package com.elitesland.security.filter;

import com.elitesland.core.constant.CommonConstant;
import com.elitesland.core.exception.BadJwtTokenException;
import com.elitesland.security.TokenProvider;
import com.elitesland.security.config.bean.JwtProperties;
import com.elitesland.security.handle.JsonAuthenticationEntryPoint;
import com.elitesland.security.service.OnlineUserService;
import com.elitesland.security.service.entity.OnlineUserDO;
import io.jsonwebtoken.ExpiredJwtException;
import java.io.IOException;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:com/elitesland/security/filter/JwtTokenFilter.class */
public class JwtTokenFilter extends GenericFilterBean {
    private static final Logger log = LoggerFactory.getLogger(JwtTokenFilter.class);
    private final JwtProperties jwtProperties;
    private final OnlineUserService onlineUserService;
    private final TokenProvider tokenProvider;
    private final AuthenticationEntryPoint authenticationEntryPoint = new JsonAuthenticationEntryPoint();
    private final AntPathRequestMatcher currentMatcher = new AntPathRequestMatcher("/sys/users/current", "GET");

    public JwtTokenFilter(JwtProperties jwtProperties, OnlineUserService onlineUserService, TokenProvider tokenProvider) {
        this.jwtProperties = jwtProperties;
        this.onlineUserService = onlineUserService;
        this.tokenProvider = tokenProvider;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        this.logger.debug("JWT token filter triggerred");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Optional<String> resolveToken = resolveToken(httpServletRequest);
        if (resolveToken.isEmpty() && this.currentMatcher.matches(httpServletRequest)) {
            throw new BadJwtTokenException("获取当前用户信息需提供令牌");
        }
        if (!resolveToken.isPresent()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String str = resolveToken.get();
        OnlineUserDO onlineUserDO = null;
        try {
            onlineUserDO = this.onlineUserService.getOne(this.jwtProperties.getOnlineKey() + str);
        } catch (ExpiredJwtException e) {
            log.error(e.getMessage());
        }
        if (onlineUserDO == null || !StringUtils.hasText(str)) {
            this.authenticationEntryPoint.commence((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, new BadJwtTokenException("认证令牌已过期"));
            return;
        }
        SecurityContextHolder.getContext().setAuthentication(this.tokenProvider.getAuthentication(str));
        this.tokenProvider.checkRenewal(str);
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private Optional<String> resolveToken(HttpServletRequest httpServletRequest) throws BadJwtTokenException {
        String header = httpServletRequest.getHeader(this.jwtProperties.getHeader());
        if (org.apache.commons.lang3.StringUtils.isNotBlank(header) && header.startsWith(this.jwtProperties.getTokenStartWith())) {
            return Optional.of(header.replace(this.jwtProperties.getTokenStartWith(), CommonConstant.DEFAULT_HEAD_URL));
        }
        log.debug("Illegal token: {}", header);
        return Optional.empty();
    }
}
