package com.github.jspxnet.txweb.interceptor;

import com.github.jspxnet.boot.EnvFactory;
import com.github.jspxnet.boot.environment.Environment;
import com.github.jspxnet.boot.environment.EnvironmentTemplate;
import com.github.jspxnet.boot.res.LanguageRes;
import com.github.jspxnet.boot.sign.HttpStatusType;
import com.github.jspxnet.cache.DefaultCache;
import com.github.jspxnet.cache.JSCacheManager;
import com.github.jspxnet.enums.ErrorEnumType;
import com.github.jspxnet.enums.UserEnumType;
import com.github.jspxnet.io.IoUtil;
import com.github.jspxnet.json.JSONObject;
import com.github.jspxnet.network.rpc.model.transfer.RequestTo;
import com.github.jspxnet.sioc.annotation.Bean;
import com.github.jspxnet.sioc.annotation.Ref;
import com.github.jspxnet.txweb.Action;
import com.github.jspxnet.txweb.ActionInvocation;
import com.github.jspxnet.txweb.IRole;
import com.github.jspxnet.txweb.context.ActionContext;
import com.github.jspxnet.txweb.context.ThreadContextHolder;
import com.github.jspxnet.txweb.dao.PermissionDAO;
import com.github.jspxnet.txweb.enums.WebOutEnumType;
import com.github.jspxnet.txweb.env.ActionEnv;
import com.github.jspxnet.txweb.online.OnlineManager;
import com.github.jspxnet.txweb.result.RocResponse;
import com.github.jspxnet.txweb.table.Role;
import com.github.jspxnet.txweb.table.UserSession;
import com.github.jspxnet.txweb.util.RequestUtil;
import com.github.jspxnet.txweb.util.TXWebUtil;
import com.github.jspxnet.utils.ArrayUtil;
import com.github.jspxnet.utils.DateUtil;
import com.github.jspxnet.utils.ObjectUtil;
import com.github.jspxnet.utils.StringUtil;
import java.io.File;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Bean(bind = PermissionInterceptor.class)
/* loaded from: input_file:com/github/jspxnet/txweb/interceptor/PermissionInterceptor.class */
public class PermissionInterceptor extends InterceptorSupport {
    private static final String GUEST_STOP_URL_TXT = "guest_stop_url_txt";
    private static final String ADMIN_RULE_URL_TXT = "admin_rule_url_txt";
    private String guestUrlFile = "guesturl.properties";
    private String adminUrlFile = "adminurl.properties";
    private boolean useAppolloConfig = false;
    private boolean permission = true;
    private boolean autoOrganizeId = true;
    private boolean useGuestUrl = true;

    @Ref
    private OnlineManager onlineManager;

    @Ref
    private PermissionDAO permissionDAO;
    private static final Logger log = LoggerFactory.getLogger(PermissionInterceptor.class);
    private static String[] guestStopUrl = null;
    private static String[] ruleOutUrl = null;
    private static String[] adminRuleUrl = null;
    private static String[] adminRuleOutUrl = null;

    public void setPermission(boolean z) {
        this.permission = z;
    }

    public void setAutoOrganizeId(boolean z) {
        this.autoOrganizeId = z;
    }

    public void setUseGuestUrl(boolean z) {
        this.useGuestUrl = z;
    }

    public String getGuestUrlFile() {
        return this.guestUrlFile;
    }

    public void setGuestUrlFile(String str) {
        this.guestUrlFile = str;
    }

    public boolean isUseAppolloConfig() {
        return this.useAppolloConfig;
    }

    public void setUseAppolloConfig(boolean z) {
        this.useAppolloConfig = z;
    }

    @Override // com.github.jspxnet.txweb.Interceptor
    public void destroy() {
    }

