package cn.omisheep.authz.core.slot;

import cn.omisheep.authz.annotation.AuthRequestToken;
import cn.omisheep.authz.core.AuthzProperties;
import cn.omisheep.authz.core.ExceptionStatus;
import cn.omisheep.authz.core.TokenException;
import cn.omisheep.authz.core.auth.PermLibrary;
import cn.omisheep.authz.core.auth.deviced.UserDevicesDict;
import cn.omisheep.authz.core.auth.ipf.HttpMeta;
import cn.omisheep.authz.core.config.Constants;
import cn.omisheep.authz.core.tk.TokenHelper;
import cn.omisheep.authz.core.util.HttpUtils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtException;
import java.util.Locale;
import javax.servlet.http.Cookie;
import org.apache.commons.lang.StringUtils;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.web.method.HandlerMethod;

@Order(1)
/* loaded from: input_file:cn/omisheep/authz/core/slot/CookieAndRequestSlot.class */
public class CookieAndRequestSlot implements Slot {
    private final UserDevicesDict userDevicesDict;
    private final boolean isEnableRedis;
    private final String cookieName;
    private final String headerName;
    private final String headerPrefix;

    public CookieAndRequestSlot(UserDevicesDict userDevicesDict, PermLibrary permLibrary, AuthzProperties authzProperties) {
        this.userDevicesDict = userDevicesDict;
        this.isEnableRedis = authzProperties.getCache().isEnableRedis();
        this.cookieName = authzProperties.getToken().getCookieName();
        this.headerName = authzProperties.getToken().getHeaderName().toLowerCase(Locale.ROOT);
        this.headerPrefix = authzProperties.getToken().getHeaderPrefix();
    }

    @Override // cn.omisheep.authz.core.slot.Slot
    public void chain(HttpMeta httpMeta, HandlerMethod handlerMethod, Error error) {
        String str;
        String str2 = null;
        AuthRequestToken authRequestToken = (AuthRequestToken) handlerMethod.getMethodAnnotation(AuthRequestToken.class);
        if (authRequestToken == null) {
            authRequestToken = (AuthRequestToken) AnnotationUtils.getAnnotation(handlerMethod.getBeanType(), AuthRequestToken.class);
        }
        if (authRequestToken != null) {
            if (!authRequestToken.header().equals("")) {
                str2 = HttpUtils.getCurrentRequestHeaders().get(authRequestToken.header().toLowerCase(Locale.ROOT));
                if (!StringUtils.equals("", authRequestToken.prefix()) && str2.startsWith(authRequestToken.prefix())) {
                    str2 = str2.substring(authRequestToken.prefix().length());
                }
            }
            if (str2 == null && !authRequestToken.cookie().equals("")) {
                str2 = HttpUtils.readSingleCookieInRequestByName(authRequestToken.cookie()).getValue();
            }
            if (str2 == null && !authRequestToken.param().equals("")) {
                str2 = httpMeta.getRequest().getParameter(authRequestToken.param());
            }
            if (str2 != null) {
                httpMeta.setClearCookie(false);
            }
        }
        if (str2 == null && (str = HttpUtils.getCurrentRequestHeaders().get(this.headerName)) != null && str.startsWith(this.headerPrefix)) {
            str2 = str.substring(this.headerPrefix.length());
            if (str2 != null) {
                httpMeta.setClearCookie(false);
            }
        }
        Cookie readSingleCookieInRequestByName = HttpUtils.readSingleCookieInRequestByName(this.cookieName);
        if (str2 == null && readSingleCookieInRequestByName != null) {
            str2 = readSingleCookieInRequestByName.getValue();
        }
        if (str2 == null) {
            return;
        }
        try {
            httpMeta.setToken(TokenHelper.parseAccessToken(str2));
        } catch (Exception e) {
            TokenHelper.clearCookie();
            if (!httpMeta.isRequireLogin()) {
                error.stop();
                return;
            }
            if (!(e instanceof JwtException)) {
                if (!(e instanceof TokenException)) {
                    error.error(e);
                    return;
                } else {
                    httpMeta.setUserStatus(UserDevicesDict.UserStatus.REQUIRE_LOGIN);
                    error.error(ExceptionStatus.TOKEN_EXCEPTION);
                    return;
                }
            }
            try {
                if (e instanceof ExpiredJwtException) {
                    Claims claims = e.getClaims();
                    this.userDevicesDict.removeAccessTokenByTid(claims.get(Constants.USER_ID), (String) claims.get(Constants.ID, String.class));
                    httpMeta.setUserStatus(UserDevicesDict.UserStatus.ACCESS_TOKEN_OVERDUE);
                } else {
                    httpMeta.setUserStatus(UserDevicesDict.UserStatus.REQUIRE_LOGIN);
                }
            } catch (Exception e2) {
            }
        }
    }
}
