package org.zodiac.security.http.reactive.interceptor;

import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.lang.NonNull;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import org.zodiac.commons.util.serialize.JsonUtil;
import org.zodiac.commons.util.web.ReactiveRequests;
import org.zodiac.sdk.toolkit.http.SimpleHttpMethod;
import org.zodiac.security.auth.SecurityServletAuthFun;
import org.zodiac.security.config.SecurityHttpInfo;
import org.zodiac.security.http.AuthSecure;
import org.zodiac.security.http.reactive.ReactiveResponseProvider;
import org.zodiac.security.registry.SecurityRegistry;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/zodiac/security/http/reactive/interceptor/AuthInterceptor.class */
public class AuthInterceptor implements WebFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AuthInterceptor.class);
    private static final ExpressionParser EXPRESSION_PARSER = new SpelExpressionParser();
    private static final EvaluationContext EVALUATION_CONTEXT = new StandardEvaluationContext(new SecurityServletAuthFun());
    private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
    private final SecurityRegistry securityRegistry;
    private final SecurityHttpInfo securityHttpInfo;
    private List<AuthSecure> authSecures;
    private List<String> excludePathPatterns;

    public AuthInterceptor(SecurityRegistry securityRegistry, SecurityHttpInfo securityHttpInfo) {
        this.securityRegistry = securityRegistry;
        this.securityHttpInfo = securityHttpInfo;
        if (!this.securityRegistry.isAuthEnabled() && !this.securityHttpInfo.isAuthEnabled()) {
            this.authSecures = Collections.emptyList();
            this.excludePathPatterns = Collections.emptyList();
            return;
        }
        this.authSecures = this.securityRegistry.addAuthPatterns(this.securityHttpInfo.getAuth()).getAuthSecures();
        if (this.authSecures.size() <= 0) {
            this.excludePathPatterns = Collections.emptyList();
        } else {
            this.securityRegistry.excludePathPatterns((List<String>) this.authSecures.stream().map((v0) -> {
                return v0.getPattern();
            }).collect(Collectors.toList()));
            this.excludePathPatterns = this.securityRegistry.getExcludePatterns();
        }
    }

    public Mono<Void> filter(@NonNull ServerWebExchange serverWebExchange, @NonNull WebFilterChain webFilterChain) {
        if (this.securityRegistry.isAuthEnabled() || this.securityHttpInfo.isAuthEnabled()) {
            ServerHttpRequest request = serverWebExchange.getRequest();
            ServerHttpResponse response = serverWebExchange.getResponse();
            if (!((Boolean) this.authSecures.stream().filter(authSecure -> {
                return checkAuth(request, authSecure);
            }).findFirst().map(authSecure2 -> {
                return Boolean.valueOf(checkExpression(authSecure2.getExpression()));
            }).orElse(true)).booleanValue()) {
                LOG.warn("授权认证失败，请求接口：{}，请求IP：{}，请求参数：{}", new Object[]{ReactiveRequests.getRequestUrl(request), ReactiveRequests.getIpAddress(request), JsonUtil.object2json(request.getQueryParams())});
                return ReactiveResponseProvider.writeWith(response);
            }
        }
        return webFilterChain.filter(serverWebExchange);
    }

    private boolean checkAuth(ServerHttpRequest serverHttpRequest, AuthSecure authSecure) {
        return checkMethod(serverHttpRequest, authSecure.getMethod()) && checkPath(serverHttpRequest, authSecure.getPattern());
    }

    private boolean checkMethod(ServerHttpRequest serverHttpRequest, SimpleHttpMethod simpleHttpMethod) {
        return simpleHttpMethod == SimpleHttpMethod.ALL || (simpleHttpMethod != null && simpleHttpMethod == SimpleHttpMethod.of(serverHttpRequest.getMethod().name()));
    }

    private boolean checkPath(ServerHttpRequest serverHttpRequest, String str) {
        String str2 = "";
        String value = serverHttpRequest.getPath().value();
        if (value != null && value.length() > 0) {
            str2 = str2 + value;
        }
        return this.excludePathPatterns.contains(str) || ANT_PATH_MATCHER.match(str, str2);
    }

    private boolean checkExpression(String str) {
        Boolean bool = (Boolean) EXPRESSION_PARSER.parseExpression(str).getValue(EVALUATION_CONTEXT, Boolean.class);
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }
}
