package cn.omisheep.authz.core.slot;

import cn.omisheep.authz.core.ExceptionStatus;
import cn.omisheep.authz.core.auth.PermLibrary;
import cn.omisheep.authz.core.auth.ipf.HttpMeta;
import cn.omisheep.authz.core.auth.rpd.ParamMetadata;
import cn.omisheep.authz.core.auth.rpd.ParamPermRolesMeta;
import cn.omisheep.authz.core.auth.rpd.PermissionDict;
import cn.omisheep.authz.core.util.LogUtils;
import cn.omisheep.authz.core.util.ValueMatcher;
import cn.omisheep.commons.util.CollectionUtils;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.core.MethodParameter;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerMapping;

@Order(400)
/* loaded from: input_file:cn/omisheep/authz/core/slot/ParameterPermSlot.class */
public class ParameterPermSlot implements Slot {
    private final PermLibrary permLibrary;

    public ParameterPermSlot(PermLibrary permLibrary) {
        this.permLibrary = permLibrary;
    }

    @Override // cn.omisheep.authz.core.slot.Slot
    public void chain(HttpMeta httpMeta, HandlerMethod handlerMethod, Error error) {
        String parameter;
        ParamMetadata paramMetadata;
        List<ParamPermRolesMeta> paramMetaList;
        if (httpMeta.isHasParamAuth()) {
            Map<String, ParamMetadata> map = PermissionDict.getParamPermission().get(httpMeta.getApi()).get(httpMeta.getMethod());
            Set<String> set = null;
            Set<String> set2 = null;
            for (MethodParameter methodParameter : handlerMethod.getMethodParameters()) {
                RequestParam annotation = AnnotationUtils.getAnnotation(methodParameter.getParameter(), RequestParam.class);
                PathVariable annotation2 = AnnotationUtils.getAnnotation(methodParameter.getParameter(), PathVariable.class);
                if (annotation != null || annotation2 != null) {
                    String name = methodParameter.getParameter().getName();
                    if (annotation2 != null) {
                        if (!annotation2.name().equals("")) {
                            name = annotation2.name();
                        }
                        parameter = (String) ((Map) httpMeta.getRequest().getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE)).get(name);
                    } else {
                        if (!annotation.name().equals("")) {
                            name = annotation.name();
                        }
                        parameter = httpMeta.getRequest().getParameter(name);
                    }
                    if (parameter != null && (paramMetadata = map.get(name)) != null && (paramMetaList = paramMetadata.getParamMetaList()) != null && !paramMetaList.isEmpty()) {
                        if (!httpMeta.hasToken()) {
                            LogUtils.logs("Require Login", httpMeta);
                            error.error(ExceptionStatus.REQUIRE_LOGIN);
                            return;
                        }
                        if (set == null) {
                            set = httpMeta.getRoles();
                        }
                        if (set2 == null) {
                            set2 = httpMeta.getPermissions();
                        }
                        List<ParamPermRolesMeta> list = (List) paramMetaList.stream().filter(paramPermRolesMeta -> {
                            return paramPermRolesMeta.getResources() != null;
                        }).collect(Collectors.toList());
                        List list2 = (List) paramMetaList.stream().filter(paramPermRolesMeta2 -> {
                            return paramPermRolesMeta2.getRange() != null;
                        }).collect(Collectors.toList());
                        boolean z = true;
                        boolean z2 = true;
                        String typeName = methodParameter.getParameter().getType().getTypeName();
                        ValueMatcher.ValueType valueMatchType = paramMetadata.getValueMatchType();
                        for (ParamPermRolesMeta paramPermRolesMeta3 : list) {
                            if (ValueMatcher.match(paramPermRolesMeta3.getResources(), parameter, typeName, valueMatchType) && (!CollectionUtils.containsSub(paramPermRolesMeta3.getRequireRoles(), set) || CollectionUtils.containsSub(paramPermRolesMeta3.getExcludeRoles(), set) || !CollectionUtils.containsSub(paramPermRolesMeta3.getRequirePermissions(), set2) || CollectionUtils.containsSub(paramPermRolesMeta3.getExcludePermissions(), set2))) {
                                z = false;
                                break;
                            }
                        }
                        boolean z3 = false;
                        Iterator it = list2.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            ParamPermRolesMeta paramPermRolesMeta4 = (ParamPermRolesMeta) it.next();
                            if (CollectionUtils.containsSub(paramPermRolesMeta4.getRequireRoles(), set) || !CollectionUtils.containsSub(paramPermRolesMeta4.getExcludeRoles(), set) || CollectionUtils.containsSub(paramPermRolesMeta4.getRequirePermissions(), set2) || !CollectionUtils.containsSub(paramPermRolesMeta4.getExcludePermissions(), set2)) {
                                z2 = false;
                                if (ValueMatcher.match(paramPermRolesMeta4.getRange(), parameter, typeName, valueMatchType)) {
                                    z3 = true;
                                    break;
                                }
                            }
                        }
                        if (!z || (!z2 && (z2 || !z3))) {
                            LogUtils.logs("Forbid : permissions exception by request parameter", httpMeta);
                            error.error(ExceptionStatus.PERM_EXCEPTION);
                            return;
                        }
                    }
                }
            }
        }
    }
}
