package xyz.shodown.upms.security.filter;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.util.StopWatch;
import org.springframework.web.filter.OncePerRequestFilter;
import xyz.shodown.common.request.RequestWrapper;
import xyz.shodown.common.response.ResponseWrapper;
import xyz.shodown.common.response.Result;
import xyz.shodown.common.util.io.ResponseUtil;
import xyz.shodown.upms.config.AdditionalProperties;
import xyz.shodown.upms.security.dto.SecurityUser;
import xyz.shodown.upms.security.handler.AuthEntryPoint;
import xyz.shodown.upms.service.ISysUserService;

@Component
/* loaded from: input_file:xyz/shodown/upms/security/filter/TokenAuthFilter.class */
public class TokenAuthFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger("platform");
    private final ThreadLocal<String> urlLocal = new ThreadLocal<>();

    @Resource
    private AdditionalProperties additionalProperties;

    @Resource
    private AuthEntryPoint authEntryPoint;
    private final ISysUserService sysUserServiceImpl;

    public TokenAuthFilter(ISysUserService iSysUserService) {
        this.sysUserServiceImpl = iSysUserService;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        boolean z = httpServletRequest.getContentType() == null && httpServletRequest.getContentLength() > 0;
        boolean z2 = (httpServletRequest.getContentType() == null || httpServletRequest.getContentType().contains("application/json")) ? false : true;
        if (z || z2) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        HttpServletRequest requestWrapper = new RequestWrapper(httpServletRequest);
        ResponseWrapper responseWrapper = new ResponseWrapper(httpServletResponse);
        StopWatch stopWatch = new StopWatch();
        try {
            try {
                try {
                    try {
                        stopWatch.start();
                        logReq(requestWrapper);
                        String header = requestWrapper.getHeader("Authorization");
                        log.debug("检查令牌:{}", header);
                        if (StringUtils.isNotBlank(header)) {
                            String replace = header.replace("Bearer", "");
                            log.debug("获取当前登录用户名: " + ((Claims) Jwts.parser().setSigningKey(this.additionalProperties.getAccess().getSignKey()).parseClaimsJws(replace).getBody()).getSubject());
                            SecurityUser userByToken = this.sysUserServiceImpl.getUserByToken(replace);
                            if (userByToken == null || userByToken.getCurrentUserInfo() == null) {
                                throw new BadCredentialsException("TOKEN已过期，请重新登录!");
                            }
                            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(userByToken, (Object) null, userByToken.getAuthorities()));
                        }
                        filterChain.doFilter(requestWrapper, responseWrapper);
                        stopWatch.stop();
                        logResp(responseWrapper, stopWatch.getTotalTimeMillis());
                    } catch (ExpiredJwtException e) {
                        SecurityContextHolder.clearContext();
                        log.error("令牌已经过期");
                        this.authEntryPoint.commence(requestWrapper, httpServletResponse, null);
                        stopWatch.stop();
                        logResp(responseWrapper, stopWatch.getTotalTimeMillis());
                    }
                } catch (AuthenticationException e2) {
                    SecurityContextHolder.clearContext();
                    log.error("令牌认证错误: " + e2.getMessage(), e2);
                    this.authEntryPoint.commence(requestWrapper, httpServletResponse, e2);
                    stopWatch.stop();
                    logResp(responseWrapper, stopWatch.getTotalTimeMillis());
                }
            } catch (Exception e3) {
                SecurityContextHolder.clearContext();
                this.logger.error(e3.getMessage(), e3);
                ResponseUtil.out(httpServletResponse, Result.fail(e3.getMessage()));
                stopWatch.stop();
                logResp(responseWrapper, stopWatch.getTotalTimeMillis());
            }
        } catch (Throwable th) {
            stopWatch.stop();
            logResp(responseWrapper, stopWatch.getTotalTimeMillis());
            throw th;
        }
    }

    private void logReq(RequestWrapper requestWrapper) throws IOException {
        if (requestWrapper != null) {
            String requestBody = requestWrapper.getRequestBody();
            String replace = requestWrapper.getRequestURI().replace("//", "/");
            this.urlLocal.set(replace);
            log.info("`{}` 接收到的参数: {}", replace, requestBody);
        }
    }

    private void logResp(ResponseWrapper responseWrapper, long j) throws IOException {
        String str;
        if (responseWrapper != null) {
            byte[] responseData = responseWrapper.getResponseData();
            if (responseData.length > 0) {
                try {
                    str = new String(responseData, 0, responseData.length, responseWrapper.getCharacterEncoding());
                } catch (UnsupportedEncodingException e) {
                    str = "[unknown]";
                }
                log.info("`{}`  耗时:{}ms  返回的参数: {}", new Object[]{this.urlLocal.get(), Long.valueOf(j), str});
                this.urlLocal.remove();
            }
        }
    }
}
