package org.apache.shenyu.plugin.jwt;

import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HttpRequest;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import javax.annotation.Resource;
import org.apache.shenyu.common.dto.RuleData;
import org.apache.shenyu.common.dto.SelectorData;
import org.apache.shenyu.common.dto.convert.rule.impl.JwtRuleHandle;
import org.apache.shenyu.common.enums.PluginEnum;
import org.apache.shenyu.common.utils.Md5Utils;
import org.apache.shenyu.common.utils.Singleton;
import org.apache.shenyu.plugin.api.ShenyuPluginChain;
import org.apache.shenyu.plugin.api.result.ShenyuResultEnum;
import org.apache.shenyu.plugin.api.result.ShenyuResultWrap;
import org.apache.shenyu.plugin.api.utils.WebFluxResultUtils;
import org.apache.shenyu.plugin.base.AbstractShenyuPlugin;
import org.apache.shenyu.plugin.jwt.config.JwtConfig;
import org.apache.shenyu.plugin.jwt.constants.JwtConstants;
import org.apache.shenyu.plugin.jwt.entity.ShenyuUmcDataEntity;
import org.apache.shenyu.plugin.jwt.entity.ShenyuUmcRspEntity;
import org.apache.shenyu.plugin.jwt.enums.JwtEnum;
import org.apache.shenyu.plugin.jwt.exception.ThrowingFunction;
import org.apache.shenyu.plugin.jwt.util.RegexUtils;
import org.apache.shenyu.springboot.starter.redis.cache.CacheClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.core.io.buffer.DataBufferUtils;
import org.springframework.http.HttpCookie;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/shenyu/plugin/jwt/JwtPlugin.class */
public class JwtPlugin extends AbstractShenyuPlugin {
    private static final Logger log = LoggerFactory.getLogger(JwtPlugin.class);
    private static final String RESP_CODE_SUCCESS = "0000";
    private static final String AUTH2_TOKEN = "Bearer";
    private static final String APPLICATION_JSON_UTF8_VALUE = "json";

    @Resource
    private CacheClient cacheClient;

    protected Mono<Void> doExecute(ServerWebExchange serverWebExchange, ShenyuPluginChain shenyuPluginChain, SelectorData selectorData, RuleData ruleData) {
        JwtConfig jwtConfig = (JwtConfig) Singleton.INST.get(JwtConfig.class);
        if (!whetherNeedVerify(serverWebExchange.getRequest().getURI().toString(), jwtConfig.getStaticResources())) {
            return shenyuPluginChain.execute(serverWebExchange);
        }
        String first = serverWebExchange.getRequest().getHeaders().getFirst(JwtConstants.REFERER);
        if (StrUtil.isEmpty(first)) {
            first = serverWebExchange.getRequest().getHeaders().getFirst(JwtConstants.REFERER_LOWER_CASE);
        }
        boolean z = true;
        for (String str : jwtConfig.getVerifyReferers()) {
            if (first == null || first.trim().startsWith(str)) {
                z = false;
                break;
            }
        }
        String first2 = serverWebExchange.getRequest().getHeaders().getFirst("auth-token");
        if (StrUtil.isEmpty(first2) && ObjectUtil.isNotEmpty(serverWebExchange.getRequest().getCookies())) {
            first2 = ((HttpCookie) serverWebExchange.getRequest().getCookies().getFirst("auth-token")).getValue();
        }
        if (StrUtil.isEmpty(first2)) {
            return buildErrorResult(serverWebExchange, JwtEnum.TOKEN_VALIDATE_ERROR.getCode(), "登录信息无效，请重新登录");
        }
        if (StrUtil.isEmpty(jwtConfig.getSecretKey())) {
            log.error("请完善JWT插件配置项：secretKey");
            return buildErrorResult(serverWebExchange, JwtEnum.TOKEN_VALIDATE_ERROR.getCode(), "登录信息无效，请重新登录");
        }
        Map<String, Object> checkAuthorization = checkAuthorization(compatible(first2, null), jwtConfig.getSecretKey());
        if (null == checkAuthorization) {
            return buildErrorResult(serverWebExchange, JwtEnum.TOKEN_VALIDATE_ERROR.getCode(), "登录信息无效，请重新登录");
        }
        if (z && !first.equals(checkAuthorization.get(JwtConstants.REFERER_LOWER_CASE).toString())) {
            serverWebExchange.getResponse().getHeaders().setContentType(MediaType.TEXT_HTML);
            serverWebExchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
            return serverWebExchange.getResponse().writeWith(Mono.just(serverWebExchange.getResponse().bufferFactory().wrap("<font size=6 color=red>对不起，您的请求非法，系统拒绝响应!</font>".getBytes(StandardCharsets.UTF_8))).doOnNext(dataBuffer -> {
                serverWebExchange.getResponse().getHeaders().setContentLength(dataBuffer.readableByteCount());
            }));
        }
        ShenyuUmcRspEntity userDetail = getUserDetail(jwtConfig, checkAuthorization, first2, serverWebExchange);
        if (ShenyuResultEnum.SUCCESS.getCode() != userDetail.getCode().intValue()) {
            return buildErrorResult(serverWebExchange, String.valueOf(ShenyuResultEnum.FAIL.getCode()), "登录信息无效，请重新登录");
        }
        MediaType contentType = serverWebExchange.getRequest().getHeaders().getContentType();
        return (ObjectUtil.isNotEmpty(contentType) && contentType.toString().contains(APPLICATION_JSON_UTF8_VALUE)) ? injectUserInfo(shenyuPluginChain, serverWebExchange, checkAuthorization, JSON.parseObject(userDetail.getData().getUserDetails()), first2) : shenyuPluginChain.execute(serverWebExchange);
    }

