package cn.js.icode.common.filter;

import cn.js.icode.common.CommonMPI;
import cn.js.icode.common.config.Config;
import cn.js.icode.common.config.Constants;
import cn.js.icode.common.data.StatusCode;
import cn.js.icode.common.data.response.ResponseBase;
import cn.js.icode.common.log.Logger;
import cn.js.icode.common.net.http.HttpClient;
import cn.js.icode.common.net.http.ResponseHandler;
import cn.js.icode.common.utility.CookieUtility;
import cn.js.icode.system.data.OrganzationScope;
import cn.js.icode.system.data.User;
import cn.js.icode.system.service.UserService;
import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebFilter(filterName = "PermissionFilter", urlPatterns = {"*.do"})
/* loaded from: input_file:cn/js/icode/common/filter/PermissionFilter.class */
public class PermissionFilter implements Filter {
    private static Logger log = Logger.getInstance(PermissionFilter.class);
    private static HttpClient hc = new HttpClient();
    private static boolean ignore;
    private static String modules;
    private static String urls;
    private static String[] no_validation_modules;
    private static String[] no_validation_urls;
    public static final String KEY_CONSOLE_ROOT = "_consoleRoot";
    public static final String KEY_LOGON_TIME = "_logonTime";

    public void init(FilterConfig filterConfig) throws ServletException {
        if (modules != null && modules.trim().length() > 0) {
            modules = modules.replace(',', ' ');
            no_validation_modules = modules.split("\\s+");
        }
        if (no_validation_modules == null) {
            no_validation_modules = new String[0];
        }
        if (urls != null && urls.trim().length() > 0) {
            urls = urls.replace(',', ' ');
            no_validation_urls = urls.split("\\s+");
        }
        if (no_validation_urls == null) {
            no_validation_urls = new String[0];
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (ignore) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String substring = httpServletRequest.getRequestURI().trim().replaceAll("/+", "/").substring(httpServletRequest.getContextPath().length());
        Object attribute = httpServletRequest.getAttribute(Constants.KEY_CURRENT_USER);
        JSONObject user = (attribute == null || !(attribute instanceof JSONObject)) ? CookieUtility.getUser(httpServletRequest) : (JSONObject) attribute;
        String consoleRoot = CommonMPI.getConsoleRoot();
        if (user != null) {
            User user2 = (User) JSONObject.toJavaObject(user, User.class);
            long longValue = user.getLongValue(KEY_LOGON_TIME);
            Long l = (Long) httpServletRequest.getSession(true).getAttribute(KEY_LOGON_TIME);
            if (l == null || l.longValue() != longValue) {
                httpServletRequest.getSession(true).invalidate();
                OrganzationScope organizationScope = UserService.getOrganizationScope(user.getLong("id"));
                if (organizationScope != null) {
                    httpServletRequest.getSession(true).setAttribute(Constants.KEY_ORGANIZATION_SCOPE, organizationScope);
                }
                httpServletRequest.getSession(true).setAttribute(KEY_LOGON_TIME, new Long(longValue));
            }
            if (!substring.equals("/system/logout.do") && !user.containsKey(KEY_CONSOLE_ROOT)) {
                httpServletResponse.sendRedirect(consoleRoot + "system/logout.do");
                return;
            } else if (!substring.equals("/system/logout.do") && !consoleRoot.equals(user.getString(KEY_CONSOLE_ROOT))) {
                httpServletResponse.sendRedirect(consoleRoot + "system/logout.do");
                return;
            } else {
                user2.setOrganzationScope((OrganzationScope) httpServletRequest.getSession(true).getAttribute(Constants.KEY_ORGANIZATION_SCOPE));
                httpServletRequest.setAttribute(Constants.KEY_CURRENT_USER, user2);
            }
        }
        if (ignoreValidation(substring)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (user == null) {
            httpServletRequest.getSession(true).invalidate();
            httpServletResponse.sendRedirect(consoleRoot);
        } else if (canVisit(httpServletRequest, substring)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            httpServletResponse.sendRedirect(consoleRoot + "deniedPage.html#" + substring);
        }
    }

