package com.odianyun.basics.utils;

import com.alibaba.fastjson.JSONObject;
import com.odianyun.user.client.api.EmployeeContainer;
import com.odianyun.user.client.model.dto.FunctionInfo;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/odianyun/basics/utils/OpenApiFunctionFilter.class */
public class OpenApiFunctionFilter implements Filter {
    public static final String OPEN_API_FUNCTION_CODE = "30100";

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        FunctionInfo functionInfo = EmployeeContainer.getFunctionInfo();
        if (functionInfo == null) {
            permissionDenied(servletRequest, servletResponse);
            return;
        }
        String functionCodes = functionInfo.getFunctionCodes();
        if ((functionCodes == null || (functionCodes.indexOf(",30100") <= 0 && functionCodes.indexOf("30100,") <= 0)) && functionCodes != OPEN_API_FUNCTION_CODE) {
            permissionDenied(servletRequest, servletResponse);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }

    private void permissionDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (isAjax((HttpServletRequest) servletRequest)) {
            writeAjaxAuthFail(httpServletResponse);
        } else {
            httpServletResponse.sendRedirect("/");
        }
    }

    private boolean isAjax(HttpServletRequest httpServletRequest) {
        return httpServletRequest != null && ("XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("X-Requested-With")) || (httpServletRequest.getHeader("Content-Type") != null && httpServletRequest.getHeader("Content-Type").indexOf("application/json") > -1));
    }

    static String writeAjaxAuthFail(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("text/html;charset=utf-8");
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("code", "98");
        jSONObject.put("message", "无权限进行此操作！");
        httpServletResponse.getWriter().write(jSONObject.toString());
        httpServletResponse.getWriter().close();
        return null;
    }
}
