package cc.lechun.framework.gatewaynewserver.filter;

import cc.lechun.framework.gatewaynewserver.apiInvoke.BaseServiceInvoke;
import cc.lechun.framework.gatewaynewserver.config.shiro.MallUserEntity;
import cc.lechun.framework.gatewaynewserver.util.BaseJsonVoGate;
import cc.lechun.framework.gatewaynewserver.util.DateUtils;
import cc.lechun.framework.gatewaynewserver.util.IpUtilGate;
import cc.lechun.framework.gatewaynewserver.util.JsonUtilsGate;
import cc.lechun.framework.gatewaynewserver.util.LoginUtilsGate;
import cc.lechun.framework.gatewaynewserver.util.RedisCacheUtilGate;
import com.alibaba.nacos.common.utils.InternetAddressUtil;
import com.aliyun.openservices.aliyun.log.producer.Producer;
import com.aliyun.openservices.log.common.LogItem;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.configuration.DataConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.cloud.gateway.support.MvcFoundOnClasspathException;
import org.springframework.cloud.gateway.support.NotFoundException;
import org.springframework.cloud.gateway.support.ServerWebExchangeUtils;
import org.springframework.cloud.gateway.support.ServiceUnavailableException;
import org.springframework.cloud.gateway.support.TimeoutException;
import org.springframework.core.annotation.Order;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ResponseStatusException;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

@Component
@Order(99)
/* loaded from: input_file:BOOT-INF/classes/cc/lechun/framework/gatewaynewserver/filter/RightControlFilter.class */
public class RightControlFilter implements GlobalFilter {

    @Value("${serverHosts:*}")
    private String serverHosts;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) RightControlFilter.class);

    @Value("${whiteList}")
    private String writeList;

    @Value("${ipWriteList}")
    private String ipWriteList;

    @Value("${lechun.environment}")
    private String environment;

    @Autowired
    private BaseServiceInvoke baseServiceInvoke;

    @Value("${ipBlackList}")
    private String ipBlackList;

    @Value("${aliyun.sls.project}")
    private String project;

    @Value("${aliyun.sls.logStore}")
    private String logStore;

    @Value("${allowOrigin}")
    private String allowOrigin;

    @Autowired
    private RedisCacheUtilGate redisCacheUtil;

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private LoginUtilsGate loginUtils;

    @Autowired
    private Producer producer;

    @Override // org.springframework.cloud.gateway.filter.GlobalFilter
    public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
        BaseJsonVoGate error;
        serverWebExchange.getAttributes().put("BEGIN_VISIT_TIME", Long.valueOf(System.currentTimeMillis()));
        ServerHttpRequest request = serverWebExchange.getRequest();
        serverWebExchange.getResponse().getHeaders().add("gateway", getServerName(request.getLocalAddress().getAddress().getHostAddress()));
        if (request.getMethod().equals(HttpMethod.OPTIONS)) {
            return gatewayFilterChain.filter(serverWebExchange);
        }
        String str = (String) serverWebExchange.getAttribute("sysPath");
        if (str == null) {
            str = request.getPath().value().toLowerCase();
        }
        logger.info("ref:" + request.getHeaders().getFirst("Referer") + ",ip:" + IpUtilGate.getCliectIp(request) + ",path:" + str);
        BaseJsonVoGate<MallUserEntity> loginUserId = loginUserId(request, str);
        String first = request.getQueryParams().getFirst("pageRouterUrl");
        if (StringUtils.isEmpty(first)) {
            first = request.getHeaders().getFirst("Pagerouterurl");
            if (first == null) {
                first = "";
            }
        }
        LogItem saveLogBefore = saveLogBefore(serverWebExchange, loginUserId, first);
        String[] split = first.split("/");
        String str2 = "";
        for (String str3 : split) {
            if (str3 != "" && !Pattern.compile("[0-9]*").matcher(str3).matches()) {
                str2 = str2 + "/" + str3;
            }
        }
        String first2 = request.getQueryParams().getFirst("testAuthor");
        if (StringUtils.isEmpty(first2)) {
            first2 = request.getHeaders().getFirst("testAuthor");
        }
        Integer isControl = isControl(str, str2);
        if (isControl.intValue() == 1 || isControl.intValue() == 2) {
            if (isIpBlackList(request)) {
                logger.info("黑名单拦截，重定向到无权限页面" + str);
                return updateResponse(serverWebExchange, gatewayFilterChain, new BaseJsonVoGate(403, BaseJsonVoGate.NO_SECURITY_MESSAGE), saveLogBefore);
            }
            if (isIpWriteList(request)) {
                logger.info("ip白名单放行" + str);
                return getVoidMono(serverWebExchange, gatewayFilterChain, saveLogBefore);
            }
            if (isWriteList(str)) {
                logger.info("白名单放行" + str);
                return getVoidMono(serverWebExchange, gatewayFilterChain, saveLogBefore);
            }
            if (isTestAuthor(request, str, first2)) {
                logger.info("测试放行" + str);
                return getVoidMono(serverWebExchange, gatewayFilterChain, saveLogBefore);
            }
            if (!loginUserId.isSuccess()) {
                logger.info("没有登录重定向到登录" + str);
                return updateResponse(serverWebExchange, gatewayFilterChain, new BaseJsonVoGate(BaseJsonVoGate.NO_LOGIN_CODE, BaseJsonVoGate.NO_LOGIN_MESSAGE), saveLogBefore);
            }
            if (isControl.intValue() == 2) {
                logger.info("权限判断：user:" + String.valueOf(loginUserId.getValue()) + "_pageUrl:" + str2);
                try {
                    error = this.baseServiceInvoke.getUserRoleRight(loginUserId.getValue().getUserId(), str2, 1);
                } catch (Exception e) {
                    error = BaseJsonVoGate.error("权限服务调不通了" + str);
                }
                if (!error.isSuccess()) {
                    logger.info("没有权限，拦截，重定向到无权限页面" + str);
                    return updateResponse(serverWebExchange, gatewayFilterChain, new BaseJsonVoGate(403, BaseJsonVoGate.NO_SECURITY_MESSAGE), saveLogBefore);
                }
                String first3 = request.getHeaders().getFirst("Referer");
                logger.info("path:" + str + "得到referer：" + first3);
                if (first3 == null || !first3.contains("lechun.cc")) {
                    return updateResponse(serverWebExchange, gatewayFilterChain, new BaseJsonVoGate(403, BaseJsonVoGate.NO_SECURITY_MESSAGE), saveLogBefore);
                }
            }
            logger.info("所有规则通过，放行" + str);
        } else {
            logger.info("不拦截放行" + str);
        }
        return getVoidMono(serverWebExchange, gatewayFilterChain, saveLogBefore);
    }