    private boolean ignoreValidation(String str) {
        int lastIndexOf = str.lastIndexOf(".");
        String str2 = str;
        if (lastIndexOf > 0) {
            str2 = str2.substring(0, lastIndexOf);
        }
        if (str2.endsWith("Select") || str2.endsWith("Frame")) {
            return true;
        }
        for (String str3 : no_validation_modules) {
            if (str3.indexOf("*") >= 0) {
                if (str.matches("^" + str3.replaceAll("\\*", ".+") + "$")) {
                    return true;
                }
            } else if (str.startsWith(str3)) {
                return true;
            }
        }
        for (String str4 : no_validation_urls) {
            if (str4.indexOf("*") >= 0) {
                if (str.matches("^" + str4.replaceAll("\\*", ".+") + "$")) {
                    return true;
                }
            } else if (str.equals(str4)) {
                return true;
            }
        }
        return false;
    }

    public void destroy() {
    }

    public static boolean canVisit(HttpServletRequest httpServletRequest, String str) {
        if (str == null || str.trim().length() == 0) {
            return false;
        }
        String str2 = "__canVisit:" + str;
        Object attribute = httpServletRequest.getAttribute(str2);
        if (attribute != null && (attribute instanceof Boolean)) {
            return ((Boolean) attribute).booleanValue();
        }
        Object attribute2 = httpServletRequest.getAttribute(Constants.KEY_CURRENT_USER);
        User user = null;
        if (attribute2 != null && (attribute2 instanceof User)) {
            user = (User) attribute2;
        }
        if (user == null) {
            httpServletRequest.setAttribute(str2, false);
            return false;
        }
        long longValue = user.getId().longValue();
        String consoleRoot = CommonMPI.getConsoleRoot();
        String str3 = consoleRoot + "api/permission/canVisit";
        if (consoleRoot.startsWith("/")) {
            String stringBuffer = httpServletRequest.getRequestURL().toString();
            int indexOf = stringBuffer.indexOf(httpServletRequest.getRequestURI());
            str3 = (indexOf > 0 ? stringBuffer.substring(0, indexOf) : "") + str3;
        }
        try {
            ResponseHandler post = hc.post(str3, "userId=" + longValue + "&uri=" + str, HttpClient.FormMime);
            JSONObject jSONObject = post.toJSONObject();
            if (post.getHttpStatus() != 200) {
                log.log(StatusCode.LOG_ERROR, (Object) ("调用 " + str3 + " 出现异常：" + jSONObject));
                return false;
            }
            boolean z = ((ResponseBase) jSONObject.toJavaObject(ResponseBase.class)).getStatusCode() == 100;
            httpServletRequest.setAttribute(str2, Boolean.valueOf(z));
            return z;
        } catch (IOException e) {
            e.printStackTrace();
            log.log(StatusCode.LOG_ERROR, (Object) ("调用 " + str3 + " 出现异常：" + e.getMessage()));
            return false;
        }
    }

    public static boolean hasRole(HttpServletRequest httpServletRequest, Long l) {
        if (l == null) {
            return false;
        }
        String str = "__hasRole:" + l;
        Object attribute = httpServletRequest.getAttribute(str);
        if (attribute != null && (attribute instanceof Boolean)) {
            return ((Boolean) attribute).booleanValue();
        }
        Object attribute2 = httpServletRequest.getAttribute(Constants.KEY_CURRENT_USER);
        User user = null;
        if (attribute2 != null && (attribute2 instanceof User)) {
            user = (User) attribute2;
        }
        if (user == null) {
            httpServletRequest.setAttribute(str, false);
            return false;
        }
        Set<Long> roleIds = user.getRoleIds();
        if (roleIds == null || roleIds.isEmpty()) {
            httpServletRequest.setAttribute(str, false);
            return false;
        }
        boolean contains = roleIds.contains(l);
        httpServletRequest.setAttribute(str, Boolean.valueOf(contains));
        return contains;
    }

    static {
        ignore = Config.getProperty("filter.PermissionFilter.ignore") != null && Config.getProperty("filter.PermissionFilter.ignore").trim().toLowerCase().equals("true");
        modules = Config.getProperty("filter.PermissionFilter.parameter.no_validation_modules");
        urls = Config.getProperty("filter.PermissionFilter.parameter.no_validation_urls");
        no_validation_modules = null;
        no_validation_urls = null;
    }
}
