package org.zodiac.security.http.reactive.interceptor;

import java.util.Collections;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.lang.NonNull;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import org.zodiac.commons.util.Colls;
import org.zodiac.commons.util.Strings;
import org.zodiac.commons.util.serialize.JsonUtil;
import org.zodiac.commons.util.web.ReactiveRequests;
import org.zodiac.security.auth.model.SecurityPlatformUser;
import org.zodiac.security.config.SecurityHttpInfo;
import org.zodiac.security.http.ClientSecure;
import org.zodiac.security.http.reactive.ReactiveResponseProvider;
import org.zodiac.security.registry.SecurityRegistry;
import org.zodiac.security.util.SecurityReactiveAuthUtil;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/zodiac/security/http/reactive/interceptor/ClientInterceptor.class */
public class ClientInterceptor implements WebFilter {
    private static final Logger LOG = LoggerFactory.getLogger(ClientInterceptor.class);
    private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
    private final SecurityRegistry securityRegistry;
    private final SecurityHttpInfo securityHttpInfo;
    private List<ClientSecure> clientSecures;
    private List<String> excludePathPatterns;

    public ClientInterceptor(SecurityRegistry securityRegistry, SecurityHttpInfo securityHttpInfo) {
        this.securityRegistry = securityRegistry;
        this.securityHttpInfo = securityHttpInfo;
        if (!this.securityRegistry.isClientEnabled() && !this.securityHttpInfo.isClientEnabled()) {
            this.clientSecures = Colls.list();
            this.excludePathPatterns = Colls.list();
            return;
        }
        this.clientSecures = this.securityHttpInfo.getClient();
        if (this.clientSecures.size() > 0) {
            this.excludePathPatterns = this.securityRegistry.getExcludePatterns();
        } else {
            this.excludePathPatterns = Collections.emptyList();
        }
    }

    public Mono<Void> filter(@NonNull ServerWebExchange serverWebExchange, @NonNull WebFilterChain webFilterChain) {
        if (this.securityRegistry.isClientEnabled() || this.securityHttpInfo.isClientEnabled()) {
            ServerHttpRequest request = serverWebExchange.getRequest();
            ServerHttpResponse response = serverWebExchange.getResponse();
            if (!((Boolean) this.clientSecures.stream().filter(clientSecure -> {
                return checkAuth(request, clientSecure);
            }).findFirst().map(clientSecure2 -> {
                return Boolean.valueOf(checkClient(clientSecure2.getClientId()));
            }).orElse(true)).booleanValue()) {
                LOG.warn("客户端认证失败，请求接口：{}，请求IP：{}，请求参数：{}", new Object[]{ReactiveRequests.getRequestUrl(request), ReactiveRequests.getIpAddress(request), JsonUtil.object2json(request.getQueryParams())});
                return ReactiveResponseProvider.writeWith(response);
            }
        }
        return webFilterChain.filter(serverWebExchange);
    }

    private boolean checkAuth(ServerHttpRequest serverHttpRequest, ClientSecure clientSecure) {
        return checkPath(serverHttpRequest, clientSecure.getPathPatterns());
    }

    private boolean checkPath(ServerHttpRequest serverHttpRequest, List<String> list) {
        String str = "";
        String value = serverHttpRequest.getPath().value();
        if (value != null && value.length() > 0) {
            str = str + value;
        }
        for (String str2 : list) {
            if (!this.excludePathPatterns.contains(str2) && !ANT_PATH_MATCHER.match(str2, str)) {
                return false;
            }
        }
        return true;
    }

    private boolean checkClient(String str) {
        SecurityPlatformUser user = SecurityReactiveAuthUtil.getUser();
        return user != null && Strings.eqStr(str, SecurityReactiveAuthUtil.getClientIdFromHeader()) && Strings.eqStr(str, user.getClientId());
    }
}
