package io.nerv.core.auth.security.filter;

import cn.hutool.core.util.StrUtil;
import cn.hutool.extra.servlet.JakartaServletUtil;
import io.nerv.core.auth.util.CacheTokenUtil;
import io.nerv.core.enums.BizCodeEnum;
import io.nerv.core.jwt.JwtUtil;
import io.nerv.core.mvc.vo.Response;
import io.nerv.core.properties.EvaConfig;
import io.nerv.core.threaduser.ThreadUser;
import io.nerv.core.threaduser.ThreadUserHelper;
import io.nerv.core.util.json.JsonUtil;
import io.nerv.core.web.util.TokenUtil;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
/* loaded from: input_file:io/nerv/core/auth/security/filter/JwtAuthFilter.class */
public class JwtAuthFilter extends OncePerRequestFilter {

    @Qualifier("jwtUserDetailsService")
    private final UserDetailsService userDetailsService;
    private final JwtUtil jwtUtil;
    private final EvaConfig evaConfig;
    private final CacheTokenUtil cacheTokenUtil;
    private final TokenUtil tokenUtil;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String str;
        boolean z = false;
        boolean z2 = false;
        boolean isPersistence = this.evaConfig.getJwt().isPersistence();
        try {
            str = this.tokenUtil.getToken(httpServletRequest);
        } catch (Exception e) {
            str = null;
            this.logger.warn(e);
        }
        if (null != JakartaServletUtil.getCookie(httpServletRequest, "access_token")) {
            str = JakartaServletUtil.getCookie(httpServletRequest, "access_token").getValue();
        }
        if (StrUtil.isNotBlank(str)) {
            String uid = this.jwtUtil.getUid(str);
            try {
                z = this.jwtUtil.valid(str);
                if (isPersistence) {
                    Object token = this.cacheTokenUtil.getToken(uid);
                    Map map = null;
                    if (null != token) {
                        map = (Map) JsonUtil.parse(String.valueOf(token), Map.class);
                    }
                    if (null == map || !str.equals(map.get("token"))) {
                        this.logger.warn("鉴权失败 缓存中无法找到对应token");
                        clearCookie(httpServletResponse);
                        BizCodeEnum.LOGIN_EXPIRED.newException(new Object[]{AuthenticationException.class});
                    } else {
                        z2 = true;
                    }
                }
                if (this.jwtUtil.isTokenExpiring(str).booleanValue()) {
                    String refreshToken = this.jwtUtil.refreshToken(str);
                    if (isPersistence) {
                        this.cacheTokenUtil.saveToken(uid, this.cacheTokenUtil.buildCacheValue(httpServletRequest, uid, refreshToken));
                    }
                    httpServletResponse.setHeader("access_token", refreshToken);
                    JakartaServletUtil.addCookie(httpServletResponse, "access_token", refreshToken, this.evaConfig.getCookie().getMaxAge(), "/", this.evaConfig.getCookie().getDomain());
                }
            } catch (AuthenticationException e2) {
                this.logger.warn("鉴权失败 Token已过期", e2);
                PrintWriter writer = httpServletResponse.getWriter();
                try {
                    httpServletResponse.setCharacterEncoding("UTF-8");
                    httpServletResponse.setContentType("application/json");
                    writer.write(JsonUtil.toJson(new Response().failure(BizCodeEnum.LOGIN_EXPIRED)));
                    writer.flush();
                    if (writer != null) {
                        writer.close();
                        return;
                    }
                    return;
                } catch (Throwable th) {
                    if (writer != null) {
                        try {
                            writer.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        } else {
            this.logger.warn("couldn't find bearer string, will ignore the header");
        }
        if (z && (z2 || !isPersistence)) {
            String uid2 = this.jwtUtil.getUid(str);
            String account = this.jwtUtil.getAccount(str);
            this.logger.info("checking authentication ：" + account);
            this.logger.info(SecurityContextHolder.getContext().getAuthentication());
            if (StrUtil.isNotBlank(account)) {
                this.logger.debug("io.nerv.security context was null, so authorizing user");
                try {
                    UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(account);
                    this.logger.info("authenticated user " + account + ", setting io.nerv.security context");
                    ThreadUserHelper.setCurrentUser(new ThreadUser().setUserId(uid2).setUserName(account).setRoles((String[]) loadUserByUsername.getAuthorities().stream().map((v0) -> {
                        return v0.getAuthority();
                    }).toArray(i -> {
                        return new String[i];
                    })));
                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(loadUserByUsername, (Object) null, loadUserByUsername.getAuthorities());
                    usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                    SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                } catch (UsernameNotFoundException e3) {
                    httpServletResponse.setCharacterEncoding("UTF-8");
                    httpServletResponse.setContentType("application/json");
                    httpServletResponse.sendError(401, "您的登录已过期, 请重新登录.");
                    return;
                }
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void clearCookie(HttpServletResponse httpServletResponse) {
        JakartaServletUtil.addCookie(httpServletResponse, "access_token", (String) null, 0, "/", this.evaConfig.getCookie().getDomain());
        JakartaServletUtil.addCookie(httpServletResponse, "refresh_token", (String) null, 0, "/", this.evaConfig.getCookie().getDomain());
        JakartaServletUtil.addCookie(httpServletResponse, "user_info", (String) null, 0, "/", this.evaConfig.getCookie().getDomain());
    }

    public JwtAuthFilter(UserDetailsService userDetailsService, JwtUtil jwtUtil, EvaConfig evaConfig, CacheTokenUtil cacheTokenUtil, TokenUtil tokenUtil) {
        this.userDetailsService = userDetailsService;
        this.jwtUtil = jwtUtil;
        this.evaConfig = evaConfig;
        this.cacheTokenUtil = cacheTokenUtil;
        this.tokenUtil = tokenUtil;
    }
}
