package cc.lechun.framework.gateway.filter;

import cc.lechun.framework.common.enums.common.EnvironmentEnum;
import cc.lechun.framework.common.utils.cache.RedisCacheUtil;
import cc.lechun.framework.common.utils.log.AccessLogDBConfig;
import cc.lechun.framework.common.utils.log.AccessLogEntity;
import cc.lechun.framework.common.utils.log.LoggerUtil;
import cc.lechun.framework.common.utils.login.LoginUtils;
import cc.lechun.framework.common.utils.login.MallUserEntity;
import cc.lechun.framework.common.utils.string.StringUtils;
import cc.lechun.framework.common.utils.web.IpUtil;
import cc.lechun.framework.common.utils.web.ResponseUtils;
import cc.lechun.framework.common.vo.BaseJsonVo;
import cc.lechun.framework.gateway.apiInvoke.BaseServiceInvoke;
import com.alibaba.fastjson.JSON;
import com.aliyun.openservices.aliyun.log.producer.Producer;
import com.aliyun.openservices.aliyun.log.producer.errors.ProducerException;
import com.aliyun.openservices.log.common.LogItem;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Component
@Order(99)
/* loaded from: input_file:BOOT-INF/classes/cc/lechun/framework/gateway/filter/RightControlFilter.class */
public class RightControlFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) RightControlFilter.class);

    @Value("${whiteList}")
    private String writeList;

    @Value("${ipWriteList}")
    private String ipWriteList;

    @Value("${lechun.environment}")
    private String environment;

    @Autowired
    private BaseServiceInvoke baseServiceInvoke;

    @Value("${ipBlackList}")
    private String ipBlackList;

    @Value("${aliyun.sls.project}")
    private String project;

    @Value("${aliyun.sls.logStore}")
    private String logStore;

    @Autowired
    private RedisCacheUtil redisCacheUtil;

    @Autowired
    private AccessLogDBConfig accessLogDBConfig;

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private LoginUtils loginUtils;

    @Autowired
    private Producer producer;

    @Override // jakarta.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // jakarta.servlet.Filter
    public void destroy() {
    }

    @Override // jakarta.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        BaseJsonVo error;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String lowerCase = httpServletRequest.getRequestURI().toLowerCase();
        logger.info("doFilter,path:" + lowerCase);
        BaseJsonVo<MallUserEntity> loginUserId = loginUserId(httpServletRequest, lowerCase);
        String parameter = httpServletRequest.getParameter("pageRouterUrl");
        if (StringUtils.isEmpty(parameter)) {
            parameter = httpServletRequest.getHeader("Pagerouterurl");
            if (parameter == null) {
                parameter = "";
            }
        }
        AccessLogEntity accessLog = LoggerUtil.getAccessLog(httpServletRequest);
        if (loginUserId.isSuccess()) {
            accessLog.setUserId(loginUserId.getValue().getUserId());
        }
        long currentTimeMillis = System.currentTimeMillis();
        accessLog.setEndTime(currentTimeMillis);
        accessLog.setRunTimes(currentTimeMillis - accessLog.getBeginTime());
        accessLog.setUrl(parameter);
        if (!"".equals(parameter)) {
            this.accessLogDBConfig.writeAccessDBLog(accessLog);
        }
        if (StringUtils.isNotEmpty(accessLog.getAction()) && !accessLog.getAction().contains("/health") && !accessLog.getAction().contains("/saveAccessLog")) {
            try {
                LogItem logItem = new LogItem();
                logItem.PushBack("员工ID", accessLog.getUserId());
                logItem.PushBack("员工姓名", loginUserId.isSuccess() ? loginUserId.getValue().getUserNick() : "");
                logItem.PushBack("IP", accessLog.getIp());
                logItem.PushBack("系统", accessLog.getAction() == null ? "" : accessLog.getAction().split("/")[1]);
                logItem.PushBack("接口", accessLog.getAction());
                logItem.PushBack("参数", accessLog.getParams());
                logItem.PushBack("耗时", String.valueOf(accessLog.getRunTimes()));
                logItem.PushBack("页面", parameter);
                this.producer.send(this.project, this.logStore, logItem);
            } catch (ProducerException | InterruptedException e) {
            }
        }
        String[] split = parameter.split("/");
        String str = "";
        for (String str2 : split) {
            if (str2 != "" && !Pattern.compile("[0-9]*").matcher(str2).matches()) {
                str = str + "/" + str2;
            }
        }
        String parameter2 = httpServletRequest.getParameter("testAuthor");
        if (StringUtils.isEmpty(parameter2)) {
            parameter2 = httpServletRequest.getHeader("testAuthor");
        }
        logger.info("进入filter：" + lowerCase + ",testAuthor：" + parameter2);
        Integer isControl = isControl(lowerCase, str);
        if (isControl.intValue() == 1 || isControl.intValue() == 2) {
            if (isIpBlackList(httpServletRequest)) {
                logger.info("黑名单拦截，重定向到无权限页面" + lowerCase);
                ResponseUtils.corsConfigFilter(httpServletRequest, httpServletResponse);
                httpServletResponse.getWriter().write(JSON.toJSONString(new BaseJsonVo(403, BaseJsonVo.NO_SECURITY_MESSAGE)));
                return;
            }
            if (isIpWriteList(httpServletRequest)) {
                logger.info("ip白名单放行" + lowerCase);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (isWriteList(lowerCase)) {
                logger.info("白名单放行" + lowerCase);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (isTestAuthor(lowerCase, parameter2)) {
                logger.info("测试放行" + lowerCase);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (!loginUserId.isSuccess()) {
                logger.info("没有登录重定向到登录" + lowerCase);
                ResponseUtils.corsConfigFilter(httpServletRequest, httpServletResponse);
                httpServletResponse.getWriter().write(JSON.toJSONString(new BaseJsonVo(BaseJsonVo.NO_LOGIN_CODE, BaseJsonVo.NO_LOGIN_MESSAGE)));
                return;
            }
            if (isControl.intValue() == 2) {
                logger.info("权限判断：user:" + String.valueOf(loginUserId.getValue()) + "_pageUrl:" + str);
                try {
                    error = this.baseServiceInvoke.getUserRoleRight(loginUserId.getValue().getUserId(), str, 1);
                } catch (Exception e2) {
                    error = BaseJsonVo.error("权限服务调不通了");
                }
                if (!error.isSuccess()) {
                    logger.info("没有权限，拦截，重定向到无权限页面");
                    ResponseUtils.corsConfigFilter(httpServletRequest, httpServletResponse);
                    httpServletResponse.getWriter().write(JSON.toJSONString(new BaseJsonVo(403, BaseJsonVo.NO_SECURITY_MESSAGE)));
                    return;
                }
                String header = httpServletRequest.getHeader("Referer");
                logger.info("得到referer：" + header);
                if (header == null || !header.contains("lechun.cc")) {
                    ResponseUtils.corsConfigFilter(httpServletRequest, httpServletResponse);
                    httpServletResponse.getWriter().write(JSON.toJSONString(new BaseJsonVo(403, BaseJsonVo.NO_SECURITY_MESSAGE)));
                    return;
                }
                logger.info("所有规则通过，放行" + lowerCase);
            }
        } else {
            logger.info("不拦截放行" + lowerCase);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private Integer isControl(String str, String str2) {
        String[] split = str.split("/");
        String str3 = split.length > 1 ? split[1] : split[0];
        if (str2.startsWith("/csms")) {
            str3 = "lechun-csms";
        }
        if (str2.startsWith("/admin")) {
            str3 = "lechun-ams";
        }
        if (str2.startsWith("/oa")) {
            str3 = "lechun-oa";
        }
        if (str2.startsWith("/scrm")) {
            str3 = "lechun-cms";
        }
        if (str2.endsWith("dashboard") || str2.equals("/oa/formplayground")) {
            return 0;
        }
        logger.info("curSys:" + str3 + "，pageRouterUrl:" + str2);
        Iterator<String> it = getEnableSystemList(1).iterator();
        while (it.hasNext()) {
            if (str3.toLowerCase().equals(it.next().toLowerCase())) {
                return 1;
            }
        }
        Iterator<String> it2 = getEnableSystemList(2).iterator();
        while (it2.hasNext()) {
            if (str3.toLowerCase().equals(it2.next().toLowerCase())) {
                return 2;
            }
        }
        return 0;
    }