    public Mono<Void> updateResponse(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain, BaseJsonVoGate baseJsonVoGate, LogItem logItem) {
        ServerHttpResponse response = serverWebExchange.getResponse();
        response.setStatusCode(HttpStatus.OK);
        String first = serverWebExchange.getRequest().getHeaders().getFirst("Referer");
        if (first == null) {
            first = "";
        }
        if (first.endsWith("/")) {
            first = first.substring(0, first.length() - 1);
        }
        boolean z = false;
        for (String str : this.allowOrigin.split(",")) {
            if (first.contains(str)) {
                z = true;
            }
        }
        if (!z) {
            first = "https://lechun.cc";
        }
        String str2 = first;
        return serverWebExchange.getRequest().getBody().collectList().flatMap(list -> {
            StringBuffer stringBuffer = new StringBuffer();
            Iterator it = list.iterator();
            while (it.hasNext()) {
                DataBuffer dataBuffer = (DataBuffer) it.next();
                byte[] bArr = new byte[dataBuffer.readableByteCount()];
                dataBuffer.read(bArr);
                stringBuffer.append(new String(bArr));
            }
            byte[] bytes = JsonUtilsGate.toJson(baseJsonVoGate, false).getBytes();
            response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
            response.getHeaders().setAcceptCharset(Collections.singletonList(StandardCharsets.UTF_8));
            response.getHeaders().set("Content-Length", bytes.length);
            if (str2 != null) {
                response.getHeaders().add("Access-Control-Allow-Origin", str2);
            }
            response.getHeaders().add("Access-Control-Allow-Methods", "*");
            response.getHeaders().add("Access-Control-Allow-Credentials", "true");
            response.getHeaders().add("Access-Control-Allow-Headers", "*");
            DataBuffer wrap = response.bufferFactory().wrap(bytes);
            saveLogAfter(serverWebExchange, logItem, "complete");
            return response.writeWith(Mono.just(wrap));
        });
    }

    public ServerWebExchange responseHeader(ServerWebExchange serverWebExchange) {
        ServerHttpResponse response = serverWebExchange.getResponse();
        response.setStatusCode(HttpStatus.OK);
        response.getHeaders().add("Content-Type", "application/json;charset=UTF-8");
        response.getHeaders().add("Access-Control-Allow-Origin", "*");
        response.getHeaders().add("Access-Control-Allow-Methods", "*");
        response.getHeaders().add("Access-Control-Allow-Credentials", "true");
        response.getHeaders().add("Access-Control-Allow-Headers", "*");
        return serverWebExchange.mutate().response(response).build();
    }

