package com.elitesland.yst.security.config.support.metadata;

import com.elitesland.yst.common.util.RedisUtils;
import com.elitesland.yst.security.common.PermissionActionBO;
import com.elitesland.yst.security.common.PermissionWhiteListEnum;
import com.elitesland.yst.security.config.CustomSecurityProperties;
import com.elitesland.yst.security.entity.GeneralUserDetails;
import com.elitesland.yst.security.provider.CurrentUserProvider;
import com.elitesland.yst.security.provider.PermissionProvider;
import com.elitesland.yst.system.provider.SysRoleRpcService;
import com.elitesland.yst.system.service.SysPermissionService;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import org.apache.dubbo.config.annotation.DubboReference;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitesland/yst/security/config/support/metadata/PermissionBasedFilterSecurityMetadataSource.class */
public class PermissionBasedFilterSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
    private static final Logger log = LogManager.getLogger(PermissionBasedFilterSecurityMetadataSource.class);
    private static final String DENIED = "DENIED";
    private final List<RequestMatcher> whiteListMatcher = (List) Arrays.stream(PermissionWhiteListEnum.values()).map(permissionWhiteListEnum -> {
        return new AntPathRequestMatcher(permissionWhiteListEnum.getPath(), permissionWhiteListEnum.getMethod() == null ? null : permissionWhiteListEnum.getMethod().toString());
    }).collect(Collectors.toList());
    private final Cache<String, List<PermissionActionBO>> permissionCache;
    private final Cache<String, Collection<ConfigAttribute>> requestPermissionCache;
    private final CustomSecurityProperties customSecurityProperties;
    private final CurrentUserProvider currentUserProvider;

    @Autowired
    private RedisUtils redisUtils;

    @Autowired
    private PermissionProvider permissionProvider;

    @DubboReference
    @Autowired
    private SysRoleRpcService sysRoleService;

    @DubboReference(version = "${provider.service.version}")
    @Autowired
    private SysPermissionService sysPermissionService;

    public PermissionBasedFilterSecurityMetadataSource(CustomSecurityProperties customSecurityProperties, CurrentUserProvider currentUserProvider) {
        this.customSecurityProperties = customSecurityProperties;
        this.currentUserProvider = currentUserProvider;
        if (!CollectionUtils.isEmpty(customSecurityProperties.getIgnoreUrls())) {
            this.whiteListMatcher.addAll((Collection) customSecurityProperties.getIgnoreUrls().stream().map(whiteUrl -> {
                return new AntPathRequestMatcher(whiteUrl.getUrl(), whiteUrl.getMethod());
            }).collect(Collectors.toList()));
        }
        this.permissionCache = Caffeine.newBuilder().maximumSize(50L).expireAfterWrite(customSecurityProperties.getPermissionActionCache()).build();
        this.requestPermissionCache = Caffeine.newBuilder().maximumSize(500L).expireAfterWrite(customSecurityProperties.getPermissionActionCache()).build();
    }

    public Collection<ConfigAttribute> getAttributes(Object obj) throws IllegalArgumentException {
        if (!Boolean.TRUE.equals(this.customSecurityProperties.getPermissionEnabled())) {
            return SecurityConfig.createList(new String[0]);
        }
        HttpServletRequest request = ((FilterInvocation) obj).getRequest();
        if (this.whiteListMatcher.stream().anyMatch(requestMatcher -> {
            return requestMatcher.matches(request);
        })) {
            return SecurityConfig.createList(new String[0]);
        }
        GeneralUserDetails currentUser = this.currentUserProvider.currentUser();
        if (currentUser == null) {
            return List.of(new SecurityConfig(this.customSecurityProperties.getRolePrefix() + "DENIED"));
        }
        if (currentUser.isSystemAdmin()) {
            return SecurityConfig.createList(new String[0]);
        }
        String str = generateCacheKey(currentUser) + ":" + request.getRequestURI();
        Collection<ConfigAttribute> collection = (Collection) this.requestPermissionCache.getIfPresent(str);
        if (collection == null) {
            collection = queryAttributes(request, currentUser);
            this.requestPermissionCache.put(str, collection);
        }
        return collection;
    }

    private Collection<ConfigAttribute> queryAttributes(HttpServletRequest httpServletRequest, GeneralUserDetails generalUserDetails) {
        List<ConfigAttribute> configAttributes = getConfigAttributes(httpServletRequest);
        return configAttributes != null ? configAttributes : newPermission(httpServletRequest, generalUserDetails);
    }

    private List<ConfigAttribute> newPermission(HttpServletRequest httpServletRequest, GeneralUserDetails generalUserDetails) {
        List<PermissionActionBO> queryPermissions = queryPermissions(generalUserDetails);
        if (queryPermissions.isEmpty()) {
            return SecurityConfig.createList(new String[0]);
        }
        String rolePrefix = this.customSecurityProperties.getRolePrefix();
        return (List) queryPermissions.parallelStream().filter(permissionActionBO -> {
            if (StringUtils.hasText(permissionActionBO.getPattern())) {
                return new AntPathRequestMatcher(permissionActionBO.getPattern(), permissionActionBO.getHttpMethod()).matches(httpServletRequest);
            }
            return false;
        }).flatMap(permissionActionBO2 -> {
            return CollectionUtils.isEmpty(permissionActionBO2.getRoleCodes()) ? Stream.of(rolePrefix + "DENIED") : permissionActionBO2.getRoleCodes().stream().map(str -> {
                return rolePrefix + str;
            });
        }).distinct().map(SecurityConfig::new).collect(Collectors.toList());
    }

    private List<ConfigAttribute> getConfigAttributes(HttpServletRequest httpServletRequest) {
        return null;
    }

    public Collection<ConfigAttribute> getAllConfigAttributes() {
        List list = (List) this.redisUtils.get("sys_all_roles");
        if (list.isEmpty()) {
            list = this.sysRoleService.listAll();
        }
        return SecurityConfig.createList((String[]) list.stream().map((v0) -> {
            return v0.getCode();
        }).toArray(i -> {
            return new String[i];
        }));
    }

    public boolean supports(Class<?> cls) {
        return Boolean.TRUE.equals(this.customSecurityProperties.getPermissionEnabled()) && FilterInvocation.class.isAssignableFrom(cls);
    }

    private boolean methodSupport(String str) {
        return (str == null || HttpMethod.resolve(str.toUpperCase()) == null) ? false : true;
    }

    private List<PermissionActionBO> queryPermissions(GeneralUserDetails generalUserDetails) {
        String generateCacheKey = generateCacheKey(generalUserDetails);
        List<PermissionActionBO> list = (List) this.permissionCache.getIfPresent(generateCacheKey);
        if (list == null) {
            list = this.permissionProvider.queryPermissionActions();
            if (!list.isEmpty()) {
                this.permissionCache.put(generateCacheKey, list);
            }
        }
        return list;
    }

    private String generateCacheKey(GeneralUserDetails generalUserDetails) {
        String str = "default";
        if (generalUserDetails != null && generalUserDetails.getTenant() != null) {
            str = generalUserDetails.getTenant().getId().toString();
        }
        return str;
    }
}
