package xyz.migoo.framework.security.core.filter;

import cn.hutool.core.util.StrUtil;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.filter.OncePerRequestFilter;
import xyz.migoo.framework.common.exception.enums.GlobalErrorCodeConstants;
import xyz.migoo.framework.common.pojo.Result;
import xyz.migoo.framework.common.util.servlet.ServletUtils;
import xyz.migoo.framework.security.config.SecurityProperties;
import xyz.migoo.framework.security.core.LoginUser;
import xyz.migoo.framework.security.core.service.SecurityAuthFrameworkService;
import xyz.migoo.framework.security.core.util.SecurityFrameworkUtils;
import xyz.migoo.framework.web.core.handler.GlobalExceptionHandler;
import xyz.migoo.framework.web.core.util.WebFrameworkUtils;

/* loaded from: input_file:xyz/migoo/framework/security/core/filter/JWTAuthenticationTokenFilter.class */
public class JWTAuthenticationTokenFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(JWTAuthenticationTokenFilter.class);
    private final SecurityProperties securityProperties;
    private final SecurityAuthFrameworkService authService;
    private final GlobalExceptionHandler globalExceptionHandler;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String obtainAuthorization = SecurityFrameworkUtils.obtainAuthorization(httpServletRequest, this.securityProperties.getTokenHeader());
        if (StrUtil.isNotEmpty(obtainAuthorization)) {
            try {
                LoginUser verifyTokenAndRefresh = this.authService.verifyTokenAndRefresh(obtainAuthorization);
                if (verifyTokenAndRefresh != null) {
                    SecurityFrameworkUtils.setLoginUser(verifyTokenAndRefresh, httpServletRequest);
                }
            } catch (Throwable th) {
                ServletUtils.writeJSON(httpServletResponse, th instanceof AccessDeniedException ? accessDeniedExceptionHandler(httpServletRequest, (AccessDeniedException) th) : this.globalExceptionHandler.allExceptionHandler(httpServletRequest, th));
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public Result<?> accessDeniedExceptionHandler(HttpServletRequest httpServletRequest, AccessDeniedException accessDeniedException) {
        log.warn("[accessDeniedExceptionHandler][userId({}) 无法访问 url({})]", new Object[]{WebFrameworkUtils.getLoginUserId(httpServletRequest), httpServletRequest.getRequestURL(), accessDeniedException});
        return Result.getError(GlobalErrorCodeConstants.FORBIDDEN);
    }

    public JWTAuthenticationTokenFilter(SecurityProperties securityProperties, SecurityAuthFrameworkService securityAuthFrameworkService, GlobalExceptionHandler globalExceptionHandler) {
        this.securityProperties = securityProperties;
        this.authService = securityAuthFrameworkService;
        this.globalExceptionHandler = globalExceptionHandler;
    }
}
