package xyz.erupt.security.interceptor;

import java.io.IOException;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
import xyz.erupt.upms.annotation.EruptLoginAuth;
import xyz.erupt.upms.annotation.EruptMenuAuth;
import xyz.erupt.upms.service.EruptSessionService;
import xyz.erupt.upms.service.EruptUserService;

@Component
/* loaded from: input_file:xyz/erupt/security/interceptor/EruptSuperInterceptor.class */
public class EruptSuperInterceptor implements AsyncHandlerInterceptor {

    @Resource
    private EruptSessionService sessionService;

    @Resource
    private EruptUserService eruptUserService;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws IOException {
        String header;
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        EruptLoginAuth methodAnnotation = handlerMethod.getMethodAnnotation(EruptLoginAuth.class);
        EruptMenuAuth methodAnnotation2 = handlerMethod.getMethodAnnotation(EruptMenuAuth.class);
        if (!(null == methodAnnotation && null == methodAnnotation2) && (null == (header = httpServletRequest.getHeader("token")) || null == this.sessionService.get("erupt-auth:token:" + header))) {
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value());
            return false;
        }
        if (null == methodAnnotation2 || null != this.eruptUserService.getEruptMenuByValue(methodAnnotation2.value())) {
            return true;
        }
        httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
        httpServletResponse.sendError(HttpStatus.FORBIDDEN.value());
        return false;
    }
}
