package com.jzt.jk.gateway.auth.filter;

import com.jzt.jk.gateway.auth.config.AuthGatewayConfig;
import com.jzt.jk.gateway.auth.config.JwtConfig;
import com.jzt.jk.gateway.auth.exception.AuthExceptionHandler;
import com.jzt.jk.gateway.auth.exception.AuthenticationException;
import com.jzt.jk.gateway.auth.exception.ParserJwtTokenException;
import com.jzt.jk.gateway.auth.token.JwtTokenLifeCycle;
import com.jzt.jk.gateway.auth.utils.EncodeDecodeUtils;
import com.jzt.jk.gateway.auth.utils.ExchangeUtils;
import com.jzt.jk.gateway.auth.utils.JacksonMapper;
import com.jzt.jk.gateway.auth.utils.JwtTokenUtils;
import com.jzt.jk.gateway.auth.utils.PathFilterUtils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpCookie;
import org.springframework.http.ResponseCookie;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.util.CollectionUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/jzt/jk/gateway/auth/filter/JwtAuthTokenFilter.class */
public class JwtAuthTokenFilter implements GlobalFilter, Ordered {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthTokenFilter.class);
    private final AuthGatewayConfig authGatewayConfig;
    private final AuthExceptionHandler authExceptionHandler;
    private final JwtTokenLifeCycle jwtTokenLifeCycle;