    private ShenyuUmcRspEntity getUserDetail(JwtConfig jwtConfig, Map<String, Object> map, String str, ServerWebExchange serverWebExchange) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(JwtConstants.TAG_ID, map.get(JwtConstants.TAG_ID));
        jSONObject.put(JwtConstants.URI, serverWebExchange.getRequest().getURI());
        jSONObject.put(JwtConstants.APP_CODE, map.get(JwtConstants.APP_CODE));
        jSONObject.put(JwtConstants.USER_ID, map.get(JwtConstants.USER_ID));
        jSONObject.put(JwtConstants.TOKEN, str);
        jSONObject.put(JwtConstants.LOGIN_SOURCE, map.get(JwtConstants.LOGIN_SOURCE));
        Object obj = this.cacheClient.get(str + "LoginExpTime", true);
        if (ObjectUtil.isEmpty(obj)) {
            return new ShenyuUmcRspEntity(Integer.valueOf(ShenyuResultEnum.FAIL.getCode()), "登录信息无效，请重新登录。", null);
        }
        if (Long.parseLong(obj.toString()) - System.currentTimeMillis() < 60000) {
            httpCompatible(jwtConfig.getUpdateLoginTimeService(), str, jSONObject);
        }
        Object obj2 = this.cacheClient.get(str, true);
        return ObjectUtil.isEmpty(obj2) ? httpCompatible(jwtConfig.getUserInfoService(), str, jSONObject) : ShenyuUmcRspEntity.builder().code(Integer.valueOf(ShenyuResultEnum.SUCCESS.getCode())).message(ShenyuResultEnum.SUCCESS.getMsg()).data(ShenyuUmcDataEntity.builder().userDetails(obj2.toString()).build()).build();
    }

