package com.dic.bid.common.satoken.util;

import cn.dev33.satoken.annotation.SaCheckPermission;
import cn.dev33.satoken.annotation.SaIgnore;
import cn.dev33.satoken.exception.SaTokenException;
import cn.dev33.satoken.session.SaSession;
import cn.dev33.satoken.stp.StpUtil;
import cn.dev33.satoken.strategy.SaStrategy;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.BooleanUtil;
import cn.hutool.core.util.ReflectUtil;
import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.dic.bid.common.core.cache.CacheConfig;
import com.dic.bid.common.core.constant.ErrorCodeEnum;
import com.dic.bid.common.core.object.LoginUserInfo;
import com.dic.bid.common.core.object.ResponseResult;
import com.dic.bid.common.core.object.TokenData;
import com.dic.bid.common.core.util.AopTargetUtil;
import com.dic.bid.common.core.util.MyCommonUtil;
import com.dic.bid.common.core.util.RedisKeyUtil;
import com.dic.bid.common.satoken.annotation.SaTokenDenyAuth;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.TreeSet;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.redisson.api.RMap;
import org.redisson.api.RedissonClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.event.ApplicationReadyEvent;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.method.HandlerMethod;

@Component
/* loaded from: input_file:com/dic/bid/common/satoken/util/SaTokenUtil.class */
public class SaTokenUtil {

    @Autowired
    private RedissonClient redissonClient;

    @Resource(name = "caffeineCacheManager")
    private CacheManager cacheManager;

    @Value("${spring.application.name}")
    private String applicationName;
    public static final String SA_TOKEN_PERM_CODES_KEY = "SaTokenPermCodes";
    public static final String SA_TOKEN_PERM_CODES_PUBLISH_TOPIC = "SaTokenPermCodesTopic";

    public void handleNoAuthIntercept() {
        SaSession tokenSession;
        if (StpUtil.isLogin() && (tokenSession = StpUtil.getTokenSession()) != null) {
            TokenData tokenData = (TokenData) JSON.toJavaObject((JSONObject) tokenSession.get("tokenData"), TokenData.class);
            TokenData.addToRequest(tokenData);
            tokenData.setToken(tokenSession.getToken());
        }
    }

    public ResponseResult<Void> handleAuthInterceptEx(HttpServletRequest httpServletRequest, Object obj) {
        if (!StrUtil.isNotBlank(MyCommonUtil.getAppCodeFromRequest())) {
            if (!BooleanUtil.toBoolean(httpServletRequest.getHeader("DONT_AUTH"))) {
                return handleAuthIntercept(httpServletRequest, obj);
            }
            handleNoAuthIntercept();
            return ResponseResult.success();
        }
        String header = httpServletRequest.getHeader("tokenData");
        if (StrUtil.isBlank(header)) {
            return ResponseResult.error(401, ErrorCodeEnum.UNAUTHORIZED_LOGIN, "第三方登录没有包含Token信息！");
        }
        TokenData.addToRequest((TokenData) JSON.parseObject(header, TokenData.class));
        return ResponseResult.success();
    }

    public ResponseResult<Void> handleAuthIntercept(HttpServletRequest httpServletRequest, Object obj) {
        TokenData tokenData;
        if (!(obj instanceof HandlerMethod)) {
            return ResponseResult.success();
        }
        Method method = ((HandlerMethod) obj).getMethod();
        if (!StpUtil.isLogin()) {
            return BooleanUtil.isTrue((Boolean) SaStrategy.instance.isAnnotationPresent.apply(method, SaIgnore.class)) ? ResponseResult.success() : ResponseResult.error(401, ErrorCodeEnum.UNAUTHORIZED_LOGIN, "非免登录接口必须包含Token信息！");
        }
        SaSession tokenSession = StpUtil.getTokenSession();
        if (tokenSession != null && (tokenData = (TokenData) JSON.toJavaObject((JSONObject) tokenSession.get("tokenData"), TokenData.class)) != null) {
            TokenData.addToRequest(tokenData);
            tokenData.setToken(tokenSession.getToken());
            if (Boolean.TRUE.equals(tokenData.getIsAdmin()) || hasPermission(tokenData.getSessionId(), httpServletRequest.getRequestURI())) {
                return ResponseResult.success();
            }
            if (method.getAnnotation(SaTokenDenyAuth.class) != null) {
                return ResponseResult.error(401, ErrorCodeEnum.NO_OPERATION_PERMISSION);
            }
            try {
                SaStrategy.instance.checkMethodAnnotation.accept(method);
                return ResponseResult.success();
            } catch (SaTokenException e) {
                return ResponseResult.error(401, ErrorCodeEnum.NO_OPERATION_PERMISSION);
            }
        }
        return ResponseResult.error(401, ErrorCodeEnum.UNAUTHORIZED_LOGIN, "用户会话已过期，请重新登录！");
    }