    @Override // com.github.jspxnet.txweb.Interceptor
    public void init() {
        if (this.useAppolloConfig) {
            EnvironmentTemplate environmentTemplate = EnvFactory.getEnvironmentTemplate();
            if (environmentTemplate.containsName(GUEST_STOP_URL_TXT)) {
                decodeGuestUrl(environmentTemplate.getString(GUEST_STOP_URL_TXT));
            }
            if (environmentTemplate.containsName(ADMIN_RULE_URL_TXT)) {
                decodeAdminUrl(environmentTemplate.getString(ADMIN_RULE_URL_TXT));
                return;
            }
            return;
        }
        decodeGuestUrl((String) JSCacheManager.get((Class<?>) DefaultCache.class, GUEST_STOP_URL_TXT));
        decodeAdminUrl((String) JSCacheManager.get((Class<?>) DefaultCache.class, ADMIN_RULE_URL_TXT));
        if (ArrayUtil.isEmpty(guestStopUrl) && ArrayUtil.isEmpty(ruleOutUrl)) {
            File file = null;
            try {
                if (this.guestUrlFile != null && !this.guestUrlFile.startsWith("http")) {
                    file = EnvFactory.getFile(this.guestUrlFile);
                    if (file == null) {
                        log.error(this.guestUrlFile + "没有找到");
                    }
                }
                log.info("载入guestUrlFile:{}", file);
                if (file != null) {
                    String autoReadText = IoUtil.autoReadText(file);
                    JSCacheManager.put((Class<?>) DefaultCache.class, GUEST_STOP_URL_TXT, autoReadText);
                    decodeGuestUrl(autoReadText);
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (ArrayUtil.isEmpty(adminRuleUrl) && ArrayUtil.isEmpty(adminRuleOutUrl)) {
                try {
                    if (this.adminUrlFile != null && !this.adminUrlFile.startsWith("http")) {
                        file = EnvFactory.getFile(this.adminUrlFile);
                        if (file == null) {
                            log.error(this.guestUrlFile + "没有找到");
                        }
                    }
                    log.info("adminUrlFile:{}", file);
                    if (file != null) {
                        String autoReadText2 = IoUtil.autoReadText(file);
                        decodeAdminUrl(autoReadText2);
                        JSCacheManager.put((Class<?>) DefaultCache.class, ADMIN_RULE_URL_TXT, autoReadText2);
                    }
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    private static void decodeGuestUrl(String str) {
        for (String str2 : StringUtil.split(StringUtil.replace(str, "\r\n", StringUtil.CR), StringUtil.CR)) {
            if (str2 != null) {
                if (str2.startsWith("!")) {
                    guestStopUrl = ArrayUtil.add(guestStopUrl, StringUtil.substringAfter(str2, "!"));
                } else {
                    ruleOutUrl = ArrayUtil.add(ruleOutUrl, str2);
                }
            }
        }
    }

    private static void decodeAdminUrl(String str) {
        for (String str2 : StringUtil.split(StringUtil.replace(str, "\r\n", StringUtil.CR), StringUtil.CR)) {
            if (str2 != null) {
                if (str2.startsWith("!")) {
                    adminRuleOutUrl = ArrayUtil.add(adminRuleOutUrl, StringUtil.substringAfter(str2, "!"));
                } else {
                    adminRuleUrl = ArrayUtil.add(adminRuleUrl, str2);
                }
            }
        }
    }