    private ShenyuUmcRspEntity httpCompatible(String str, String str2, JSONObject jSONObject) {
        try {
            String body = ((HttpRequest) HttpRequest.post(str).header("auth-token", str2)).body(jSONObject.toJSONString()).execute().body();
            if (StrUtil.isEmpty(body)) {
                return ShenyuUmcRspEntity.builder().code(Integer.valueOf(ShenyuResultEnum.FAIL.getCode())).message("权限接口返回结果为空").build();
            }
            try {
                ShenyuUmcRspEntity shenyuUmcRspEntity = (ShenyuUmcRspEntity) JSON.parseObject(body, ShenyuUmcRspEntity.class);
                if (ObjectUtil.isEmpty(shenyuUmcRspEntity.getCode())) {
                    JSONObject parseObject = JSON.parseObject(body);
                    if (RESP_CODE_SUCCESS.equals(parseObject.getString(JwtConstants.RESP_CODE))) {
                        shenyuUmcRspEntity.setCode(Integer.valueOf(ShenyuResultEnum.SUCCESS.getCode()));
                        shenyuUmcRspEntity.setData(ShenyuUmcDataEntity.builder().expTime(parseObject.getLong(JwtConstants.EXP_TIME)).userDetails(parseObject.getString(JwtConstants.USER_DETAILS)).build());
                    }
                }
                return shenyuUmcRspEntity;
            } catch (Exception e) {
                return ShenyuUmcRspEntity.builder().code(Integer.valueOf(ShenyuResultEnum.FAIL.getCode())).message("权限接口返回格式异常").build();
            }
        } catch (Exception e2) {
            log.error(e2.getMessage());
            e2.printStackTrace();
            return ShenyuUmcRspEntity.builder().code(Integer.valueOf(ShenyuResultEnum.FAIL.getCode())).message("调用权限接口错误").build();
        }
    }

    private Mono<Void> buildErrorResult(ServerWebExchange serverWebExchange, String str, String str2) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(JwtConstants.RESP_CODE, str);
        jSONObject.put(JwtConstants.RESP_DESC, str2);
        return WebFluxResultUtils.result(serverWebExchange, JSON.toJSONString(ShenyuResultWrap.error(serverWebExchange, ShenyuResultEnum.FAIL.getCode(), str2, jSONObject)).getBytes(StandardCharsets.UTF_8));
    }

    private boolean whetherNeedVerify(String str, String str2) {
        boolean z = true;
        if (str.contains("noauth")) {
            return false;
        }
        if (StrUtil.isNotEmpty(str2)) {
            for (String str3 : str2.split(";")) {
                if (RegexUtils.wildcardEquals(str3, str)) {
                    z = false;
                }
            }
        }
        if (RegexUtils.wildcardEquals("**/**/users/signup/**", str)) {
            z = false;
        }
        if (RegexUtils.wildcardEquals("**/**/noauth/**", str)) {
            z = false;
        }
        if (RegexUtils.wildcardEquals("**/**/**/noauth/**", str)) {
            z = false;
        }
        if (RegexUtils.wildcardEquals("**/**/api/token/get", str)) {
            z = false;
        }
        return z;
    }

    public String named() {
        return PluginEnum.JWT.getName();
    }

    public int getOrder() {
        return PluginEnum.JWT.getCode();
    }

    private String compatible(String str, String str2) {
        String str3;
        if (StrUtil.isNotEmpty(str)) {
            str3 = str;
        } else {
            if (!StrUtil.isNotEmpty(str2)) {
                return null;
            }
            str3 = str2;
        }
        return isAuth2(str3) ? str3.split(" ")[1] : str3;
    }

    private boolean isAuth2(String str) {
        return str.contains(AUTH2_TOKEN);
    }

    private Map<String, Object> checkAuthorization(String str, String str2) {
        if (StrUtil.isEmpty(str)) {
            return null;
        }
        JwtParser parser = Jwts.parser();
        if (!parser.isSigned(str)) {
            return null;
        }
        parser.setSigningKey(str2.getBytes(StandardCharsets.UTF_8));
        Jwt jwt = (Jwt) ThrowingFunction.wrap(() -> {
            return parser.parse(str);
        });
        if (jwt == null) {
            return null;
        }
        return (Map) jwt.getBody();
    }

    private ServerWebExchange converter(ServerWebExchange serverWebExchange, Map<String, Object> map, List<JwtRuleHandle.Convert> list) {
        return serverWebExchange.mutate().request(serverWebExchange.getRequest().mutate().headers(httpHeaders -> {
            addHeader(httpHeaders, map, list);
        }).build()).build();
    }

