package com.alibaba.otter.manager.web.webx.valve;

import com.alibaba.citrus.service.pipeline.PipelineContext;
import com.alibaba.citrus.service.pipeline.support.AbstractValve;
import com.alibaba.citrus.service.uribroker.URIBrokerService;
import com.alibaba.citrus.service.uribroker.uri.URIBroker;
import com.alibaba.citrus.turbine.TurbineRunData;
import com.alibaba.citrus.turbine.util.TurbineUtil;
import com.alibaba.citrus.util.StringUtil;
import com.alibaba.otter.manager.web.common.WebConstant;
import com.alibaba.otter.manager.web.common.api.ApiAuthService;
import com.alibaba.otter.manager.web.webx.valve.auth.RegExpURLAnalyze;
import com.alibaba.otter.shared.common.model.user.AuthorizeType;
import com.alibaba.otter.shared.common.model.user.User;
import com.alibaba.otter.shared.common.utils.Assert;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/alibaba/otter/manager/web/webx/valve/AuthContextValve.class */
public class AuthContextValve extends AbstractValve {
    private static final String DEFAULT_ACTION_PARAM_NAME = "action";
    private static final String DEFAULT_EVENT_PATTERN = "event_submit_do_";
    private static final String IMAGE_BUTTON_SUFFIX_1 = ".x";
    private static final String IMAGE_BUTTON_SUFFIX_2 = ".y";
    private static final String IMAGE_BUTTON_SUFFIX_3 = ".X";
    private static final String IMAGE_BUTTON_SUFFIX_4 = ".Y";

    @Autowired
    private HttpServletRequest request;

    @Autowired
    private URIBrokerService uriBrokerService;

    @Autowired
    private RegExpURLAnalyze urlAnalyze;

    @Autowired
    private ApiAuthService apiAuthService;
    private String loginLink = WebConstant.OTTER_LOGIN_LINK;
    private String forbiddenLink = WebConstant.ERROR_FORBIDDEN_Link;
    private String redirectParmeter = "Done";
    private String actionParam;

    protected void init() throws Exception {
        if (this.actionParam == null) {
            this.actionParam = DEFAULT_ACTION_PARAM_NAME;
        }
    }

    public void invoke(PipelineContext pipelineContext) throws Exception {
        TurbineRunData turbineRunData = TurbineUtil.getTurbineRunData(this.request);
        if (isAPI(turbineRunData)) {
            if (this.apiAuthService.auth(turbineRunData)) {
                pipelineContext.invokeNext();
                return;
            } else {
                redirect(pipelineContext, turbineRunData, this.forbiddenLink);
                return;
            }
        }
        List<AuthorizeType> check = this.urlAnalyze.check(turbineRunData.getRequest().getRequestURI());
        String camelCase = StringUtil.toCamelCase(StringUtil.trimToNull(turbineRunData.getParameters().getString(this.actionParam)));
        String eventName = getEventName();
        User user = (User) turbineRunData.getRequest().getSession().getAttribute(WebConstant.USER_SESSION_KEY);
        if (StringUtils.isNotEmpty(camelCase)) {
            check.addAll(this.urlAnalyze.check(camelCase, eventName));
        }
        if (check.isEmpty()) {
            redirect(pipelineContext, turbineRunData, this.forbiddenLink);
            return;
        }
        if (null != user) {
            if (compareAuth(user.getAuthorizeType(), check)) {
                pipelineContext.invokeNext();
                return;
            } else {
                redirect(pipelineContext, turbineRunData, this.forbiddenLink);
                return;
            }
        }
        if (check.contains(AuthorizeType.OPERATOR) || check.contains(AuthorizeType.ADMIN)) {
            redirect(pipelineContext, turbineRunData, this.loginLink);
        } else {
            pipelineContext.invokeNext();
        }
    }

    protected boolean isAPI(TurbineRunData turbineRunData) {
        return StringUtils.containsIgnoreCase(turbineRunData.getRequest().getRequestURI(), "/api/");
    }

    private boolean compareAuth(AuthorizeType authorizeType, List<AuthorizeType> list) {
        if (authorizeType.isAdmin()) {
            return true;
        }
        for (AuthorizeType authorizeType2 : list) {
            if (authorizeType.isOperator() && authorizeType2.isAdmin()) {
                return false;
            }
            if (authorizeType.isAnonymous() && !authorizeType2.isAnonymous()) {
                return false;
            }
        }
        return true;
    }

    public boolean isAuthenticated(TurbineRunData turbineRunData) {
        return ((Map) turbineRunData.getRequest().getSession().getAttribute(WebConstant.OTTER_USER_SESSION_KEY)) != null;
    }

    private void redirect(PipelineContext pipelineContext, TurbineRunData turbineRunData, String str) {
        URIBroker uRIBroker = (URIBroker) Assert.assertNotNull(this.uriBrokerService.getURIBroker(str), "uriBroker get from loginLink should not be null", new Object[0]);
        uRIBroker.addQueryData(this.redirectParmeter, getRequestUrlWithQueryString());
        turbineRunData.setRedirectLocation(uRIBroker.render());
        pipelineContext.breakPipeline("#TOP");
    }

    private String getRequestUrlWithQueryString() {
        StringBuffer requestURL = this.request.getRequestURL();
        String trimToNull = StringUtil.trimToNull(this.request.getQueryString());
        if (!StringUtil.isBlank(trimToNull)) {
            requestURL.append("?").append(trimToNull);
        }
        return requestURL.toString();
    }

    private String getEventName() {
        String str = null;
        Enumeration parameterNames = this.request.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str2 = (String) parameterNames.nextElement();
            String lowerCaseWithUnderscores = StringUtil.toLowerCaseWithUnderscores(str2);
            if (lowerCaseWithUnderscores.startsWith(DEFAULT_EVENT_PATTERN) && !StringUtil.isBlank(this.request.getParameter(str2))) {
                int length = DEFAULT_EVENT_PATTERN.length();
                int length2 = lowerCaseWithUnderscores.length();
                if (lowerCaseWithUnderscores.endsWith(IMAGE_BUTTON_SUFFIX_1)) {
                    length2 -= IMAGE_BUTTON_SUFFIX_1.length();
                } else if (lowerCaseWithUnderscores.endsWith(IMAGE_BUTTON_SUFFIX_2)) {
                    length2 -= IMAGE_BUTTON_SUFFIX_2.length();
                } else if (lowerCaseWithUnderscores.endsWith(IMAGE_BUTTON_SUFFIX_3)) {
                    length2 -= IMAGE_BUTTON_SUFFIX_3.length();
                } else if (lowerCaseWithUnderscores.endsWith(IMAGE_BUTTON_SUFFIX_4)) {
                    length2 -= IMAGE_BUTTON_SUFFIX_4.length();
                }
                str = StringUtil.trimToNull(lowerCaseWithUnderscores.substring(length, length2));
                if (str != null) {
                    break;
                }
            }
        }
        return str;
    }

    public void setLoginLink(String str) {
        this.loginLink = str;
    }

    public void setRedirectParmeter(String str) {
        this.redirectParmeter = str;
    }

    public void setActionParam(String str) {
        this.actionParam = str;
    }
}
