public void init(InvokerConfig invokerConfig) {
        this.spiTrigger = (SpiTrigger) invokerConfig.getAppContext().getInstance(SpiTrigger.class);
        this.datawayService = (DatawayService) invokerConfig.getAppContext().getInstance(DatawayService.class);
    }

    public Object doInvoke(Invoker invoker, InvokerChain invokerChain) throws Throwable {
        Mapping ownerMapping;
        Method findMethod;
        if (invoker.getRequestPath().startsWith(this.uiAdminBaseUri) && (ownerMapping = invoker.ownerMapping()) != null && (findMethod = ownerMapping.findMethod(invoker.getHttpRequest())) != null) {
            RefAuthorization refAuthorization = (RefAuthorization) findMethod.getAnnotation(RefAuthorization.class);
            if (refAuthorization == null) {
                refAuthorization = (RefAuthorization) findMethod.getDeclaringClass().getAnnotation(RefAuthorization.class);
            }
            AuthorizationType value = refAuthorization != null ? refAuthorization.value() : null;
            String str = null;
            String queryString = invoker.getHttpRequest().getQueryString();
            if (StringUtils.isNotBlank(queryString)) {
                String[] split = queryString.split("&");
                int length = split.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str2 = split[i];
                    if (str2.startsWith("id=")) {
                        str = str2.split("=")[1];
                        break;
                    }
                    i++;
                }
            }
            DatawayApi apiById = this.datawayService.getApiById(str);
            if (((Boolean) this.spiTrigger.chainSpi(AuthorizationChainSpi.class, (authorizationChainSpi, bool) -> {
                return Boolean.valueOf(authorizationChainSpi.doCheck(value, apiById, bool.booleanValue()));
            }, true)).booleanValue()) {
                return invokerChain.doNext(invoker);
            }
            CorsUtils.setup(invoker);
            invoker.getHttpResponse().sendError(401, "No permission.");
            return null;
        }
        return invokerChain.doNext(invoker);
    }
}