    private Mono<Void> injectUserInfo(ShenyuPluginChain shenyuPluginChain, ServerWebExchange serverWebExchange, Map<String, Object> map, JSONObject jSONObject, String str) {
        return DataBufferUtils.join(serverWebExchange.getRequest().getBody()).flatMap(dataBuffer -> {
            byte[] bArr = new byte[dataBuffer.readableByteCount()];
            dataBuffer.read(bArr);
            DataBufferUtils.release(dataBuffer);
            String str2 = new String(bArr, StandardCharsets.UTF_8);
            JSONObject parseObject = JSONObject.parseObject(str2);
            JSONObject jSONObject2 = new JSONObject(true);
            jSONObject2.putAll(jSONObject);
            jSONObject2.putAll(parseObject);
            jSONObject2.put(JwtConstants.USER_ID, jSONObject.get(JwtConstants.USER_ID));
            jSONObject2.put(JwtConstants.MEMID_IN, jSONObject.get(JwtConstants.MEMID_IN));
            jSONObject2.put(JwtConstants.MEMID_EXT, jSONObject.get(JwtConstants.MEMID_EXT));
            jSONObject2.put(JwtConstants.ORG_ID, jSONObject.get(JwtConstants.ORG_ID));
            jSONObject2.put(JwtConstants.ORG_PATH, jSONObject.get(JwtConstants.ORG_PATH));
            final Flux defer = Flux.defer(() -> {
                return Mono.just(serverWebExchange.getResponse().bufferFactory().wrap(jSONObject2.toJSONString().getBytes(StandardCharsets.UTF_8)));
            });
            final HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.putAll(serverWebExchange.getRequest().getHeaders());
            httpHeaders.remove("Content-Length");
            httpHeaders.set("Transfer-Encoding", "chunked");
            ServerWebExchange build = serverWebExchange.mutate().request(new ServerHttpRequestDecorator(serverWebExchange.getRequest()) { // from class: org.apache.shenyu.plugin.jwt.JwtPlugin.1
                public HttpHeaders getHeaders() {
                    HttpHeaders httpHeaders2 = new HttpHeaders();
                    httpHeaders2.putAll(httpHeaders);
                    return httpHeaders2;
                }

                public Flux<DataBuffer> getBody() {
                    return defer;
                }
            }).build();
            build.getAttributes().put(JwtConstants.USER_ID, jSONObject.get(JwtConstants.USER_ID));
            build.getAttributes().put(JwtConstants.DATA, map);
            build.getAttributes().put("auth-token", str);
            build.getAttributes().put("verifyContent", getVerifyContent(str2));
            build.getAttributes().put("originalParamJson", parseObject.toJSONString());
            return shenyuPluginChain.execute(build);
        });
    }

    private Object getVerifyContent(String str) {
        return Md5Utils.md5(str.replaceAll("[^a-zA-Z0-9]", ""));
    }

    private void addHeader(HttpHeaders httpHeaders, Map<String, Object> map, List<JwtRuleHandle.Convert> list) {
        for (JwtRuleHandle.Convert convert : list) {
            if (convert.getJwtVal().contains(".")) {
                httpHeaders.add(convert.getHeaderVal(), parse(map, convert.getJwtVal().split("\\."), new AtomicInteger(0)));
            } else {
                httpHeaders.add(convert.getHeaderVal(), String.valueOf(map.get(convert.getJwtVal())));
            }
        }
    }

    private String parse(Map<String, Object> map, String[] strArr, AtomicInteger atomicInteger) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if (atomicInteger.get() == strArr.length - 1) {
                return String.valueOf(map.get(strArr[atomicInteger.get()]));
            }
            if (entry.getKey().equals(strArr[atomicInteger.get()]) && (entry.getValue() instanceof Map)) {
                atomicInteger.incrementAndGet();
                return parse((Map) entry.getValue(), strArr, atomicInteger);
            }
        }
        return String.valueOf(map.get(strArr[atomicInteger.get()]));
    }
}
