package com.nb6868.onex.common.aspect;

import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.ReUtil;
import cn.hutool.core.util.StrUtil;
import com.nb6868.onex.common.annotation.AccessControl;
import com.nb6868.onex.common.exception.ErrorCode;
import com.nb6868.onex.common.pojo.Result;
import com.nb6868.onex.common.util.HttpContextUtils;
import lombok.Generated;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;

@Aspect
@ConditionalOnProperty(name = {"onex.auth.access-control.enable"}, havingValue = "true", matchIfMissing = true)
@Component
@Order(100)
/* loaded from: input_file:com/nb6868/onex/common/aspect/AccessControlAspect.class */
public class AccessControlAspect {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(AccessControlAspect.class);

    @Autowired
    private Environment env;

    @Pointcut("@annotation(com.nb6868.onex.common.annotation.AccessControl)")
    public void pointcut() {
    }

    @Around("pointcut()")
    public Object around(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        MethodSignature signature = proceedingJoinPoint.getSignature();
        AccessControl accessControl = (AccessControl) proceedingJoinPoint.getTarget().getClass().getDeclaredMethod(signature.getName(), signature.getParameterTypes()).getAnnotation(AccessControl.class);
        if (accessControl == null) {
            return proceedingJoinPoint.proceed();
        }
        if ("white".equalsIgnoreCase(accessControl.ipFilter()) && ObjectUtil.isNotEmpty(accessControl.ipWhite())) {
            String ipAddr = HttpContextUtils.getIpAddr(HttpContextUtils.getHttpServletRequest());
            for (String str : accessControl.ipWhite()) {
                if (ReUtil.isMatch(str, ipAddr)) {
                    return checkAccessToken(accessControl) ? proceedingJoinPoint.proceed() : new Result().error(ErrorCode.ACCESS_TOKEN_FORBID);
                }
            }
            return new Result().error(ErrorCode.IP_BLACK);
        }
        if (!"black".equalsIgnoreCase(accessControl.ipFilter()) || !ObjectUtil.isNotEmpty(accessControl.ipBlack())) {
            return checkAccessToken(accessControl) ? proceedingJoinPoint.proceed() : new Result().error(ErrorCode.ACCESS_TOKEN_FORBID);
        }
        String ipAddr2 = HttpContextUtils.getIpAddr(HttpContextUtils.getHttpServletRequest());
        for (String str2 : accessControl.ipBlack()) {
            if (ReUtil.isMatch(str2, ipAddr2)) {
                return new Result().error(ErrorCode.IP_BLACK);
            }
        }
        return checkAccessToken(accessControl) ? proceedingJoinPoint.proceed() : new Result().error(ErrorCode.ACCESS_TOKEN_FORBID);
    }

    private boolean checkAccessToken(AccessControl accessControl) {
        if (!ObjectUtil.isNotEmpty(accessControl.allowTokenName())) {
            return true;
        }
        for (String str : accessControl.allowTokenName()) {
            String requestParameter = HttpContextUtils.getRequestParameter(str);
            if (StrUtil.isNotBlank(requestParameter) && requestParameter.equalsIgnoreCase(this.env.getProperty("onex.auth.access-control." + str))) {
                return true;
            }
        }
        return false;
    }
}
