package com.qianli.admin.auth.interceptor;

import com.fqgj.common.api.Response;
import com.fqgj.common.utils.CollectionUtils;
import com.fqgj.exception.common.ApplicationException;
import com.google.common.net.HttpHeaders;
import com.qianli.admin.auth.RequestLocalInfo;
import com.qianli.admin.auth.anno.HasPermission;
import com.qianli.admin.auth.anno.NotCheckToken;
import com.qianli.admin.auth.client.ActionLogService;
import com.qianli.admin.auth.client.AdminQueryService;
import com.qianli.admin.auth.client.request.AdminQueryRequest;
import com.qianli.admin.auth.client.request.VisitLogRequest;
import com.qianli.admin.auth.client.response.AdminBasicResponse;
import com.qianli.admin.auth.client.response.AdminPermissionResponse;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

@Component
/* loaded from: input_file:WEB-INF/lib/auth-client-1.0-SNAPSHOT.jar:com/qianli/admin/auth/interceptor/AuthCheckInterceptor.class */
public class AuthCheckInterceptor implements HandlerInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AuthCheckInterceptor.class);

    @Autowired
    private AdminQueryService adminQueryService;

    @Autowired
    private ActionLogService actionLogService;

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type,Accept,X-Requested-With,remember-me,bid,accessToken,productCategory,appCode,module,bizLine");
        String header = httpServletRequest.getHeader("accessToken");
        if (!StringUtils.isNotEmpty(header)) {
            if (!HandlerMethod.class.isAssignableFrom(obj.getClass())) {
                return true;
            }
            HandlerMethod handlerMethod = (HandlerMethod) obj;
            String[] value = ((RequestMapping) handlerMethod.getMethodAnnotation(RequestMapping.class)).value();
            if (null != value && value.length > 0) {
                RequestLocalInfo.putPermissionCode(value[0]);
            }
            if (((NotCheckToken) handlerMethod.getMethodAnnotation(NotCheckToken.class)) != null || httpServletRequest.getMethod().equals("OPTIONS") || handlerMethod.getMethod().getName().toUpperCase().equals("LOGIN") || handlerMethod.getMethod().getName().toUpperCase().equals("SENDVERIFYCODE")) {
                return true;
            }
            throw new ApplicationException("需要登陆才能访问");
        }
        if (!hasPermission(header).booleanValue()) {
            throw new ApplicationException("无效的token");
        }
        if (!HandlerMethod.class.isAssignableFrom(obj.getClass())) {
            return true;
        }
        HasPermission hasPermission = (HasPermission) ((HandlerMethod) obj).getMethodAnnotation(HasPermission.class);
        if (hasPermission != null) {
            String permissionKey = hasPermission.permissionKey();
            RequestLocalInfo.putPermissionCode(permissionKey);
            AdminQueryRequest adminQueryRequest = new AdminQueryRequest();
            adminQueryRequest.setAccessToken(header);
            try {
                Response<AdminPermissionResponse> queryPermissionsByAccessToken = this.adminQueryService.queryPermissionsByAccessToken(adminQueryRequest);
                if (null == queryPermissionsByAccessToken || !queryPermissionsByAccessToken.isSuccess() || null == queryPermissionsByAccessToken.getData()) {
                    LOGGER.error("== 通过token查询员工权限为空 ==,accessToken:{}", header);
                    throw new ApplicationException("通过token查询员工权限为空");
                }
                if (!queryPermissionsByAccessToken.getData().getList().contains(permissionKey)) {
                    return false;
                }
            } catch (Exception e) {
                LOGGER.error("== 通过token查询员工权限错误 ==,accessToken:{},e", header, e);
                throw new ApplicationException("获取员工权限错误");
            }
        }
        LOGGER.info("当前accessToken={},bizLine={},module={}", header, httpServletRequest.getHeader("bizLine"), httpServletRequest.getHeader("module"));
        RequestLocalInfo.putBizCode(httpServletRequest.getHeader("bizLine"));
        RequestLocalInfo.putModule(httpServletRequest.getHeader("module"));
        return true;
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        VisitLogRequest permissionCode = new VisitLogRequest().setStaffCode(RequestLocalInfo.getStaffCode()).setIp(getIpAddr(httpServletRequest)).setPermissionCode(RequestLocalInfo.getPermissionCode());
        List<String> requestMapping = RequestLocalInfo.getRequestMapping();
        if (CollectionUtils.isNotEmpty(requestMapping)) {
            String str = "";
            Iterator<String> it = requestMapping.iterator();
            while (it.hasNext()) {
                str = str + it.next();
            }
            permissionCode.setVisitUrl(str);
        }
        if (permissionCode.getPermissionCode() != null && !permissionCode.getPermissionCode().equals("/ok")) {
            this.actionLogService.visitLog(permissionCode);
        }
        RequestLocalInfo.refresh();
    }

    private Boolean hasPermission(String str) {
        AdminQueryRequest accessToken = new AdminQueryRequest().setAccessToken(str);
        new Response();
        try {
            Response<AdminBasicResponse> queryByAccessToken = this.adminQueryService.queryByAccessToken(accessToken);
            if (queryByAccessToken == null || !queryByAccessToken.isSuccess() || queryByAccessToken.getData() == null) {
                LOGGER.error("== 通过token查询管理员信息为空 ==,accessToken:{}", str);
                throw new ApplicationException("当前用户不存在");
            }
            String name = queryByAccessToken.getData().getName();
            String staffCode = queryByAccessToken.getData().getStaffCode();
            LOGGER.info("当前登录账号名称name={},staffCode={}", name, staffCode);
            RequestLocalInfo.putName(name);
            RequestLocalInfo.putStaffCode(staffCode);
            RequestLocalInfo.putStaffNo(queryByAccessToken.getData().getStaffNo());
            return true;
        } catch (Exception e) {
            LOGGER.error("== 通过token查询管理员信息发生错误 ==,accessToken:{},e", str, e);
            throw new ApplicationException("获取登陆信息错误");
        }
    }

    private String getIpAddr(HttpServletRequest httpServletRequest) throws Exception {
        String header = httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_FOR);
        if (StringUtils.isBlank(header) || "unknown".equalsIgnoreCase(header)) {
            return httpServletRequest.getRemoteAddr();
        }
        int indexOf = header.indexOf(44);
        return indexOf != -1 ? header.substring(0, indexOf) : header;
    }
}