    private Integer isControl(String str, String str2) {
        String[] split = str.split("/");
        String str3 = "";
        if (split.length > 0) {
            str3 = split.length > 1 ? split[1] : split[0];
        }
        if (str2.startsWith("/csms")) {
            str3 = "lechun-csms";
        }
        if (str2.startsWith("/admin")) {
            str3 = "lechun-ams";
        }
        if (str2.startsWith("/oa")) {
            str3 = "lechun-oa";
        }
        if (str2.startsWith("/scrm")) {
            str3 = "lechun-cms";
        }
        if (str2.endsWith("dashboard") || str2.equals("/oa/formplayground")) {
            return 0;
        }
        Iterator<String> it = getEnableSystemList(1).iterator();
        while (it.hasNext()) {
            if (str3.toLowerCase().equals(it.next().toLowerCase())) {
                return 1;
            }
        }
        Iterator<String> it2 = getEnableSystemList(2).iterator();
        while (it2.hasNext()) {
            if (str3.toLowerCase().equals(it2.next().toLowerCase())) {
                return 2;
            }
        }
        return 0;
    }

    private List<String> getEnableSystemList(int i) {
        BaseJsonVoGate error;
        String str = "gateway.enableSystemList" + i;
        Object obj = this.redisCacheUtil.get(str);
        if (obj != null) {
            return (List) obj;
        }
        try {
            error = this.baseServiceInvoke.getEnableSystemList(Integer.valueOf(i));
        } catch (Exception e) {
            error = BaseJsonVoGate.error("权限服务调不通了");
        }
        if (!error.isSuccess()) {
            return new ArrayList();
        }
        List<String> list = (List) error.getValue();
        this.redisCacheUtil.set(str, list, 300L);
        return list;
    }

    private boolean isWriteList(String str) {
        for (String str2 : this.writeList.split("\\n")) {
            if (str.contains(str2.toLowerCase())) {
                return true;
            }
        }
        return false;
    }

    private boolean isIpWriteList(ServerHttpRequest serverHttpRequest) {
        if (StringUtils.isEmpty(this.ipWriteList)) {
            return false;
        }
        String cliectIp = IpUtilGate.getCliectIp(serverHttpRequest);
        String[] split = this.ipWriteList.split("\\n");
        logger.info("ipWriteList:" + cliectIp);
        for (String str : split) {
            if (str.contains(cliectIp)) {
                return true;
            }
        }
        return false;
    }

    private boolean isTestAuthor(ServerHttpRequest serverHttpRequest, String str, String str2) {
        if (StringUtils.isEmpty(str2)) {
            return false;
        }
        BaseJsonVoGate checkTestAuthor = this.loginUtils.checkTestAuthor(serverHttpRequest, str2);
        logger.info("isTestAuthor:" + checkTestAuthor.isSuccess() + "，message：" + checkTestAuthor.getMessage());
        return checkTestAuthor.isSuccess();
    }

    private boolean isServiceInvoke(ServerHttpRequest serverHttpRequest) {
        return true;
    }

    private boolean isIpBlackList(ServerHttpRequest serverHttpRequest) {
        if (StringUtils.isEmpty(this.ipBlackList)) {
            return false;
        }
        String cliectIp = IpUtilGate.getCliectIp(serverHttpRequest);
        for (String str : this.ipBlackList.split("\\n")) {
            if (str.contains(cliectIp)) {
                return true;
            }
        }
        return false;
    }

    private BaseJsonVoGate<MallUserEntity> loginUserId(ServerHttpRequest serverHttpRequest, String str) {
        try {
            return str.contains("/lechun-mall/") ? BaseJsonVoGate.error("mall没有登录呀") : BaseJsonVoGate.success(this.loginUtils.getUser(serverHttpRequest));
        } catch (Exception e) {
            return BaseJsonVoGate.error("没有登录呀");
        }
    }

    public Mono<Void> getVoidMono(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain, LogItem logItem) {
        return gatewayFilterChain.filter(serverWebExchange).then(Mono.fromRunnable(() -> {
            if (serverWebExchange.getResponse().getStatusCode() == HttpStatus.OK) {
                saveLogAfter(serverWebExchange, logItem, "200 complete");
            } else {
                saveLogAfter(serverWebExchange, logItem, HttpStatus.valueOf(serverWebExchange.getResponse().getStatusCode().value()).toString());
                logger.error("网关请求微服务异常：{}", logItem.ToJsonString());
            }
        })).doOnError(th -> {
            if (th instanceof MvcFoundOnClasspathException) {
                saveLogAfter(serverWebExchange, logItem, "100 classPathNotFound");
            } else if (th instanceof NotFoundException) {
                saveLogAfter(serverWebExchange, logItem, ((NotFoundException) th).getStatusCode().toString());
            } else if (th instanceof ServiceUnavailableException) {
                saveLogAfter(serverWebExchange, logItem, ((NotFoundException) th).getStatusCode().toString());
            } else if (th instanceof TimeoutException) {
                saveLogAfter(serverWebExchange, logItem, HttpStatus.GATEWAY_TIMEOUT.toString());
            } else if (th instanceof ResponseStatusException) {
                saveLogAfter(serverWebExchange, logItem, ((ResponseStatusException) th).getStatusCode().toString());
            }
            logger.error("网关异常：{}，{}", logItem.ToJsonString(), th);
        }).then();
    }

