package tech.powerjob.server.auth.interceptor;

import java.util.Optional;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.NonNull;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import tech.powerjob.common.exception.ImpossibleException;
import tech.powerjob.common.exception.PowerJobException;
import tech.powerjob.server.auth.LoginUserHolder;
import tech.powerjob.server.auth.Permission;
import tech.powerjob.server.auth.PowerJobUser;
import tech.powerjob.server.auth.RoleScope;
import tech.powerjob.server.auth.common.AuthErrorCode;
import tech.powerjob.server.auth.common.PowerJobAuthException;
import tech.powerjob.server.auth.common.utils.HttpServletUtils;
import tech.powerjob.server.auth.service.login.PowerJobLoginService;
import tech.powerjob.server.auth.service.permission.PowerJobPermissionService;
import tech.powerjob.server.common.Loggers;

@Component
/* loaded from: input_file:tech/powerjob/server/auth/interceptor/PowerJobAuthInterceptor.class */
public class PowerJobAuthInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(PowerJobAuthInterceptor.class);

    @Resource
    private PowerJobLoginService powerJobLoginService;

    @Resource
    private PowerJobPermissionService powerJobPermissionService;

    public boolean preHandle(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        ApiPermission apiPermission = (ApiPermission) handlerMethod.getMethod().getAnnotation(ApiPermission.class);
        if (apiPermission == null) {
            return true;
        }
        Optional<PowerJobUser> ifLogin = this.powerJobLoginService.ifLogin(httpServletRequest);
        if (!ifLogin.isPresent()) {
            throw new PowerJobAuthException(AuthErrorCode.USER_NOT_LOGIN);
        }
        PowerJobUser powerJobUser = ifLogin.get();
        LoginUserHolder.set(powerJobUser);
        Permission parsePermission = parsePermission(httpServletRequest, obj, apiPermission);
        RoleScope roleScope = apiPermission.roleScope();
        Long l = null;
        if (RoleScope.NAMESPACE.equals(roleScope)) {
            String fetchFromHeader = HttpServletUtils.fetchFromHeader("NamespaceId", httpServletRequest);
            if (StringUtils.isNotEmpty(fetchFromHeader)) {
                l = Long.valueOf(fetchFromHeader);
            }
        }
        if (RoleScope.APP.equals(roleScope)) {
            String fetchFromHeader2 = HttpServletUtils.fetchFromHeader("AppId", httpServletRequest);
            if (StringUtils.isNotEmpty(fetchFromHeader2)) {
                l = Long.valueOf(fetchFromHeader2);
            }
        }
        if (this.powerJobPermissionService.hasPermission(powerJobUser.getId(), roleScope, l, parsePermission)) {
            return true;
        }
        Loggers.WEB.info("[PowerJobAuthInterceptor] user[{}] has no permission to access: {}", powerJobUser.getUsername(), parseResourceName(apiPermission, handlerMethod));
        throw new PowerJobException("Permission denied!");
    }

    public void afterCompletion(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull Object obj, Exception exc) throws Exception {
        LoginUserHolder.clean();
    }

    private static String parseResourceName(ApiPermission apiPermission, HandlerMethod handlerMethod) {
        String name = apiPermission.name();
        if (StringUtils.isNotEmpty(name)) {
            return name;
        }
        try {
            return String.format("%s_%s", handlerMethod.getBean().getClass().getSimpleName(), handlerMethod.getMethod().getName());
        } catch (Exception e) {
            return "UNKNOWN";
        }
    }

    private static Permission parsePermission(HttpServletRequest httpServletRequest, Object obj, ApiPermission apiPermission) {
        Class<? extends DynamicPermissionPlugin> dynamicPermissionPlugin = apiPermission.dynamicPermissionPlugin();
        if (EmptyPlugin.class.equals(dynamicPermissionPlugin)) {
            return apiPermission.requiredPermission();
        }
        try {
            return dynamicPermissionPlugin.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]).calculate(httpServletRequest, obj);
        } catch (Throwable th) {
            log.error("[PowerJobAuthService] process dynamicPermissionPlugin failed!", th);
            ExceptionUtils.rethrow(th);
            throw new ImpossibleException();
        }
    }
}
