package team.bangbang.common.filter;

import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import team.bangbang.common.CommonMPI;
import team.bangbang.common.config.Config;
import team.bangbang.common.data.StatusCode;
import team.bangbang.common.data.response.ResponseBase;
import team.bangbang.common.net.http.HttpClient;
import team.bangbang.sso.IFunctionLimitSSO;
import team.bangbang.sso.SSOContext;

@WebFilter(filterName = "SSOFilter", urlPatterns = {"/*"})
/* loaded from: input_file:team/bangbang/common/filter/SSOFilter.class */
public class SSOFilter implements Filter {
    private static final boolean enable;
    private static String[] no_validation_modules;
    private static String[] no_validation_urls;
    private static String login_url;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("no-validation-modules");
        if (initParameter == null || initParameter.trim().length() == 0) {
            initParameter = Config.getProperty("sso.function-limit.no-validation-modules");
        }
        String initParameter2 = filterConfig.getInitParameter("no-validation-urls");
        if (initParameter2 == null || initParameter2.trim().length() == 0) {
            initParameter2 = Config.getProperty("sso.function-limit.no-validation-urls");
        }
        String initParameter3 = filterConfig.getInitParameter("login-url");
        if (initParameter3 == null || initParameter3.trim().length() == 0) {
            login_url = Config.getProperty("sso.function-limit.login-url");
        } else {
            login_url = initParameter3;
        }
        if (initParameter != null && initParameter.trim().length() > 0) {
            no_validation_modules = initParameter.replaceAll("\\s+", "").split(",");
        }
        if (no_validation_modules == null) {
            no_validation_modules = new String[0];
        }
        if (initParameter2 != null && initParameter2.trim().length() > 0) {
            no_validation_urls = initParameter2.replaceAll("\\s+", "").split(",");
        }
        if (no_validation_urls == null) {
            no_validation_urls = new String[0];
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!enable) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.addHeader("Access-Control-Allow-Headers", "token");
        httpServletResponse.setCharacterEncoding("UTF-8");
        new SSOContext(httpServletRequest, httpServletResponse);
        if (httpServletRequest.getMethod().equalsIgnoreCase("OPTIONS")) {
            String header = httpServletResponse.getHeader("Access-Control-Allow-Origin");
            if (header == null) {
                httpServletResponse.getHeader("access-control-allow-origin");
            }
            if (header == null) {
                httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
            }
            httpServletResponse.setStatus(StatusCode.SUCCESS);
            return;
        }
        String uri = CommonMPI.getURI(httpServletRequest);
        if (ignoreValidation(uri)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        ResponseBase responseBase = new ResponseBase();
        String applicationId = SSOContext.getApplicationId();
        if (applicationId == null || applicationId.trim().length() == 0) {
            responseBase.setStatusCode(StatusCode.REQUEST_DATA_EXPECTED);
            responseBase.setMessage("未设置applicationId参数，可以通过HTTP请求传递applicationId参数，也可以在配置文件中添加 sso.application.id 设置。");
            httpServletResponse.getWriter().print(JSONObject.toJSONString(responseBase));
            return;
        }
        IFunctionLimitSSO functionLimitSSO = SSOContext.getFunctionLimitSSO();
        if (functionLimitSSO != null && canVisit(functionLimitSSO, applicationId)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        httpServletResponse.setContentType(HttpClient.JsonMime);
        addCrossHeader(httpServletResponse);
        responseBase.setStatusCode(StatusCode.DATA_STATUS_ERROR);
        responseBase.setMessage("访问URI无权限：" + uri + "，或者当前登录信息已经失效，请重新登录 " + login_url);
        httpServletResponse.getWriter().print(JSONObject.toJSONString(responseBase));
    }

    private boolean canVisit(IFunctionLimitSSO iFunctionLimitSSO, String str) {
        String parameter = SSOContext.getHttpRequest().getParameter("code");
        String str2 = null;
        if (parameter == null || parameter.trim().length() <= 0) {
            String parameter2 = SSOContext.getHttpRequest().getParameter("uri");
            if (parameter2 == null || parameter2.trim().length() == 0) {
                parameter2 = CommonMPI.getURI(SSOContext.getHttpRequest());
            }
            str2 = parameter2.trim();
        } else {
            parameter = parameter.trim();
        }
        return iFunctionLimitSSO.canVisit(str, parameter, str2);
    }

    private boolean ignoreValidation(String str) {
        int lastIndexOf = str.lastIndexOf(".");
        String str2 = str;
        if (lastIndexOf > 0) {
            str2 = str2.substring(0, lastIndexOf);
        }
        if (str2.endsWith("Select") || str2.endsWith("Frame")) {
            return true;
        }
        for (String str3 : no_validation_modules) {
            if (str3.indexOf("*") >= 0) {
                if (str.matches("^" + str3.replaceAll("\\.", "\\\\.").replaceAll("\\*", ".+") + "$")) {
                    return true;
                }
            } else if (str.startsWith(str3)) {
                return true;
            }
        }
        for (String str4 : no_validation_urls) {
            if (str4.indexOf("*") >= 0) {
                if (str.matches("^" + str4.replaceAll("\\.", "\\\\.").replaceAll("\\*", ".+") + "$")) {
                    return true;
                }
            } else if (str.equals(str4)) {
                return true;
            }
        }
        return false;
    }

    private void addCrossHeader(HttpServletResponse httpServletResponse) {
        String header = httpServletResponse.getHeader("Access-Control-Allow-Origin");
        if (header == null) {
            httpServletResponse.getHeader("access-control-allow-origin");
        }
        if (header == null) {
            httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
        }
    }

    public void destroy() {
    }

    static {
        enable = Config.getProperty("filter.SSOFilter.enable") != null && Config.getProperty("filter.SSOFilter.enable").trim().equalsIgnoreCase("true");
        no_validation_modules = null;
        no_validation_urls = null;
        login_url = null;
    }
}
