package cn.remex.web;

import cn.remex.RemexConstants;
import cn.remex.contrib.auth.AuthenticateBtx;
import cn.remex.core.CoreSvo;
import cn.remex.core.RemexApplication;
import cn.remex.core.exception.FilterException;
import cn.remex.core.exception.NestedException;
import cn.remex.core.util.Judgment;
import cn.remex.core.util.RequestHelper;
import cn.remex.db.model.cert.AuthRole;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:cn/remex/web/RemexFilter.class */
public class RemexFilter implements Filter, RemexConstants {
    private FilterConfig filterConfig = null;
    private boolean needAuthenticate = false;
    private ArrayList<String> permitUriPres = new ArrayList<>();
    private String urlRoot = null;
    private String errorUri = "/WEB-INF/page/error.jsp";
    private String loginUri;

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean checkToken;
        long currentTimeMillis = System.currentTimeMillis();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        httpServletRequest.getServletPath();
        String queryString = httpServletRequest.getQueryString();
        httpServletRequest.getContextPath();
        CoreSvo.initHttp(httpServletRequest, httpServletResponse);
        try {
            try {
                if (isPublic(httpServletRequest) || ((checkToken = AuthenticateBtx.checkToken()) && isPermit(httpServletRequest))) {
                    handleCrossDomain(httpServletResponse, httpServletRequest);
                    filterChain.doFilter(servletRequest, servletResponse);
                } else if (checkToken) {
                    logger.warn("身份验证没有通过，客户端IP:" + RequestHelper.getClientIP(httpServletRequest) + ",URI:" + requestURI);
                    httpServletResponse.sendError(401);
                } else {
                    logger.warn("权限验证没有通过，客户端IP:" + RequestHelper.getClientIP(httpServletRequest) + ",URI:" + requestURI);
                    httpServletResponse.sendError(401, "身份及权限验证的错误");
                }
                CoreSvo.destoryHttp();
                logger.info(new StringBuilder("Handle ").append(RequestHelper.getClientIP(httpServletRequest)).append(" request [").append(requestURI).append("?").append(queryString).append("] took ").append(System.currentTimeMillis() - currentTimeMillis).append(" ms.").append("\r\n==============================================================\r\n"));
            } catch (Exception e) {
                if (e.toString().indexOf("Broken pipe") > 0 || e.toString().indexOf("断开的管道") > 0) {
                    logger.error("RemexFilter捕获到框架无法处理的异常:" + e.toString());
                } else {
                    logger.error("RemexFilter捕获到框架无法处理的异常:", e);
                    httpServletRequest.setAttribute("exception", e);
                    httpServletRequest.getRequestDispatcher(this.errorUri).forward(httpServletRequest, httpServletResponse);
                }
                CoreSvo.destoryHttp();
                logger.info(new StringBuilder("Handle ").append(RequestHelper.getClientIP(httpServletRequest)).append(" request [").append(requestURI).append("?").append(queryString).append("] took ").append(System.currentTimeMillis() - currentTimeMillis).append(" ms.").append("\r\n==============================================================\r\n"));
            }
        } catch (Throwable th) {
            CoreSvo.destoryHttp();
            logger.info(new StringBuilder("Handle ").append(RequestHelper.getClientIP(httpServletRequest)).append(" request [").append(requestURI).append("?").append(queryString).append("] took ").append(System.currentTimeMillis() - currentTimeMillis).append(" ms.").append("\r\n==============================================================\r\n"));
            throw th;
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
        try {
            RemexApplication.refresh();
            String initParameter = this.filterConfig.getInitParameter("needAuthenticate");
            for (String str : this.filterConfig.getInitParameter("permitUriPres").split(";")) {
                this.permitUriPres.add(str.trim());
            }
            this.urlRoot = this.filterConfig.getServletContext().getContextPath();
            if ("true".equals(initParameter)) {
                System.out.println("系统配置为身份验证，需进行安全认证。");
            } else {
                System.out.println("系统配置为通行模式，无需验证即可访问。");
            }
        } catch (NestedException e) {
            throw new FilterException("RemexFilter初始化错误，架构捕获到数据库异常:", e);
        } catch (Exception e2) {
            throw new FilterException("RemexFilter初始化错误，架构未处理的数据库异常:", e2);
        }
    }

    private boolean isPublic(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().startsWith("/smvc/");
    }

    private boolean isPermit(HttpServletRequest httpServletRequest) {
        String replaceAll = httpServletRequest.getRequestURI().replaceFirst("/smvc", "").replaceAll(".json", "").replaceAll(".jsp", "").replaceAll(httpServletRequest.getContextPath(), "").replaceAll("(/[a-zA-Z\\-]*[\\d]+$)|(.json)|(.jsp)|()", "");
        if (replaceAll.equals("/")) {
            return true;
        }
        Map<String, ?> map = AuthenticateBtx.obtainSysUriMapToRole().get(replaceAll);
        if (null == map) {
            return false;
        }
        List<AuthRole> roles = AuthenticateBtx.obtainCurUser().getRoles();
        return roles != null && roles.stream().anyMatch(authRole -> {
            return map.containsKey(authRole.getId());
        });
    }

    private void handleCrossDomain(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("origin");
        if (Judgment.nullOrBlank(header)) {
            String header2 = httpServletRequest.getHeader("referer");
            if (!Judgment.nullOrBlank(header2)) {
                String substring = header2.substring(7);
                header = "http://" + substring.substring(0, substring.indexOf("/"));
            }
        }
        if (Judgment.nullOrBlank(header)) {
            return;
        }
        httpServletResponse.setHeader("Access-Control-Allow-Origin", RemexWebConfig.getCrossDomain().indexOf(header) >= 0 ? header : "-");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "*");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With");
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
    }
}
