package com.alibaba.nacos.core.auth;

import com.alibaba.nacos.common.utils.ExceptionUtil;
import com.alibaba.nacos.core.code.ControllerMethodsCache;
import com.alibaba.nacos.core.utils.Constants;
import com.alibaba.nacos.core.utils.Loggers;
import com.alibaba.nacos.core.utils.WebUtils;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URI;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/alibaba/nacos/core/auth/AuthFilter.class */
public class AuthFilter implements Filter {

    @Autowired
    private AuthConfigs authConfigs;

    @Autowired
    private AuthManager authManager;

    @Autowired
    private ControllerMethodsCache methodsCache;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!this.authConfigs.isAuthEnabled()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (StringUtils.startsWith(WebUtils.getUserAgent(httpServletRequest), Constants.NACOS_SERVER_HEADER)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            Method method = this.methodsCache.getMethod(httpServletRequest.getMethod(), new URI(httpServletRequest.getRequestURI()).getPath());
            if (method == null) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (method.isAnnotationPresent(Secured.class) && this.authConfigs.isAuthEnabled()) {
                if (Loggers.AUTH.isDebugEnabled()) {
                    Loggers.AUTH.debug("auth start, request: {} {}", httpServletRequest.getMethod(), httpServletRequest.getRequestURI());
                }
                Secured secured = (Secured) method.getAnnotation(Secured.class);
                String actionTypes = secured.action().toString();
                String resource = secured.resource();
                if (StringUtils.isBlank(resource)) {
                    resource = secured.parser().newInstance().parseName(httpServletRequest);
                }
                if (StringUtils.isBlank(resource)) {
                    throw new AccessException("resource name invalid!");
                }
                this.authManager.auth(new Permission(resource, actionTypes), this.authManager.login(httpServletRequest));
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (AccessException e) {
            if (Loggers.AUTH.isDebugEnabled()) {
                Loggers.AUTH.debug("access denied, request: {} {}, reason: {}", new Object[]{httpServletRequest.getMethod(), httpServletRequest.getRequestURI(), e.getErrMsg()});
            }
            httpServletResponse.sendError(403, e.getErrMsg());
        } catch (IllegalArgumentException e2) {
            httpServletResponse.sendError(400, ExceptionUtil.getAllExceptionMsg(e2));
        } catch (Exception e3) {
            httpServletResponse.sendError(500, "Server failed," + e3.getMessage());
        }
    }
}
