package com.jzt.edp.davinci.service.share.aspect;

import com.alibaba.druid.util.StringUtils;
import com.jzt.edp.core.annotation.AuthShare;
import com.jzt.edp.core.exception.ForbiddenException;
import com.jzt.edp.core.exception.NotFoundException;
import com.jzt.edp.core.exception.ServerException;
import com.jzt.edp.core.exception.UnAuthorizedException;
import com.jzt.edp.core.utils.CollectionUtils;
import com.jzt.edp.davinci.core.common.ErrorMsg;
import com.jzt.edp.davinci.core.common.ResultMap;
import com.jzt.edp.davinci.dao.DashboardMapper;
import com.jzt.edp.davinci.dao.DashboardPortalMapper;
import com.jzt.edp.davinci.dao.DisplayMapper;
import com.jzt.edp.davinci.dao.RelRoleUserMapper;
import com.jzt.edp.davinci.dao.UserMapper;
import com.jzt.edp.davinci.dao.ViewMapper;
import com.jzt.edp.davinci.dao.WidgetMapper;
import com.jzt.edp.davinci.dto.shareDto.ShareInfo;
import com.jzt.edp.davinci.model.Dashboard;
import com.jzt.edp.davinci.model.Display;
import com.jzt.edp.davinci.model.User;
import com.jzt.edp.davinci.model.View;
import com.jzt.edp.davinci.model.Widget;
import com.jzt.edp.davinci.service.ProjectService;
import com.jzt.edp.davinci.service.ShareService;
import com.jzt.edp.davinci.service.share.ShareDataPermission;
import com.jzt.edp.davinci.service.share.ShareFactor;
import com.jzt.edp.davinci.service.share.ShareMode;
import com.jzt.edp.davinci.service.share.ShareOperation;
import com.jzt.edp.davinci.service.share.ShareType;
import java.util.HashSet;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

@Aspect
@Component
/* loaded from: input_file:BOOT-INF/classes/com/jzt/edp/davinci/service/share/aspect/ShareAuthAspect.class */
public class ShareAuthAspect {

    @Autowired
    private String TOKEN_SECRET;

    @Autowired
    private ShareService shareService;

    @Autowired
    private UserMapper userMapper;

    @Autowired
    private RelRoleUserMapper relRoleUserMapper;

    @Autowired
    private ViewMapper viewMapper;

    @Autowired
    private WidgetMapper widgetMapper;

    @Autowired
    private DashboardMapper dashboardMapper;

    @Autowired
    private DashboardPortalMapper dashboardPortalMapper;

    @Autowired
    private DisplayMapper displayMapper;

    @Autowired
    private ProjectService projectService;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ShareAuthAspect.class);
    public static final ThreadLocal<ShareFactor> SHARE_FACTOR_THREAD_LOCAL = new ThreadLocal<>();

    @Pointcut("@annotation(com.jzt.edp.core.annotation.AuthShare)")
    public void shareAuth() {
    }

    @Around("shareAuth()")
    @Transactional
    public ResponseEntity doAround(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        AuthShare authShare = (AuthShare) ((MethodSignature) proceedingJoinPoint.getSignature()).getMethod().getAnnotation(AuthShare.class);
        ShareType type = authShare.type();
        ShareOperation operation = authShare.operation();
        Object[] args = proceedingJoinPoint.getArgs();
        String str = (String) args[0];
        if (StringUtils.isEmpty(str)) {
            ResultMap message = new ResultMap().fail().message(ErrorMsg.ERR_INVALID_TOKEN);
            return ResponseEntity.status(message.getCode()).body(message);
        }
        User user = null;
        for (Object obj : args) {
            if (obj instanceof User) {
                user = (User) obj;
                if (user.getId() == null || user.getId().longValue() < 1) {
                    user = null;
                }
            }
        }
        ShareFactor parseShareFactor = ShareFactor.parseShareFactor(str, this.TOKEN_SECRET);
        if (parseShareFactor.getType() == null) {
            parseShareFactor.setType(type);
        }
        verifyShareType(type, parseShareFactor);
        verifyExpire(parseShareFactor);
        try {
            adaptShareInfo(str, parseShareFactor, user);
            convertShareType(type, operation, parseShareFactor, args);
            if (type != ShareType.LOGIN) {
                verifyToken(operation, parseShareFactor, user, args);
                verifyPermission(operation, type, parseShareFactor, user);
            }
            SHARE_FACTOR_THREAD_LOCAL.set(parseShareFactor);
            ResponseEntity responseEntity = (ResponseEntity) proceedingJoinPoint.proceed(args);
            SHARE_FACTOR_THREAD_LOCAL.remove();
            return responseEntity;
        } catch (Throwable th) {
            SHARE_FACTOR_THREAD_LOCAL.remove();
            throw th;
        }
    }

    private void convertShareType(ShareType shareType, ShareOperation shareOperation, ShareFactor shareFactor, Object[] objArr) {
        if (ShareOperation.DOWNLOAD == shareOperation) {
            return;
        }
        if (ShareOperation.LOAD_DATA == shareOperation && shareType == ShareType.DATA) {
            shareFactor.setType(ShareType.WIDGET);
        } else if (ShareOperation.LOAD_DISTINCT_DATA == shareOperation && shareType == ShareType.DATA) {
            shareFactor.setType(ShareType.VIEW);
        }
    }

    private void verifyShareType(ShareType shareType, ShareFactor shareFactor) {
        switch (shareType) {
            case WIDGET:
            case DASHBOARD:
            case DISPLAY:
                if (!shareType.equals(shareFactor.getType())) {
                    throw new UnAuthorizedException("Invalid share type");
                }
                return;
            default:
                return;
        }
    }

