package com.odianyun.user.client.filter;

import com.alibaba.nacos.api.common.Constants;
import com.odianyun.architecture.caddy.SystemContext;
import com.odianyun.user.client.api.EmployeeContainer;
import com.odianyun.user.client.api.OpenApiContainer;
import com.odianyun.user.client.model.dto.AuthorizationDTO;
import com.odianyun.user.client.util.OpenApiRequestWrapper;
import com.odianyun.user.client.util.OpenAuthUtils;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/lib/ouser-filter-core-jar-prod2.10.0-20210318.041130-2.jar:com/odianyun/user/client/filter/OpenApiFilter.class */
public class OpenApiFilter extends AbstractFilter {
    private static final String MATCHES_HEADER_NAME = "OPEN-API";
    private static final String MATCHES_HEADER_VALUE = "ACCESS_TOKEN";

    @Override // com.odianyun.user.client.filter.AbstractFilter
    protected List<String> privatePattern() {
        return Collections.emptyList();
    }

    @Override // com.odianyun.user.client.filter.AbstractFilter
    protected void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = httpServletRequest.getHeader(MATCHES_HEADER_NAME);
        if (header != null) {
            httpServletResponse.addHeader(MATCHES_HEADER_NAME, header);
        }
        if (!MATCHES_HEADER_VALUE.equalsIgnoreCase(header)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (EmployeeContainer.getOpenApiUrlPermissions().contains(httpServletRequest.getRequestURI())) {
            doFilterAuthorization(httpServletRequest, httpServletResponse, filterChain);
        } else {
            doFailFilter("98", "无接口访问权限！", httpServletResponse);
        }
    }

    private void doFilterAuthorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        HashMap hashMap = new HashMap();
        OpenApiRequestWrapper openApiRequestWrapper = new OpenApiRequestWrapper(httpServletRequest);
        String body = openApiRequestWrapper.getBody();
        openApiRequestWrapper.getParameterMap().forEach((str, strArr) -> {
            hashMap.put(str, (strArr == null || strArr.length != 1) ? strArr : strArr[0]);
        });
        AuthorizationDTO checkAuthorization = checkAuthorization(httpServletResponse, hashMap, body);
        if (checkAuthorization != null) {
            SystemContext.put(OpenApiContainer.OPEN_API_ACCESS_TOKEN, checkAuthorization.getAccessToken());
            filterChain.doFilter(openApiRequestWrapper, httpServletResponse);
        }
    }

    private AuthorizationDTO checkAuthorization(HttpServletResponse httpServletResponse, Map<String, Object> map, String str) throws IOException {
        String str2 = (String) map.get("appKey");
        String str3 = (String) map.get(Constants.ACCESS_TOKEN);
        if (str2 == null) {
            doFailFilter("98", "appKey 不存在", httpServletResponse);
            return null;
        }
        if (str3 == null) {
            doFailFilter("98", "accessToken 不存在", httpServletResponse);
            return null;
        }
        AuthorizationDTO queryAuthorization = OpenApiContainer.queryAuthorization(str3);
        if (queryAuthorization == null) {
            doFailFilter("97", "accessToken 未授权", httpServletResponse);
            return null;
        }
        if (!str2.equals(queryAuthorization.getAppKey())) {
            doFailFilter("97", "accessToken 授权对象非当前 appKey", httpServletResponse);
            return null;
        }
        if (queryAuthorization.getTokenExpireTime().getTime() < System.currentTimeMillis()) {
            doFailFilter("95", "accessToken 已过期", httpServletResponse);
            return null;
        }
        if (OpenAuthUtils.verifySign(map, str, queryAuthorization.getAppSecret())) {
            return queryAuthorization;
        }
        doFailFilter("94", "验签失败", httpServletResponse);
        return null;
    }
}
