package org.zodiac.security.http.reactive.interceptor;

import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.lang.NonNull;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import org.zodiac.commons.util.serialize.JsonUtil;
import org.zodiac.commons.util.web.ReactiveRequests;
import org.zodiac.commons.web.model.SimpleHttpMethod;
import org.zodiac.security.config.SecurityHttpInfo;
import org.zodiac.security.constants.SecurityConstants;
import org.zodiac.security.http.BasicSecure;
import org.zodiac.security.http.reactive.ReactiveResponseProvider;
import org.zodiac.security.registry.SecurityRegistry;
import org.zodiac.security.util.SecurityReactiveAuthUtil;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/zodiac/security/http/reactive/interceptor/BasicInterceptor.class */
public class BasicInterceptor implements WebFilter {
    private static final Logger LOG = LoggerFactory.getLogger(BasicInterceptor.class);
    private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
    private final SecurityRegistry securityRegistry;
    private final SecurityHttpInfo securityHttpInfo;
    private List<BasicSecure> basicSecures;
    private List<String> excludePathPatterns;

    public BasicInterceptor(SecurityRegistry securityRegistry, SecurityHttpInfo securityHttpInfo) {
        this.securityRegistry = securityRegistry;
        this.securityHttpInfo = securityHttpInfo;
        if (!this.securityRegistry.isBasicEnabled() && !this.securityHttpInfo.isBasicEnabled()) {
            this.basicSecures = Collections.emptyList();
            this.excludePathPatterns = Collections.emptyList();
            return;
        }
        this.basicSecures = this.securityRegistry.addBasicPatterns(this.securityHttpInfo.getBasic()).getBasicSecures();
        if (this.basicSecures.size() <= 0) {
            this.excludePathPatterns = Collections.emptyList();
        } else {
            this.securityRegistry.excludePathPatterns((List<String>) this.basicSecures.stream().map((v0) -> {
                return v0.getPattern();
            }).collect(Collectors.toList()));
            this.excludePathPatterns = this.securityRegistry.getExcludePatterns();
        }
    }

    public Mono<Void> filter(@NonNull ServerWebExchange serverWebExchange, @NonNull WebFilterChain webFilterChain) {
        if (this.securityRegistry.isBasicEnabled() || this.securityHttpInfo.isBasicEnabled()) {
            ServerHttpRequest request = serverWebExchange.getRequest();
            ServerHttpResponse response = serverWebExchange.getResponse();
            if (!((Boolean) this.basicSecures.stream().filter(basicSecure -> {
                return checkAuth(request, basicSecure);
            }).findFirst().map(basicSecure2 -> {
                return Boolean.valueOf(checkBasic(basicSecure2.getUsername(), basicSecure2.getPassword()));
            }).orElse(true)).booleanValue()) {
                LOG.warn("授权认证失败，请求接口：{}，请求IP：{}，请求参数：{}", new Object[]{ReactiveRequests.getRequestUrl(request), ReactiveRequests.getIpAddress(request), JsonUtil.object2json(request.getQueryParams())});
                response.getHeaders().set("WWW-Authenticate", SecurityConstants.BASIC_REALM_HEADER_VALUE);
                return ReactiveResponseProvider.writeWith(response);
            }
        }
        return webFilterChain.filter(serverWebExchange);
    }

    private boolean checkAuth(ServerHttpRequest serverHttpRequest, BasicSecure basicSecure) {
        return checkMethod(serverHttpRequest, basicSecure.getMethod()) && checkPath(serverHttpRequest, basicSecure.getPattern());
    }

    private boolean checkMethod(ServerHttpRequest serverHttpRequest, SimpleHttpMethod simpleHttpMethod) {
        return simpleHttpMethod == SimpleHttpMethod.ALL || (simpleHttpMethod != null && simpleHttpMethod == SimpleHttpMethod.of(serverHttpRequest.getMethod().name()));
    }

    private boolean checkPath(ServerHttpRequest serverHttpRequest, String str) {
        String str2 = "";
        String value = serverHttpRequest.getPath().value();
        if (value != null && value.length() > 0) {
            str2 = str2 + value;
        }
        return this.excludePathPatterns.contains(str) || ANT_PATH_MATCHER.match(str, str2);
    }

    private boolean checkBasic(String str, String str2) {
        try {
            String[] extractAndDecodeHeader = SecurityReactiveAuthUtil.extractAndDecodeHeader();
            if (str.equals(extractAndDecodeHeader[0])) {
                if (str2.equals(extractAndDecodeHeader[1])) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            LOG.warn("授权认证失败，错误信息：{}", e.getMessage());
            return false;
        }
    }
}
