package cn.hiboot.mcn.autoconfigure.web.filter.integrity.reactive;

import cn.hiboot.mcn.autoconfigure.web.filter.common.JsonRequestHelper;
import cn.hiboot.mcn.autoconfigure.web.filter.common.RequestMatcher;
import cn.hiboot.mcn.autoconfigure.web.filter.integrity.DataIntegrityException;
import cn.hiboot.mcn.autoconfigure.web.filter.integrity.DataIntegrityProperties;
import cn.hiboot.mcn.autoconfigure.web.filter.integrity.DataIntegrityUtils;
import cn.hiboot.mcn.autoconfigure.web.reactor.WebUtils;
import cn.hiboot.mcn.core.tuples.Pair;
import cn.hutool.core.util.StrUtil;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.reactive.filter.OrderedWebFilter;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.codec.multipart.Part;
import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:cn/hiboot/mcn/autoconfigure/web/filter/integrity/reactive/ReactiveDataIntegrityFilter.class */
public class ReactiveDataIntegrityFilter implements OrderedWebFilter {
    private final Logger log = LoggerFactory.getLogger(ReactiveDataIntegrityFilter.class);
    private final DataIntegrityProperties dataIntegrityProperties;
    private final RequestMatcher requestMatcher;

    public ReactiveDataIntegrityFilter(DataIntegrityProperties dataIntegrityProperties) {
        this.dataIntegrityProperties = dataIntegrityProperties;
        this.requestMatcher = new RequestMatcher(dataIntegrityProperties.getIncludePatterns(), dataIntegrityProperties.getExcludePatterns()).enableDefaultExclude();
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        Mono just = Mono.just(serverWebExchange.getRequest());
        RequestMatcher requestMatcher = this.requestMatcher;
        Objects.requireNonNull(requestMatcher);
        Mono flatMap = just.filter(requestMatcher::matches).flatMap(serverHttpRequest -> {
            String header = WebUtils.getHeader(serverHttpRequest, "TSM");
            if (header == null) {
                header = WebUtils.getHeader(serverHttpRequest, "timestamp");
            }
            String str = header;
            if (StrUtil.isEmpty(str)) {
                return Mono.error(DataIntegrityException.newInstance("验证失败,无效的时间戳"));
            }
            if (this.dataIntegrityProperties.isCheckReplay()) {
                long parseLong = Long.parseLong(str);
                if (System.currentTimeMillis() - parseLong > this.dataIntegrityProperties.getTimeout().toMillis()) {
                    return Mono.error(DataIntegrityException.newInstance("验证失败,无效的时间戳"));
                }
            }
            String header2 = WebUtils.getHeader(serverHttpRequest, "signature");
            if (StrUtil.isEmpty(header2)) {
                return Mono.error(DataIntegrityException.newInstance("验证失败,数据被篡改"));
            }
            String header3 = WebUtils.getHeader(serverHttpRequest, "nonceStr");
            return serverWebExchange.getFormData().map(multiValueMap -> {
                HashMap hashMap = new HashMap();
                serverWebExchange.getRequest().getQueryParams().forEach((str2, list) -> {
                    hashMap.put(str2, list.get(0));
                });
                multiValueMap.forEach((str3, list2) -> {
                    hashMap.put(str3, list2.get(0));
                });
                return hashMap;
            }).flatMap(map -> {
                return parseUpload(serverWebExchange).map(str2 -> {
                    return Pair.with(map, str2);
                });
            }).flatMap(pair -> {
                if (serverHttpRequest.getMethod() == HttpMethod.POST && MediaType.APPLICATION_JSON.isCompatibleWith(serverHttpRequest.getHeaders().getContentType())) {
                    return Mono.just(serverWebExchange.mutate().request(new ServerHttpRequestDecorator(serverHttpRequest) { // from class: cn.hiboot.mcn.autoconfigure.web.filter.integrity.reactive.ReactiveDataIntegrityFilter.1
                        public Flux<DataBuffer> getBody() {
                            Flux body = super.getBody();
                            String str2 = header2;
                            String str3 = str;
                            String str4 = header3;
                            Pair pair = pair;
                            return body.flatMap(dataBuffer -> {
                                return ReactiveDataIntegrityFilter.this.isInValid(str2, str3, str4, (Map) pair.getValue0(), null, JsonRequestHelper.getData(dataBuffer.asInputStream())) ? Mono.error(DataIntegrityException.newInstance("验证失败,数据被篡改")) : Flux.just(dataBuffer.split(0));
                            });
                        }
                    }).build());
                }
                return isInValid(header2, str, header3, (Map) pair.getValue0(), (String) pair.getValue1(), null) ? Mono.error(DataIntegrityException.newInstance("验证失败,数据被篡改")) : Mono.just(serverWebExchange);
            });
        });
        Objects.requireNonNull(webFilterChain);
        return flatMap.flatMap(webFilterChain::filter).onErrorResume(DataIntegrityException.class, dataIntegrityException -> {
            this.log.error("Check DataIntegrity Failed: {}", dataIntegrityException.getMessage());
            return WebUtils.failed(dataIntegrityException.getMessage(), serverWebExchange.getResponse());
        });
    }

    private boolean isInValid(String str, String str2, String str3, Map<String, Object> map, String str4, String str5) {
        String signature = DataIntegrityUtils.signature(str2, str3, map, str4, str5);
        if (Objects.equals(str, signature)) {
            return false;
        }
        this.log.error("kv param = {},payload = {},fileInfo = {},signature = {}", new Object[]{map, str5, str4, signature});
        return true;
    }

    private Mono<String> parseUpload(ServerWebExchange serverWebExchange) {
        return (MediaType.MULTIPART_FORM_DATA.isCompatibleWith(serverWebExchange.getRequest().getHeaders().getContentType()) && this.dataIntegrityProperties.isCheckUpload()) ? serverWebExchange.getMultipartData().map(multiValueMap -> {
            StringBuilder sb = new StringBuilder();
            multiValueMap.forEach((str, list) -> {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    Part part = (Part) it.next();
                    part.content().map(dataBuffer -> {
                        byte[] bArr = new byte[dataBuffer.readableByteCount()];
                        dataBuffer.read(bArr);
                        return bArr;
                    }).subscribe(bArr -> {
                        sb.append(DataIntegrityUtils.md5UploadFile(bArr, getSubmittedFileName(part))).append("&");
                    });
                }
            });
            return !sb.isEmpty() ? sb.substring(0, sb.length() - 1) : sb.toString();
        }) : Mono.just("");
    }

    public String getSubmittedFileName(Part part) {
        String str = null;
        String first = part.headers().getFirst("Content-Disposition");
        if (first != null) {
            String lowerCase = first.toLowerCase(Locale.ENGLISH);
            if (lowerCase.startsWith("form-data") || lowerCase.startsWith("attachment")) {
                for (String str2 : lowerCase.split(";")) {
                    String trim = str2.trim();
                    if (trim.startsWith("filename")) {
                        str = trim.split("=")[1].replace("\"", "");
                    }
                }
            }
        }
        return str;
    }

    public int getOrder() {
        return this.dataIntegrityProperties.getOrder();
    }
}
