package com.elitescloud.cloudt.core.config.security;

import cn.hutool.core.util.ObjectUtil;
import com.elitescloud.cloudt.authorization.api.client.common.InterceptUri;
import com.elitescloud.cloudt.authorization.api.client.config.AuthorizationProperties;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.elitescloud.cloudt.common.common.CloudtAppHolder;
import com.elitescloud.cloudt.common.util.RedisUtils;
import com.elitescloud.cloudt.security.config.CustomSecurityProperties;
import com.elitescloud.cloudt.security.config.support.metadata.CloudtFilterInvocationSecurityMetadataSource;
import com.elitescloud.cloudt.security.provider.CurrentUserProvider;
import com.elitescloud.cloudt.security.provider.PermissionMetadataProvider;
import com.elitescloud.cloudt.system.provider.SysApiPermissionRpcService;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.function.Predicate;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

/* loaded from: input_file:com/elitescloud/cloudt/core/config/security/CloudtSecurityConfig.class */
public class CloudtSecurityConfig {
    private final AuthorizationProperties a;

    public CloudtSecurityConfig(AuthorizationProperties authorizationProperties) {
        this.a = authorizationProperties;
    }

    @Bean
    public FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource(CustomSecurityProperties customSecurityProperties, CurrentUserProvider currentUserProvider, SysApiPermissionRpcService sysApiPermissionRpcService, @Autowired(required = false) RedisUtils redisUtils, HandlerMappingIntrospector handlerMappingIntrospector) {
        CloudtFilterInvocationSecurityMetadataSource cloudtFilterInvocationSecurityMetadataSource = new CloudtFilterInvocationSecurityMetadataSource(customSecurityProperties, currentUserProvider, a(sysApiPermissionRpcService, redisUtils));
        cloudtFilterInvocationSecurityMetadataSource.setAnonymous(((Boolean) ObjectUtil.defaultIfNull(this.a.getAnonymousEnabled(), false)).booleanValue());
        cloudtFilterInvocationSecurityMetadataSource.setAllowPredicate(a(handlerMappingIntrospector));
        cloudtFilterInvocationSecurityMetadataSource.setHandlerMappingIntrospector(handlerMappingIntrospector);
        return cloudtFilterInvocationSecurityMetadataSource;
    }

    private Predicate<HttpServletRequest> a(HandlerMappingIntrospector handlerMappingIntrospector) {
        HashSet hashSet = new HashSet(64);
        hashSet.addAll(InterceptUri.getAllowUri());
        hashSet.addAll((Collection) ObjectUtil.defaultIfNull(this.a.getAllowList(), Collections.emptySet()));
        return hashSet.isEmpty() ? httpServletRequest -> {
            return false;
        } : httpServletRequest2 -> {
            return hashSet.stream().anyMatch(str -> {
                return new MvcRequestMatcher(handlerMappingIntrospector, str).matches(httpServletRequest2);
            });
        };
    }

    private PermissionMetadataProvider a(SysApiPermissionRpcService sysApiPermissionRpcService, RedisUtils redisUtils) {
        return generalUserDetails -> {
            String str = null;
            if (generalUserDetails != null && generalUserDetails.getTenant() != null) {
                str = generalUserDetails.getTenant().getTenantCode();
            }
            ApiResult queryPermissionMetadata = sysApiPermissionRpcService.queryPermissionMetadata(CloudtAppHolder.getAppCode(), str);
            Assert.isTrue(queryPermissionMetadata.isSuccess(), queryPermissionMetadata.getMsg());
            return (List) queryPermissionMetadata.getData();
        };
    }
}