    private void verifyExpire(ShareFactor shareFactor) {
        if (shareFactor.getMode() != ShareMode.COMPATIBLE && shareFactor.getExpired() != null && System.currentTimeMillis() > shareFactor.getExpired().getTime()) {
            throw new UnAuthorizedException("Share token expired");
        }
    }

    private void verifyToken(ShareOperation shareOperation, ShareFactor shareFactor, User user, Object[] objArr) throws ForbiddenException, UnAuthorizedException {
        switch (shareFactor.getMode()) {
            case PASSWORD:
                String str = (String) objArr[1];
                if (StringUtils.isEmpty(str)) {
                    throw new UnAuthorizedException(shareOperation == ShareOperation.LOAD_DATA ? ErrorMsg.ERR_LOAD_DATA_TOKEN : ErrorMsg.ERR_EMPTY_SHARE_PASSWORD);
                }
                if (str.equals(shareFactor.getPassword())) {
                    return;
                } else {
                    throw new ForbiddenException(shareOperation == ShareOperation.LOAD_DATA ? ErrorMsg.ERR_LOAD_DATA_TOKEN : ErrorMsg.ERR_INVALID_SHARE_PASSWORD);
                }
            case AUTH:
                if (user == null) {
                    throw new UnAuthorizedException(ErrorMsg.ERR_MSG_AUTHENTICATION);
                }
                if (!shareFactor.getViewers().contains(user.getId()) && CollectionUtils.isEmpty(this.relRoleUserMapper.selectByUserAndRoles(user.getId(), shareFactor.getRoles()))) {
                    throw new ForbiddenException(ErrorMsg.ERR_MSG_PERMISSION);
                }
                return;
            default:
                return;
        }
    }

    @Transactional
    protected void verifyPermission(ShareOperation shareOperation, ShareType shareType, ShareFactor shareFactor, User user) throws NotFoundException, ServerException, ForbiddenException, UnAuthorizedException {
        User byId = this.userMapper.getById(shareFactor.getSharerId());
        if (byId == null) {
            throw new ForbiddenException(ErrorMsg.ERR_INVALID_SHARER);
        }
        User user2 = shareFactor.getPermission() == ShareDataPermission.SHARER ? byId : user;
        shareFactor.setUser(user2);
        switch (shareOperation) {
            case READ:
            case PERMISSION:
                parseEntityAndProject(shareFactor, user2);
                return;
            case LOAD_DATA:
            case LOAD_DISTINCT_DATA:
                if (shareFactor.getType() == ShareType.VIEW) {
                    shareFactor.setShareEntity(this.viewMapper.getById(shareFactor.getEntityId()));
                    return;
                } else {
                    if (shareFactor.getType() != ShareType.WIDGET) {
                        throw new ForbiddenException(ErrorMsg.ERR_LOAD_DATA_TOKEN);
                    }
                    shareFactor.setShareEntity(this.widgetMapper.getById(shareFactor.getEntityId()));
                    return;
                }
            default:
                if (shareType != ShareType.DATA) {
                    parseEntityAndProject(shareFactor, user2);
                    return;
                }
                return;
        }
    }

    private void parseEntityAndProject(ShareFactor shareFactor, User user) {
        switch (shareFactor.getType()) {
            case WIDGET:
            case RECORD:
            case FILE:
                Widget byId = this.widgetMapper.getById(shareFactor.getEntityId());
                shareFactor.setProjectDetail(this.projectService.getProjectDetail(byId.getProjectId(), user, false));
                shareFactor.setShareEntity(byId);
                return;
            case DASHBOARD:
                Dashboard byId2 = this.dashboardMapper.getById(shareFactor.getEntityId());
                shareFactor.setProjectDetail(this.projectService.getProjectDetail(this.dashboardPortalMapper.getById(byId2.getDashboardPortalId()).getProjectId(), user, false));
                shareFactor.setShareEntity(byId2);
                return;
            case DISPLAY:
                Display byId3 = this.displayMapper.getById(shareFactor.getEntityId());
                shareFactor.setProjectDetail(this.projectService.getProjectDetail(byId3.getProjectId(), user, false));
                shareFactor.setShareEntity(byId3);
                return;
            case VIEW:
                View byId4 = this.viewMapper.getById(shareFactor.getEntityId());
                shareFactor.setProjectDetail(this.projectService.getProjectDetail(byId4.getProjectId(), user, false));
                shareFactor.setShareEntity(byId4);
                return;
            default:
                return;
        }
    }

    @Transactional
    public void adaptShareInfo(String str, ShareFactor shareFactor, User user) {
        if (shareFactor.getMode() != ShareMode.COMPATIBLE) {
            return;
        }
        ShareInfo shareInfo = this.shareService.getShareInfo(str, user);
        this.shareService.verifyShareUser(user, shareInfo);
        shareFactor.setSharerId(shareInfo.getShareUser().getId());
        shareFactor.setEntityId(shareInfo.getShareId());
        shareFactor.setPermission(ShareDataPermission.SHARER);
        shareFactor.setMode(ShareMode.NORMAL);
        shareFactor.setType(ShareType.DASHBOARD);
        if (StringUtils.isEmpty(shareInfo.getSharedUserName())) {
            return;
        }
        shareFactor.setMode(ShareMode.AUTH);
        final Long idByName = this.userMapper.getIdByName(shareInfo.getSharedUserName());
        shareFactor.setViewers(new HashSet<Long>(1) { // from class: com.jzt.edp.davinci.service.share.aspect.ShareAuthAspect.1
            {
                add(idByName);
            }
        });
    }
}
