package cn.opencodes.framework.core.shiro;

import cn.opencodes.framework.core.service.AlphaService;
import cn.opencodes.framework.core.utils.SpringUtils;
import cn.opencodes.framework.core.utils.WebUtils;
import cn.opencodes.framework.tools.vo.CoreConst;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/opencodes/framework/core/shiro/AuthcSecretFilter.class */
public class AuthcSecretFilter extends AccessControlFilter {
    private Logger logger = LoggerFactory.getLogger(getClass());
    public static final String HEADER_APP_KEY = "appKey";
    public static final String HEADER_SECRET_KEY = "appSecret";
    private AlphaService commonSev;

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        if (this.commonSev != null) {
            return false;
        }
        this.commonSev = (AlphaService) SpringUtils.getBean(AlphaService.class);
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        this.logger.debug("拦截URL：{}", getPathWithinApplication(servletRequest));
        String requestAppKey = WebUtils.getRequestAppKey(servletRequest);
        if (StringUtils.isBlank(requestAppKey)) {
            WebUtils.write(servletResponse, CoreConst.HttpStatus.PARAM_BLANK.value(), "appKey不能为空");
            return false;
        }
        String requestAppSecret = WebUtils.getRequestAppSecret(servletRequest);
        if (StringUtils.isBlank(requestAppSecret)) {
            WebUtils.write(servletResponse, CoreConst.HttpStatus.PARAM_BLANK.value(), "appSecret不能为空");
            return false;
        }
        if (this.commonSev.checkAppKeyAndSecret(requestAppKey, requestAppSecret)) {
            return true;
        }
        WebUtils.write(servletResponse, CoreConst.HttpStatus.TOKEN_EXPIRED.value(), "appSecret已失效");
        return false;
    }
}