    public JwtAuthTokenFilter(AuthGatewayConfig authGatewayConfig, AuthExceptionHandler authExceptionHandler, JwtTokenLifeCycle jwtTokenLifeCycle) {
        this.authGatewayConfig = authGatewayConfig;
        this.authExceptionHandler = authExceptionHandler;
        this.jwtTokenLifeCycle = jwtTokenLifeCycle;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, GatewayFilterChain gatewayFilterChain) {
        boolean z;
        ServerWebExchange modifyRequestHeaders = ExchangeUtils.modifyRequestHeaders(serverWebExchange, serverWebExchange.getRequest());
        ServerHttpRequest request = modifyRequestHeaders.getRequest();
        ServerHttpResponse response = modifyRequestHeaders.getResponse();
        String path = PathFilterUtils.getPath(request);
        JwtConfig jwtConfig = this.authGatewayConfig.getJwtConfig();
        if (!PathFilterUtils.needAuth(path, this.authGatewayConfig)) {
            log.debug("当前请求不需要登录认证 | path -> {}", path);
            return gatewayFilterChain.filter(modifyRequestHeaders);
        }
        List list = request.getHeaders().get("jk-app-id");
        if (!CollectionUtils.isEmpty(list) && list.contains("171")) {
            return this.authExceptionHandler.handler(modifyRequestHeaders, gatewayFilterChain, new AuthenticationException("请求Token不存在"));
        }
        HttpCookie httpCookie = (HttpCookie) request.getCookies().getFirst("ut");
        if (httpCookie == null || !StringUtils.isNotBlank(httpCookie.getValue())) {
            List list2 = request.getHeaders().get("ut");
            log.debug("请求头中包含ut则标记,用于后续判断 | path -> {}", path);
            z = null != list2 && list2.size() > 0 && StringUtils.isNotBlank((CharSequence) list2.get(0));
        } else {
            log.debug("请求中包含ut则标记,用于后续判断 | path -> {}", path);
            z = true;
        }
        String str = null;
        String str2 = null;
        if (jwtConfig.isUseCookie()) {
            HttpCookie httpCookie2 = (HttpCookie) request.getCookies().getFirst(jwtConfig.getJwtTokenName());
            if (httpCookie2 != null) {
                str = httpCookie2.getValue();
            }
        } else {
            str = request.getHeaders().getFirst(jwtConfig.getJwtTokenName());
        }
        if (StringUtils.isBlank(str) && !z) {
            log.debug("Token & Ut 都不存在 | path -> {}", path);
            return this.authExceptionHandler.handler(modifyRequestHeaders, gatewayFilterChain, new AuthenticationException("请求Token不存在"));
        }
        if (StringUtils.isBlank(str) && z) {
            return gatewayFilterChain.filter(modifyRequestHeaders);
        }
        Claims claims = null;
        Exception exc = null;
        try {
            claims = JwtTokenUtils.parserJwtToken(jwtConfig, str);
        } catch (ParserJwtTokenException e) {
            exc = e;
            log.debug("Token校验不通过 | msg -> {} | path -> {}", e.getMessage(), path);
            String str3 = null;
            if (jwtConfig.isUseCookie()) {
                HttpCookie httpCookie3 = (HttpCookie) request.getCookies().getFirst(jwtConfig.getRefreshTokenName());
                if (httpCookie3 != null) {
                    str3 = httpCookie3.getValue();
                }
            } else {
                str3 = request.getHeaders().getFirst(jwtConfig.getRefreshTokenName());
            }
            if (jwtConfig.isEnableRefreshToken() && e.getCause() != null && (e.getCause() instanceof ExpiredJwtException) && StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str3)) {
                try {
                    Claims readClaims = JwtTokenUtils.readClaims(str);
                    if (Objects.equals(readClaims.getId(), JwtTokenUtils.parserJwtToken(jwtConfig, str3).get("ref_id", String.class))) {
                        this.jwtTokenLifeCycle.validateToken(str, readClaims);
                        str2 = JwtTokenUtils.delayJwtToken(jwtConfig, str);
                        String createRefreshToken = JwtTokenUtils.createRefreshToken(jwtConfig, str2);
                        this.jwtTokenLifeCycle.tokenRefreshed(str, str2, readClaims);
                        if (jwtConfig.isUseCookie()) {
                            response.getCookies().set(jwtConfig.getJwtTokenName(), ResponseCookie.from(jwtConfig.getJwtTokenName(), str2).build());
                            response.getCookies().set(jwtConfig.getRefreshTokenName(), ResponseCookie.from(jwtConfig.getRefreshTokenName(), createRefreshToken).build());
                        } else {
                            response.getHeaders().set(jwtConfig.getJwtTokenName(), str2);
                            response.getHeaders().set(jwtConfig.getRefreshTokenName(), createRefreshToken);
                        }
                        claims = readClaims;
                    }
                } catch (Exception e2) {
                    exc = e2;
                    log.debug("RefreshToken校验不通过 | msg -> {} | path -> {}", e.getMessage(), path);
                }
            }
        }
        if (claims != null && str2 == null) {
            try {
                this.jwtTokenLifeCycle.validateToken(str, claims);
            } catch (Exception e3) {
                exc = e3;
                claims = null;
            }
        }
        if (claims != null) {
            try {
                Map map = (Map) claims.get("business", Map.class);
                request.getHeaders().set("business-token-info", EncodeDecodeUtils.encodeBase64(JacksonMapper.getInstance().toJson(map).getBytes(StandardCharsets.UTF_8)));
                Map map2 = (Map) claims.get("middle_platform", Map.class);
                request.getHeaders().set("middle-token-info", EncodeDecodeUtils.encodeBase64(JacksonMapper.getInstance().toJson(map2).getBytes(StandardCharsets.UTF_8)));
                modifyRequestHeaders.getAttributes().put("ServerWebExchange.JWT_CLAIMS_ATTR", claims);
                modifyRequestHeaders.getAttributes().put("ServerWebExchange.BUSINESS_EXT_PARAMS_ATTR", map);
                modifyRequestHeaders.getAttributes().put("ServerWebExchange.MIDDLE_PLATFORM_EXT_PARAMS_ATTR", map2);
            } catch (Exception e4) {
                log.error("RefreshToken透传Header失败 | path -> {}", path, e4);
                return this.authExceptionHandler.handler(modifyRequestHeaders, gatewayFilterChain, e4);
            }
        } else {
            request.getHeaders().remove("middle-token-info");
            request.getHeaders().remove("business-token-info");
            request.getHeaders().remove(jwtConfig.getJwtTokenName());
            request.getHeaders().remove(jwtConfig.getRefreshTokenName());
            request.getCookies().remove(jwtConfig.getJwtTokenName());
            request.getCookies().remove(jwtConfig.getRefreshTokenName());
            if (!PathFilterUtils.ignoreAuth(path, this.authGatewayConfig)) {
                return this.authExceptionHandler.handler(modifyRequestHeaders, gatewayFilterChain, exc);
            }
        }
        return gatewayFilterChain.filter(modifyRequestHeaders);
    }

    public int getOrder() {
        return Integer.MIN_VALUE;
    }
}