    public static String makeLoginId(LoginUserInfo loginUserInfo) {
        StringBuilder sb = new StringBuilder(128);
        sb.append("SATOKEN_LOGIN:");
        if (loginUserInfo.getTenantId() != null) {
            sb.append(loginUserInfo.getTenantId()).append(":");
        }
        sb.append(loginUserInfo.getLoginName()).append(":").append(loginUserInfo.getUserId());
        return sb.toString();
    }

    public List<String> getAllPermCodes() {
        RMap map = this.redissonClient.getMap(SA_TOKEN_PERM_CODES_KEY);
        if (!map.isExists()) {
            return (List) CollUtil.empty(String.class);
        }
        TreeSet treeSet = new TreeSet();
        Iterator it = map.entrySet().iterator();
        while (it.hasNext()) {
            CollUtil.addAll(treeSet, (Iterable) map.get(((Map.Entry) it.next()).getKey()));
        }
        return new LinkedList(treeSet);
    }

    public List<String> getAllTenantPermCodes() {
        RMap map = this.redissonClient.getMap(SA_TOKEN_PERM_CODES_KEY);
        if (!map.isExists()) {
            return (List) CollUtil.empty(String.class);
        }
        TreeSet treeSet = new TreeSet();
        for (Map.Entry entry : map.entrySet()) {
            if (!((String) entry.getKey()).equals("tenant-admin")) {
                CollUtil.addAll(treeSet, (Iterable) map.get(entry.getKey()));
            }
        }
        return new LinkedList(treeSet);
    }

    public List<String> getAllTenantAdminPermCodes() {
        RMap map = this.redissonClient.getMap(SA_TOKEN_PERM_CODES_KEY);
        if (!map.isExists()) {
            return (List) CollUtil.empty(String.class);
        }
        TreeSet treeSet = new TreeSet();
        for (Map.Entry entry : map.entrySet()) {
            if (((String) entry.getKey()).equals("tenant-admin")) {
                CollUtil.addAll(treeSet, (Iterable) map.get(entry.getKey()));
            }
        }
        return new LinkedList(treeSet);
    }

    public void collectPermCodes(ApplicationReadyEvent applicationReadyEvent) {
        this.redissonClient.getTopic(SA_TOKEN_PERM_CODES_PUBLISH_TOPIC).addListener(String.class, (charSequence, str) -> {
            doCollect(applicationReadyEvent);
        });
        doCollect(applicationReadyEvent);
    }

    public void publishCollectPermCodes() {
        this.redissonClient.getTopic(SA_TOKEN_PERM_CODES_PUBLISH_TOPIC).publish((Object) null);
    }

    private void doCollect(ApplicationReadyEvent applicationReadyEvent) {
        Map beansWithAnnotation = applicationReadyEvent.getApplicationContext().getBeansWithAnnotation(RestController.class);
        HashSet hashSet = new HashSet();
        Iterator it = beansWithAnnotation.entrySet().iterator();
        while (it.hasNext()) {
            Arrays.stream(ReflectUtil.getPublicMethods(AopTargetUtil.getTarget(((Map.Entry) it.next()).getValue()).getClass())).map(method -> {
                return method.getAnnotation(SaCheckPermission.class);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).forEach(saCheckPermission -> {
                Collections.addAll(hashSet, saCheckPermission.value());
            });
        }
        this.redissonClient.getMap(SA_TOKEN_PERM_CODES_KEY).put(this.applicationName, hashSet);
    }

    private boolean hasPermission(String str, String str2) {
        Set readAll;
        String makeSessionPermIdKey = RedisKeyUtil.makeSessionPermIdKey(str);
        Cache cache = this.cacheManager.getCache(CacheConfig.CacheEnum.USER_PERMISSION_CACHE.name());
        Assert.notNull(cache, "Cache USER_PERMISSION_CACHE can't be NULL.");
        Cache.ValueWrapper valueWrapper = cache.get(makeSessionPermIdKey);
        if (valueWrapper == null || CollUtil.isEmpty((Set) valueWrapper.get())) {
            readAll = this.redissonClient.getSet(makeSessionPermIdKey).readAll();
            cache.put(makeSessionPermIdKey, readAll);
        } else {
            readAll = (Set) valueWrapper.get();
        }
        return CollUtil.contains(readAll, str2);
    }
}
