package cn.opencodes.framework.core.shiro;

import cn.opencodes.framework.autoconfigure.properties.AlphaProperties;
import cn.opencodes.framework.core.service.AlphaService;
import cn.opencodes.framework.core.utils.SpringUtils;
import cn.opencodes.framework.core.utils.WebUtils;
import cn.opencodes.framework.core.vo.UserRoot;
import cn.opencodes.framework.tools.utils.StringUtils;
import cn.opencodes.framework.tools.vo.CoreConst;
import io.jsonwebtoken.Claims;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/opencodes/framework/core/shiro/AuthcTokenFilter.class */
public class AuthcTokenFilter extends AuthenticatingFilter {
    private Logger logger = LoggerFactory.getLogger(getClass());
    public static final String HEADER_TOKEN_KEY = "token";
    private AlphaService commonSev;
    private JwtTokenGen jwtTokenGen;
    private AlphaProperties props;

    public AuthcTokenFilter(AlphaProperties alphaProperties) {
        this.props = alphaProperties;
    }

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        return new AuthcTokenBean(WebUtils.getUser().getId(), WebUtils.getRequestToken(servletRequest));
    }

    public void afterCompletion(ServletRequest servletRequest, ServletResponse servletResponse, Exception exc) throws Exception {
        super.afterCompletion(servletRequest, servletResponse, exc);
        SecurityUtils.getSubject().logout();
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        this.logger.debug("拦截URL：{}", WebUtils.getPathWithinApplication(WebUtils.toHttp(servletRequest)));
        if (isLoginRequest(servletRequest, servletResponse)) {
            return true;
        }
        if (this.commonSev == null) {
            this.commonSev = (AlphaService) SpringUtils.getBean(AlphaService.class);
        }
        if (this.jwtTokenGen != null) {
            return false;
        }
        this.jwtTokenGen = (JwtTokenGen) SpringUtils.getBean(JwtTokenGen.class);
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        String requestToken = WebUtils.getRequestToken(servletRequest);
        if (this.props.getDebug() > 0 && this.props.getActive().equals("dev")) {
            requestToken = this.jwtTokenGen.generateToken(Long.valueOf(this.props.getDebug()));
        }
        if (StringUtils.isBlank(requestToken)) {
            WebUtils.write(servletResponse, CoreConst.HttpStatus.PARAM_BLANK.value(), "token不能为空");
            return false;
        }
        Claims claimByToken = this.jwtTokenGen.getClaimByToken(requestToken);
        if (claimByToken == null || this.jwtTokenGen.isTokenExpired(claimByToken.getExpiration())) {
            WebUtils.write(servletResponse, CoreConst.HttpStatus.TOKEN_EXPIRED.value(), "token失效，请重新登录");
            return false;
        }
        UserRoot userRootInfo = this.commonSev.getUserRootInfo(Long.parseLong(claimByToken.getSubject()));
        if (userRootInfo == null || userRootInfo.isKickout()) {
            WebUtils.write(servletResponse, CoreConst.HttpStatus.TOKEN_EXPIRED.value(), "您已被踢下线，请重新登录");
            return false;
        }
        WebUtils.setUser(userRootInfo);
        return executeLogin(servletRequest, servletResponse);
    }
}