    private List<String> getEnableSystemList(int i) {
        BaseJsonVo error;
        String str = "gateway.enableSystemList" + i;
        Object obj = this.redisCacheUtil.get(str);
        if (obj != null) {
            return (List) obj;
        }
        try {
            error = this.baseServiceInvoke.getEnableSystemList(Integer.valueOf(i));
        } catch (Exception e) {
            error = BaseJsonVo.error("权限服务调不通了");
        }
        if (!error.isSuccess()) {
            return new ArrayList();
        }
        List<String> list = (List) error.getValue();
        this.redisCacheUtil.set(str, list, 300L);
        return list;
    }

    private boolean isWriteList(String str) {
        for (String str2 : this.writeList.split("\\n")) {
            if (str.contains(str2.toLowerCase())) {
                return true;
            }
        }
        return false;
    }

    private boolean isIpWriteList(HttpServletRequest httpServletRequest) {
        if (!StringUtils.isNotEmpty(this.ipWriteList)) {
            return false;
        }
        String cliectIp = IpUtil.getCliectIp(httpServletRequest);
        String[] split = this.ipWriteList.split("\\n");
        logger.info("ipWriteList:" + cliectIp);
        for (String str : split) {
            if (str.contains(cliectIp)) {
                return true;
            }
        }
        return false;
    }

    private boolean isTestAuthor(String str, String str2) {
        if (StringUtils.isEmpty(str2)) {
            return false;
        }
        BaseJsonVo checkTestAuthor = this.loginUtils.checkTestAuthor(str2);
        logger.info("isTestAuthor:" + checkTestAuthor.isSuccess() + "，message：" + checkTestAuthor.getMessage());
        return checkTestAuthor.isSuccess();
    }

    private boolean isServiceInvoke(HttpServletRequest httpServletRequest) {
        return true;
    }

    private boolean isIpBlackList(HttpServletRequest httpServletRequest) {
        if (!StringUtils.isNotEmpty(this.ipBlackList)) {
            return false;
        }
        String cliectIp = IpUtil.getCliectIp(httpServletRequest);
        for (String str : this.ipBlackList.split("\\n")) {
            if (str.contains(cliectIp)) {
                return true;
            }
        }
        return false;
    }

    private BaseJsonVo<MallUserEntity> loginUserId(HttpServletRequest httpServletRequest, String str) {
        try {
            return str.contains("/lechun-mall/") ? BaseJsonVo.error("mall没有登录呀") : BaseJsonVo.success(this.loginUtils.getUser());
        } catch (Exception e) {
            return BaseJsonVo.error("没有登录呀");
        }
    }

    private boolean isProduction() {
        return EnvironmentEnum.PRODUCT.getValue().equals(this.environment);
    }
}
