package cn.omisheep.authz.core.slot;

import cn.omisheep.authz.core.ExceptionStatus;
import cn.omisheep.authz.core.auth.PermLibrary;
import cn.omisheep.authz.core.auth.ipf.HttpMeta;
import cn.omisheep.authz.core.auth.rpd.AuthzDefender;
import cn.omisheep.authz.core.auth.rpd.ParamMetadata;
import cn.omisheep.authz.core.auth.rpd.PermRolesMeta;
import cn.omisheep.authz.core.auth.rpd.PermissionDict;
import cn.omisheep.authz.core.util.ValueMatcher;
import cn.omisheep.commons.util.CollectionUtils;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.springframework.core.MethodParameter;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerMapping;

@Order(40)
/* loaded from: input_file:cn/omisheep/authz/core/slot/ParameterPermSlot.class */
public class ParameterPermSlot implements Slot {
    private final PermissionDict permissionDict;
    private final PermLibrary permLibrary;

    public ParameterPermSlot(PermissionDict permissionDict, PermLibrary permLibrary) {
        this.permissionDict = permissionDict;
        this.permLibrary = permLibrary;
    }

    @Override // cn.omisheep.authz.core.slot.Slot
    public boolean chain(HttpMeta httpMeta, HandlerMethod handlerMethod) throws Exception {
        PermRolesMeta permRolesMeta = this.permissionDict.getAuthzMetadata().get(httpMeta.getMethod()).get(httpMeta.getApi());
        Set<String> set = null;
        Set<String> set2 = null;
        for (MethodParameter methodParameter : handlerMethod.getMethodParameters()) {
            RequestParam annotation = AnnotationUtils.getAnnotation(methodParameter.getParameter(), RequestParam.class);
            PathVariable annotation2 = AnnotationUtils.getAnnotation(methodParameter.getParameter(), PathVariable.class);
            String name = methodParameter.getParameter().getName();
            Class<?> type = methodParameter.getParameter().getType();
            ParamMetadata.ParamType paramType = null;
            String str = null;
            if (annotation2 != null) {
                paramType = ParamMetadata.ParamType.PATH_VARIABLE;
                if (!annotation2.name().equals("")) {
                    name = annotation2.name();
                }
                str = (String) ((Map) httpMeta.getRequest().getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE)).get(name);
            } else if (annotation != null) {
                paramType = ParamMetadata.ParamType.REQUEST_PARAM;
                if (!annotation.name().equals("")) {
                    name = annotation.name();
                }
                str = httpMeta.getRequest().getParameter(name);
            }
            if (paramType != null && str != null) {
                try {
                    ParamMetadata paramMetadata = permRolesMeta.getParamPermissionsMetadata().get(paramType).get(name);
                    if (paramMetadata != null) {
                        List<PermRolesMeta.Meta> rolesMetaList = paramMetadata.getRolesMetaList();
                        if (rolesMetaList != null && !rolesMetaList.isEmpty()) {
                            if (httpMeta.getToken() == null) {
                                AuthzDefender.logs("Require Login", httpMeta, permRolesMeta);
                                httpMeta.error(ExceptionStatus.REQUIRE_LOGIN);
                                return false;
                            }
                            set = (Set) Optional.ofNullable(httpMeta.getRoles()).orElse(this.permLibrary.getRolesByUserId(httpMeta.getToken().getUserId()));
                            httpMeta.setRoles(set);
                            boolean z = false;
                            Iterator<PermRolesMeta.Meta> it = rolesMetaList.iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                PermRolesMeta.Meta next = it.next();
                                if (ValueMatcher.match(next.getResources(), str, type) && CollectionUtils.containsSub(next.getRequire(), set)) {
                                    z = true;
                                    break;
                                }
                            }
                            if (!z) {
                                if (rolesMetaList.stream().filter(meta -> {
                                    return meta.getResources().contains("*");
                                }).count() == 0) {
                                    String str2 = str;
                                    if (rolesMetaList.stream().anyMatch(meta2 -> {
                                        return ValueMatcher.match(meta2.getResources(), str2, (Class<?>) type);
                                    })) {
                                    }
                                }
                                AuthzDefender.logs("Forbid : permissions exception by request parameter", httpMeta, permRolesMeta);
                                httpMeta.error(ExceptionStatus.PERM_EXCEPTION);
                                return false;
                            }
                        }
                        List<PermRolesMeta.Meta> permissionsMetaList = paramMetadata.getPermissionsMetaList();
                        if (permissionsMetaList != null && !permissionsMetaList.isEmpty()) {
                            if (httpMeta.getToken() == null) {
                                AuthzDefender.logs("Require Login", httpMeta, permRolesMeta);
                                httpMeta.error(ExceptionStatus.REQUIRE_LOGIN);
                                return false;
                            }
                            if (set == null) {
                                set = (Set) Optional.ofNullable(httpMeta.getRoles()).orElse(this.permLibrary.getRolesByUserId(httpMeta.getToken().getUserId()));
                                httpMeta.setRoles(set);
                            }
                            Set<String> permissions = httpMeta.getPermissions();
                            if (permissions != null) {
                                set2 = permissions;
                            } else {
                                Iterator<String> it2 = set.iterator();
                                while (it2.hasNext()) {
                                    set2.addAll(this.permLibrary.getPermissionsByRole(it2.next()));
                                }
                                httpMeta.setPermissions(set2);
                            }
                            boolean z2 = false;
                            Iterator<PermRolesMeta.Meta> it3 = permissionsMetaList.iterator();
                            while (true) {
                                if (!it3.hasNext()) {
                                    break;
                                }
                                PermRolesMeta.Meta next2 = it3.next();
                                if (ValueMatcher.match(next2.getResources(), str, type) && CollectionUtils.containsSub(next2.getRequire(), set2)) {
                                    z2 = true;
                                    break;
                                }
                            }
                            if (!z2) {
                                if (permissionsMetaList.stream().filter(meta3 -> {
                                    return meta3.getResources().contains("*");
                                }).count() == 0) {
                                    String str3 = str;
                                    if (!permissionsMetaList.stream().anyMatch(meta4 -> {
                                        return ValueMatcher.match(meta4.getResources(), str3, (Class<?>) type);
                                    })) {
                                    }
                                }
                                AuthzDefender.logs("Forbid : permissions exception by request parameter", httpMeta, permRolesMeta);
                                httpMeta.error(ExceptionStatus.PERM_EXCEPTION);
                                return false;
                            }
                            continue;
                        }
                    } else {
                        continue;
                    }
                } catch (Exception e) {
                }
            }
        }
        return true;
    }
}
