package com.elitescloud.boot.security.config.metadata;

import com.elitescloud.boot.provider.UserDetailProvider;
import com.elitescloud.boot.security.common.support.PermissionMetadataProvider;
import com.elitescloud.boot.security.config.CustomSecurityProperties;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import com.elitescloud.cloudt.system.provider.dto.SysApiPermissionMetadataDTO;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

/* loaded from: input_file:com/elitescloud/boot/security/config/metadata/CloudtFilterInvocationSecurityMetadataSource.class */
public class CloudtFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
    private static final Logger log = LogManager.getLogger(CloudtFilterInvocationSecurityMetadataSource.class);
    static final String DENIED = "DENIED";
    private final CustomSecurityProperties securityProperties;
    private final UserDetailProvider currentUserProvider;
    private final PermissionMetadataProvider permissionMetadataProvider;
    private Predicate<HttpServletRequest> allowPredicate = httpServletRequest -> {
        return false;
    };
    private boolean anonymous = true;
    private HandlerMappingIntrospector handlerMappingIntrospector = new HandlerMappingIntrospector();
    private final Cache<String, Collection<ConfigAttribute>> requestPermissionCache;
    private final Cache<String, List<SysApiPermissionMetadataDTO>> tenantPermissionRoleCache;

    public CloudtFilterInvocationSecurityMetadataSource(CustomSecurityProperties customSecurityProperties, UserDetailProvider userDetailProvider, PermissionMetadataProvider permissionMetadataProvider) {
        this.securityProperties = customSecurityProperties;
        this.currentUserProvider = userDetailProvider;
        this.permissionMetadataProvider = permissionMetadataProvider;
        this.requestPermissionCache = Caffeine.newBuilder().maximumSize(500L).expireAfterWrite(customSecurityProperties.getPermissionActionCache()).build();
        this.tenantPermissionRoleCache = Caffeine.newBuilder().maximumSize(100L).expireAfterWrite(customSecurityProperties.getPermissionActionCache()).build();
    }

    public Collection<ConfigAttribute> getAttributes(Object obj) throws IllegalArgumentException {
        if (!Boolean.TRUE.equals(this.securityProperties.getPermissionEnabled())) {
            return SecurityConfig.createList(new String[0]);
        }
        HttpServletRequest request = ((FilterInvocation) obj).getRequest();
        if (this.allowPredicate != null && this.allowPredicate.test(request)) {
            return SecurityConfig.createList(new String[0]);
        }
        GeneralUserDetails currentUser = this.currentUserProvider.currentUser();
        if (currentUser == null && !this.anonymous) {
            return decline();
        }
        if (currentUser != null && currentUser.isSystemAdmin()) {
            return SecurityConfig.createList(new String[0]);
        }
        String str = generateCacheKey(currentUser) + ":" + request.getMethod() + ":" + request.getRequestURI();
        if (((Collection) this.requestPermissionCache.getIfPresent(str)) == null) {
            this.requestPermissionCache.put(str, queryAttribute(currentUser, request));
        }
        return SecurityConfig.createList(new String[0]);
    }

    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return null;
    }

    public boolean supports(Class<?> cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    public void setAllowPredicate(Predicate<HttpServletRequest> predicate) {
        this.allowPredicate = predicate;
    }

    public void setAnonymous(boolean z) {
        this.anonymous = z;
    }

    public void setHandlerMappingIntrospector(HandlerMappingIntrospector handlerMappingIntrospector) {
        this.handlerMappingIntrospector = handlerMappingIntrospector;
    }

    private Collection<ConfigAttribute> decline() {
        return SecurityConfig.createList(new String[]{this.securityProperties.getRolePrefix() + "DENIED"});
    }

    private Collection<ConfigAttribute> queryAttribute(GeneralUserDetails generalUserDetails, HttpServletRequest httpServletRequest) {
        List<SysApiPermissionMetadataDTO> queryPermissionMetadata = queryPermissionMetadata(generalUserDetails);
        return queryPermissionMetadata.isEmpty() ? Collections.emptyList() : (Collection) queryPermissionMetadata.stream().filter(sysApiPermissionMetadataDTO -> {
            if (!StringUtils.hasText(sysApiPermissionMetadataDTO.getUri())) {
                return false;
            }
            if (!this.securityProperties.isMvcMatcher()) {
                return new AntPathRequestMatcher(sysApiPermissionMetadataDTO.getUri(), StringUtils.hasText(sysApiPermissionMetadataDTO.getMethod()) ? sysApiPermissionMetadataDTO.getMethod().toUpperCase() : null).matches(httpServletRequest);
            }
            MvcRequestMatcher mvcRequestMatcher = new MvcRequestMatcher(this.handlerMappingIntrospector, sysApiPermissionMetadataDTO.getUri());
            if (StringUtils.hasText(sysApiPermissionMetadataDTO.getMethod())) {
                mvcRequestMatcher.setMethod(HttpMethod.resolve(sysApiPermissionMetadataDTO.getMethod().toUpperCase()));
            }
            return mvcRequestMatcher.matches(httpServletRequest);
        }).flatMap(sysApiPermissionMetadataDTO2 -> {
            return CollectionUtils.isEmpty(sysApiPermissionMetadataDTO2.getRoleCodes()) ? Stream.of(this.securityProperties.getRolePrefix() + "DENIED") : sysApiPermissionMetadataDTO2.getRoleCodes().stream().map(str -> {
                return this.securityProperties.getRolePrefix() + str;
            });
        }).distinct().map(SecurityConfig::new).collect(Collectors.toList());
    }

    private List<SysApiPermissionMetadataDTO> queryPermissionMetadata(GeneralUserDetails generalUserDetails) {
        String generateCacheKey = generateCacheKey(generalUserDetails);
        List<SysApiPermissionMetadataDTO> list = (List) this.tenantPermissionRoleCache.getIfPresent(generateCacheKey);
        if (list != null) {
            return list;
        }
        List<SysApiPermissionMetadataDTO> queryPermissionMetadata = this.permissionMetadataProvider.queryPermissionMetadata(generalUserDetails);
        if (queryPermissionMetadata == null) {
            queryPermissionMetadata = Collections.emptyList();
        }
        this.tenantPermissionRoleCache.put(generateCacheKey, queryPermissionMetadata);
        return queryPermissionMetadata;
    }

    private String generateCacheKey(GeneralUserDetails generalUserDetails) {
        String str = "default";
        if (generalUserDetails != null && generalUserDetails.getTenant() != null) {
            str = generalUserDetails.getTenant().getTenantCode();
        }
        return str;
    }
}
