package com.elitescloud.boot.security.config;

import cn.hutool.core.util.ObjectUtil;
import com.elitescloud.boot.auth.client.common.InterceptUri;
import com.elitescloud.boot.auth.client.config.AuthorizationProperties;
import com.elitescloud.boot.provider.UserDetailProvider;
import com.elitescloud.boot.redis.util.RedisUtils;
import com.elitescloud.boot.security.common.support.PermissionMetadataProvider;
import com.elitescloud.boot.security.config.metadata.CloudtFilterInvocationSecurityMetadataSource;
import com.elitescloud.boot.security.config.metadata.CloudtRoleVoter;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.function.Predicate;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

@ConditionalOnProperty(prefix = CustomSecurityProperties.CONFIG_PREFIX, name = {"permission-enabled"}, havingValue = "true")
/* loaded from: input_file:com/elitescloud/boot/security/config/FilterInvocationSecurityConfig.class */
public class FilterInvocationSecurityConfig {
    private static final Logger logger = LoggerFactory.getLogger(FilterInvocationSecurityConfig.class);
    private final AuthorizationProperties authorizationProperties;
    private final CustomSecurityProperties customSecurityProperties;

    public FilterInvocationSecurityConfig(AuthorizationProperties authorizationProperties, CustomSecurityProperties customSecurityProperties) {
        this.authorizationProperties = authorizationProperties;
        this.customSecurityProperties = customSecurityProperties;
    }

    @Bean
    public RoleVoter roleVoter() {
        return new CloudtRoleVoter(this.customSecurityProperties);
    }

    @Bean
    public AccessDecisionManager accessDecisionManager(List<AccessDecisionVoter<?>> list) {
        return new AffirmativeBased(list);
    }

    @ConditionalOnMissingBean
    @Bean
    public PermissionMetadataProvider permissionMetadataProvider() {
        logger.warn("未发现有效的PermissionMetadataProvider");
        return generalUserDetails -> {
            return Collections.emptyList();
        };
    }

    @Bean
    public FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource(CustomSecurityProperties customSecurityProperties, UserDetailProvider userDetailProvider, @Autowired(required = false) RedisUtils redisUtils, PermissionMetadataProvider permissionMetadataProvider, HandlerMappingIntrospector handlerMappingIntrospector) {
        CloudtFilterInvocationSecurityMetadataSource cloudtFilterInvocationSecurityMetadataSource = new CloudtFilterInvocationSecurityMetadataSource(this.authorizationProperties, customSecurityProperties, userDetailProvider, permissionMetadataProvider);
        cloudtFilterInvocationSecurityMetadataSource.setAnonymous(((Boolean) ObjectUtil.defaultIfNull(this.authorizationProperties.getAnonymousEnabled(), false)).booleanValue());
        cloudtFilterInvocationSecurityMetadataSource.setAllowPredicate(allowPredicate(handlerMappingIntrospector));
        cloudtFilterInvocationSecurityMetadataSource.setHandlerMappingIntrospector(handlerMappingIntrospector);
        return cloudtFilterInvocationSecurityMetadataSource;
    }

    private Predicate<HttpServletRequest> allowPredicate(HandlerMappingIntrospector handlerMappingIntrospector) {
        HashSet hashSet = new HashSet(64);
        hashSet.addAll(InterceptUri.getAllowUri());
        hashSet.addAll((Collection) ObjectUtil.defaultIfNull(this.authorizationProperties.getAllowList(), Collections.emptySet()));
        return hashSet.isEmpty() ? httpServletRequest -> {
            return false;
        } : httpServletRequest2 -> {
            return hashSet.stream().anyMatch(str -> {
                return new MvcRequestMatcher(handlerMappingIntrospector, str).matches(httpServletRequest2);
            });
        };
    }
}
