package com.vortex.jiangyin.support;

import com.vortex.jiangyin.commons.exception.IllegalAccessOperationException;
import com.vortex.jiangyin.user.service.ResourceService;
import java.lang.reflect.Method;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:com/vortex/jiangyin/support/SecurityFunctionInterceptor.class */
public class SecurityFunctionInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(SecurityFunctionInterceptor.class);
    private final Map<Method, FunctionSecuredMethod> methodCodes = new ConcurrentHashMap();
    private String application;
    private ResourceService resourceService;

    public SecurityFunctionInterceptor(String str, ResourceService resourceService) {
        this.application = str;
        this.resourceService = resourceService;
    }

    private static boolean jiangyinPackage(Class<?> cls) {
        return cls.getPackage().getName().startsWith("com.vortex.jiangyin");
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        httpServletRequest.getHeader("X-Function-Code");
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        Method method = ((HandlerMethod) obj).getMethod();
        if (!jiangyinPackage(method.getDeclaringClass())) {
            return true;
        }
        FunctionSecuredMethod computeIfAbsent = this.methodCodes.computeIfAbsent(method, FunctionSecuredMethod::new);
        String header = httpServletRequest.getHeader("X-UserId");
        Long l = null;
        if (StringUtils.hasText(header)) {
            l = Long.valueOf(Long.parseLong(header));
        }
        Set<String> codes = computeIfAbsent.getCodes();
        if (!codes.isEmpty()) {
            String collectionToCommaDelimitedString = StringUtils.collectionToCommaDelimitedString(codes);
            if (l == null) {
                log.warn("Login required, function code: {}, method: {}", collectionToCommaDelimitedString, method.getName());
                throw new IllegalAccessOperationException(String.format("当前资源（code：%s）需要用户登录", collectionToCommaDelimitedString));
            }
            if (!this.resourceService.hasAuthority(l, codes)) {
                log.warn("user has no authority,user id: {}, function code: {}, method: {}", new Object[]{l, collectionToCommaDelimitedString, method.getName()});
                throw new IllegalAccessOperationException(String.format("用户（id：%d）无操作资源（code：%s）权限", l, collectionToCommaDelimitedString));
            }
        }
        if (!log.isDebugEnabled() || !codes.isEmpty()) {
            return true;
        }
        log.debug("no authority code found for method {}", method.getName());
        return true;
    }
}
