package top.tangyh.basic.security.aspect;

import cn.hutool.core.util.StrUtil;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.expression.BeanFactoryResolver;
import org.springframework.core.DefaultParameterNameDiscoverer;
import org.springframework.core.ParameterNameDiscoverer;
import org.springframework.core.annotation.SynthesizingMethodParameter;
import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import top.tangyh.basic.annotation.security.PreAuth;
import top.tangyh.basic.exception.ForbiddenException;
import top.tangyh.basic.exception.code.ExceptionCode;

@Aspect
/* loaded from: input_file:top/tangyh/basic/security/aspect/UriSecurityPreAuthAspect.class */
public class UriSecurityPreAuthAspect implements ApplicationContextAware {
    private static final Logger log = LoggerFactory.getLogger(UriSecurityPreAuthAspect.class);
    private static final ExpressionParser SP_EL_PARSER = new SpelExpressionParser();
    private static final ParameterNameDiscoverer PARAMETER_NAME_DISCOVERER = new DefaultParameterNameDiscoverer();
    private final VerifyAuthFunction verifyAuthFunction;
    private ApplicationContext ac;

    public UriSecurityPreAuthAspect(VerifyAuthFunction verifyAuthFunction) {
        this.verifyAuthFunction = verifyAuthFunction;
    }

    @Around("execution(public * top.tangyh.basic.base.controller.*.*(..)) || @annotation(top.tangyh.basic.annotation.security.PreAuth) || @within(top.tangyh.basic.annotation.security.PreAuth)")
    public Object preAuth(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        handleAuth(proceedingJoinPoint);
        return proceedingJoinPoint.proceed();
    }

    private void handleAuth(ProceedingJoinPoint proceedingJoinPoint) {
        if (!((Boolean) this.ac.getEnvironment().getProperty("lamp.security.enabled", Boolean.class, false)).booleanValue()) {
            log.debug("全局校验权限已经关闭");
            return;
        }
        Method method = proceedingJoinPoint.getSignature().getMethod();
        PreAuth preAuth = null;
        if (proceedingJoinPoint.getSignature() instanceof MethodSignature) {
            method = proceedingJoinPoint.getSignature().getMethod();
            if (method != null) {
                preAuth = (PreAuth) method.getAnnotation(PreAuth.class);
            }
        }
        String name = method != null ? method.getName() : "";
        PreAuth preAuth2 = (PreAuth) proceedingJoinPoint.getTarget().getClass().getAnnotation(PreAuth.class);
        if (preAuth == null && preAuth2 == null) {
            log.debug("执行方法[{}]无需校验权限", name);
            return;
        }
        if (preAuth != null && !preAuth.enabled()) {
            log.debug("执行方法[{}]无需校验权限", name);
            return;
        }
        if (preAuth2 != null && !preAuth2.enabled()) {
            log.debug("执行方法[{}]无需校验权限", name);
        } else {
            if (isFeign(name)) {
                return;
            }
            String condition = getCondition(preAuth, preAuth2);
            if (!StrUtil.isBlank(condition) && !invokePermit(proceedingJoinPoint, method, condition).booleanValue()) {
                throw ForbiddenException.wrap(ExceptionCode.FORBIDDEN.build("执行方法[%s]需要[%s]权限", new Object[]{name, condition}));
            }
        }
    }

    private boolean isFeign(String str) {
        HttpServletRequest request;
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes == null || (request = requestAttributes.getRequest()) == null || !"true".equals(request.getHeader("x-feign"))) {
            return false;
        }
        log.debug("内部调用方法[{}]无需校验权限", str);
        return true;
    }

    @Nullable
    private Boolean invokePermit(ProceedingJoinPoint proceedingJoinPoint, Method method, String str) {
        StandardEvaluationContext standardEvaluationContext = new StandardEvaluationContext(this.verifyAuthFunction);
        Expression parseExpression = SP_EL_PARSER.parseExpression(str);
        Object[] args = proceedingJoinPoint.getArgs();
        standardEvaluationContext.setBeanResolver(new BeanFactoryResolver(this.ac));
        for (int i = 0; i < args.length; i++) {
            SynthesizingMethodParameter synthesizingMethodParameter = new SynthesizingMethodParameter(method, i);
            synthesizingMethodParameter.initParameterNameDiscovery(PARAMETER_NAME_DISCOVERER);
            standardEvaluationContext.setVariable(synthesizingMethodParameter.getParameterName(), args[i]);
        }
        return (Boolean) parseExpression.getValue(standardEvaluationContext, Boolean.class);
    }

    @Nullable
    private String getCondition(PreAuth preAuth, PreAuth preAuth2) {
        String value = preAuth == null ? preAuth2.value() : preAuth.value();
        if (value.contains("{}")) {
            if (preAuth2 == null || !StrUtil.isNotBlank(preAuth2.replace())) {
                return null;
            }
            value = StrUtil.format(value, new Object[]{preAuth2.replace()});
        }
        return value;
    }

    public void setApplicationContext(@NonNull ApplicationContext applicationContext) throws BeansException {
        this.ac = applicationContext;
    }
}