    private LogItem saveLogBefore(ServerWebExchange serverWebExchange, BaseJsonVoGate<MallUserEntity> baseJsonVoGate, String str) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        try {
            String str2 = (String) serverWebExchange.getAttribute("sysPath");
            if (str2 == null) {
                str2 = request.getPath().value().toLowerCase();
            }
            if (StringUtils.isEmpty(str2) || str2.contains("/health") || str2.contains("/saveaccesslog")) {
                return null;
            }
            String name = request.getMethod().name();
            LogItem logItem = new LogItem();
            if (HttpMethod.POST.matches(name.toUpperCase())) {
                Object obj = serverWebExchange.getAttributes().get("POST_BODY");
                MultiValueMap<String, String> queryParams = request.getQueryParams();
                logItem.PushBack("参数", obj != null ? obj.toString() : queryParams != null ? queryParams.toString() : "");
            } else if (HttpMethod.GET.matches(name)) {
                MultiValueMap<String, String> queryParams2 = request.getQueryParams();
                logItem.PushBack("参数", queryParams2 != null ? queryParams2.toString() : "");
            }
            logItem.PushBack("唯一ID", serverWebExchange.getRequest().getId());
            logItem.PushBack("员工ID", baseJsonVoGate.isSuccess() ? baseJsonVoGate.getValue().getUserId() : "");
            logItem.PushBack("员工姓名", baseJsonVoGate.isSuccess() ? baseJsonVoGate.getValue().getUserNick() : "");
            logItem.PushBack("IP", IpUtilGate.getCliectIp(request));
            String str3 = "";
            if (!StringUtils.isEmpty(str2)) {
                String[] split = str2.split("/");
                if (split.length > 1) {
                    str3 = split[1];
                }
            }
            logItem.PushBack("系统", str3);
            logItem.PushBack("接口", str2);
            logItem.PushBack("访问时间", DateUtils.formatDate(new Date(), DataConfiguration.DEFAULT_DATE_FORMAT));
            logItem.PushBack("访问方式", name);
            logItem.PushBack("页面", str);
            logItem.PushBack("网关", getServerName(request.getLocalAddress().getAddress().getHostAddress()));
            logItem.PushBack("网关端口", String.valueOf(request.getLocalAddress().getPort()));
            logItem.PushBack("userTicket", request.getQueryParams().getFirst("userTicket"));
            logItem.PushBack("环境", this.environment);
            return logItem;
        } catch (Exception e) {
            return null;
        }
    }

    private void saveLogAfter(ServerWebExchange serverWebExchange, LogItem logItem, String str) {
        if (logItem != null) {
            try {
                Long l = (Long) serverWebExchange.getAttribute("BEGIN_VISIT_TIME");
                if (logItem != null) {
                    URI uri = (URI) serverWebExchange.getRequiredAttribute(ServerWebExchangeUtils.GATEWAY_REQUEST_URL_ATTR);
                    if (uri != null) {
                        String serverName = getServerName(uri.getHost());
                        logItem.PushBack("目标机器", serverName);
                        logItem.PushBack("目标端口", String.valueOf(uri.getPort()));
                        serverWebExchange.getResponse().getHeaders().add("host", serverName);
                    } else {
                        logItem.PushBack("目标机器", "none");
                    }
                    logItem.PushBack("访问状态", str);
                    logItem.PushBack("耗时", String.valueOf(System.currentTimeMillis() - (l == null ? System.currentTimeMillis() : l.longValue())));
                    this.producer.send(this.project, this.logStore, logItem);
                }
            } catch (Exception e) {
                logger.error("saveLogAfter error", (Throwable) e);
            }
        }
    }

    private String getServerName(String str) {
        if (str != null) {
            if (!str.equals(InternetAddressUtil.LOCAL_HOST) && !str.equals("127.0.0.1") && str != "") {
                String str2 = (String) Arrays.stream(this.serverHosts.split(",")).filter(str3 -> {
                    return str3.contains(str);
                }).findFirst().orElse(null);
                if (str2 != null) {
                    String[] split = str2.split("\\:");
                    return split.length > 1 ? split[1] : "unnown";
                }
                if (!str.contains(".")) {
                    return "";
                }
                String[] split2 = str.split("\\.");
                return split2[split2.length - 1];
            }
        }
        return str;
    }
}