    @Override // com.github.jspxnet.txweb.interceptor.InterceptorSupport, com.github.jspxnet.txweb.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        boolean isRuleOutUrl;
        ActionContext context = ThreadContextHolder.getContext();
        if (this.onlineManager == null) {
            context.addFieldInfo(Environment.warningInfo, "onlineManager 为空,检查ioc配置是否正确");
            context.setActionResult("error");
            log.error("onlineManager 为空,检查ioc配置是否正确");
            return "error";
        }
        HttpServletRequest request = context.getRequest();
        HttpServletResponse response = context.getResponse();
        Action action = actionInvocation.getActionProxy().getAction();
        String name = context.getMethod().getName();
        String namespace = context.getNamespace();
        if (StringUtil.isNull(namespace)) {
            namespace = context.getNamespace();
        }
        String replace = StringUtil.replace("/" + namespace + "/" + context.getActionName(), "//", "/");
        String str = null;
        if (this.autoOrganizeId) {
            str = action.getString("organizeId");
        }
        if (isAdminRuleUrl(replace)) {
            str = null;
        }
        this.permissionDAO.setOrganizeId(str);
        UserSession userSession = this.onlineManager.getUserSession();
        Object role = userSession.getRole(this.permissionDAO.getNamespace(), str);
        if (!this.permission && (10000 == userSession.getUid() || userSession.getUid() == 1)) {
            Role createDebugRole = createDebugRole();
            createDebugRole.setNamespace(this.permissionDAO.getNamespace());
            createDebugRole.setOrganizeId(str);
            createDebugRole.setIp(userSession.getIp());
            userSession.setRole(createDebugRole);
            userSession.setLastRequestTime(System.currentTimeMillis());
            role = createDebugRole;
            this.onlineManager.updateUserSessionCache(userSession);
        }
        if (action.isGuest() && role == null) {
            userSession.setRole(this.permissionDAO.getRole(this.config.getString(Environment.guestRole)));
            this.onlineManager.updateUserSessionCache(userSession);
        } else if (role == null) {
            userSession.setRole(this.permissionDAO.getComposeRole(userSession.getUid(), str));
            if (userSession.getRole(this.permissionDAO.getNamespace(), str) == null) {
                userSession.setRole(this.permissionDAO.getRole(this.config.getString(Environment.registerRole)));
            }
            this.onlineManager.updateUserSessionCache(userSession);
        }
        if ((request instanceof RequestTo) || "rpc".equals(request.getAttribute(ActionEnv.Key_REMOTE_TYPE))) {
            return actionInvocation.invoke();
        }
        if (userSession.isGuest() && ArrayUtil.inArray(guestStopUrl, replace, true)) {
            context.addFieldInfo(Environment.warningInfo, this.language.getLang(LanguageRes.notAllowedOperation));
            return Action.UNTITLED;
        }
        if (this.useGuestUrl && (isRuleOutUrl = isRuleOutUrl(replace))) {
            log.debug("ruleOutUrl checkUrl={},isRule={}", replace, Boolean.valueOf(isRuleOutUrl));
            return actionInvocation.invoke();
        }
        if (this.permission && userSession.getRole(this.permissionDAO.getNamespace(), str) == null) {
            context.addFieldInfo(Environment.warningInfo, this.permissionDAO.getNamespace() + " need config role,权限够不够");
            return Action.UNTITLED;
        }
        IRole role2 = userSession.getRole(this.permissionDAO.getNamespace(), str);
        if (role2 == null) {
            if (RequestUtil.isRocRequest(request)) {
                TXWebUtil.print(new JSONObject(RocResponse.error(ErrorEnumType.CONFIG.getValue(), "需要配置角色,初始化系统")), WebOutEnumType.JSON.getValue(), response, Integer.valueOf(HttpStatusType.HTTP_status_500));
            } else {
                context.addFieldInfo(Environment.warningInfo, this.permissionDAO.getNamespace() + " need config role,需要配置角色,初始化系统");
            }
            log.debug("角色没有初始化配置 namespace={},role={}", this.permissionDAO.getNamespace(), new JSONObject(role2));
            return Action.UNTITLED;
        }
        if (this.permission && !this.config.getBoolean(Environment.openSite)) {
            String string = this.config.getString(Environment.closeInfo);
            if (StringUtil.isNull(string)) {
                string = action.getRootNamespace() + "关闭状态，不允许访问";
            }
            context.addFieldInfo(Environment.warningInfo, string);
            this.config.flush();
            return Action.UNTITLED;
        }
        if (!this.config.getBoolean(Environment.useGuestVisit) && role2.getUserType() <= UserEnumType.NONE.getValue()) {
            context.addFieldInfo(Environment.warningInfo, this.config.getString(Environment.closeGuestVisitInfo));
            return Action.UNTITLED;
        }
        String str2 = this.config.get(Environment.accessForbiddenRange);
        if (!StringUtil.isNull(str2) && DateUtil.isInTimeExpression(new Date(), str2)) {
            String string2 = this.config.getString(Environment.accessForbiddenTip);
            if (StringUtil.isNull(string2)) {
                string2 = str2 + "时间段内不能访问";
            }
            context.addFieldInfo(Environment.warningInfo, string2);
            return Action.UNTITLED;
        }
        if (this.permission) {
            if (role2.getUserType() < UserEnumType.INTENDANT.getValue() && !role2.checkOperate(namespace, action.getClass().getName(), name)) {
                context.addFieldInfo(Environment.warningInfo, this.language.getLang(LanguageRes.needPermission) + ", role name :" + role2.getName() + " for " + role2.getNamespace());
                return Action.UNTITLED;
            }
            if (role2.getUserType() >= UserEnumType.INTENDANT.getValue() && StringUtil.hasLength(name) && role2.getUserType() < UserEnumType.ADMINISTRATOR.getValue() && !role2.checkOperate(namespace, action.getClass().getName(), name)) {
                context.addFieldInfo(Environment.warningInfo, this.language.getLang(LanguageRes.needPermission));
                return Action.UNTITLED;
            }
        }
        return actionInvocation.invoke();
    }

    private static boolean isRuleOutUrl(String str) {
        if (str == null) {
            return true;
        }
        if (ObjectUtil.isEmpty(ruleOutUrl)) {
            return false;
        }
        for (String str2 : ruleOutUrl) {
            if (str2.equals(str) || StringUtil.getPatternFind(str, str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isAdminRuleUrl(String str) {
        if (str == null) {
            return true;
        }
        if (ObjectUtil.isEmpty(adminRuleUrl)) {
            return false;
        }
        for (String str2 : adminRuleUrl) {
            if (str2.equals(str) || StringUtil.getPatternFind(str, str2)) {
                return true;
            }
        }
        return false;
    }
}
