package com.elitesland.cloudt.authorization.api.provider.security.impl;

import com.elitesland.cloudt.authorization.api.client.common.AuthorizationException;
import com.elitesland.cloudt.authorization.api.client.token.AbstractCustomAuthenticationToken;
import com.elitesland.cloudt.authorization.api.provider.config.system.TenantProperties;
import com.elitesland.cloudt.authorization.api.provider.security.AuthenticationCheckService;
import com.elitesland.cloudt.context.util.HttpServletUtil;
import com.elitesland.yst.common.constant.Terminal;
import com.elitesland.yst.core.provider.tenant.TenantClientProvider;
import com.elitesland.yst.security.entity.GeneralUserDetails;
import com.elitesland.yst.system.dto.SysTenantDTO;
import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.core.AuthenticationException;
import org.springframework.util.CollectionUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:com/elitesland/cloudt/authorization/api/provider/security/impl/TenantAuthenticationCheckServiceImpl.class */
public class TenantAuthenticationCheckServiceImpl<T extends AbstractCustomAuthenticationToken<T>> implements AuthenticationCheckService<T> {
    private static final Logger log = LogManager.getLogger(TenantAuthenticationCheckServiceImpl.class);
    private final TenantProperties tenantProperties;
    private final TenantClientProvider tenantClientProvider;

    public TenantAuthenticationCheckServiceImpl(TenantProperties tenantProperties, TenantClientProvider tenantClientProvider) {
        this.tenantProperties = tenantProperties;
        this.tenantClientProvider = tenantClientProvider;
    }

    @Override // com.elitesland.cloudt.authorization.api.provider.security.AuthenticationCheckService
    public void additionalAuthenticationChecks(GeneralUserDetails generalUserDetails, T t) throws AuthenticationException {
        if (!this.tenantClientProvider.enabledTenant() || !Boolean.TRUE.equals(Boolean.valueOf(this.tenantProperties.isLimitTenantLogin())) || CollectionUtils.isEmpty(generalUserDetails.getUser().getSysTenantDTOList()) || !Terminal.BACKEND.name().equals(t.getTerminal()) || generalUserDetails.isSystemAdmin() || generalUserDetails.isOperation()) {
            return;
        }
        if (this.tenantClientProvider.isDefaultDomainRequest()) {
            throw new AuthorizationException("请转至对应租户下的站点登录");
        }
        SysTenantDTO obtainTenantFromRequest = this.tenantClientProvider.obtainTenantFromRequest();
        if (obtainTenantFromRequest == null) {
            log.info("请求域名：{}", obtainDomain());
            throw new AuthorizationException("未知站点所属租户");
        }
        if (generalUserDetails.getTenant() == null || !generalUserDetails.getTenant().getId().equals(obtainTenantFromRequest.getId())) {
            log.warn("登录用户的租户：{}", generalUserDetails.getTenant());
            throw new AuthorizationException("请转至租户下的站点登录");
        }
    }

    private String obtainDomain() {
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes == null) {
            return null;
        }
        HttpServletRequest request = requestAttributes.getRequest();
        String stringBuffer = request.getRequestURL().toString();
        String obtainDomain = HttpServletUtil.obtainDomain(request);
        log.info("请求路径：{}, {}", stringBuffer, obtainDomain);
        return obtainDomain;
    }
}
