package com.bxm.gateway.zuul.filter.impl;

import com.bxm.component.jwt.bo.JwtTokenBO;
import com.bxm.component.jwt.util.JwtUtil;
import com.bxm.gateway.constant.GatewayConstant;
import com.bxm.gateway.constant.SecurityConstant;
import com.bxm.gateway.properties.SecurityProperties;
import com.bxm.gateway.utils.ApiVersionUtils;
import com.bxm.gateway.utils.RequestUtils;
import com.bxm.gateway.zuul.filter.AbstractZuulFilter;
import com.bxm.newidea.component.tools.StringUtils;
import com.bxm.newidea.component.util.WebUtils;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:com/bxm/gateway/zuul/filter/impl/AuthenticationPreFilter.class */
public class AuthenticationPreFilter extends AbstractZuulFilter {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationPreFilter.class);
    private SecurityProperties securityProperties;
    private AntPathMatcher antPathMatcher = new AntPathMatcher();

    public AuthenticationPreFilter(SecurityProperties securityProperties) {
        this.securityProperties = securityProperties;
    }

    public String filterType() {
        return "pre";
    }

    public Object run() throws ZuulException {
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        String requestURI = request.getRequestURI();
        if (!isSecurityUri(requestURI)) {
            return null;
        }
        String header = request.getHeader(SecurityConstant.ACCESS_TOKEN_KEY);
        if (!StringUtils.isNotBlank(header)) {
            log.warn("请求地址[{}]需要鉴权，但是请求参数中不存在[token],请求参数：{}", request.getRequestURI(), WebUtils.getRequestParam(request));
            return null;
        }
        JwtTokenBO parseToken = parseToken(currentContext, request, requestURI, header);
        if (parseToken.getExpirationSeconds().intValue() * 1000 < System.currentTimeMillis()) {
            logError("accessToken已过期", request);
            throw new ZuulException("非法请求", HttpStatus.UNAUTHORIZED.value(), "AccessToken已过期，请重新登录或通过RefreshToken刷新");
        }
        String bodyWithString = parseToken.getBodyWithString(GatewayConstant.USER_ID_KEY);
        if (!StringUtils.isNotBlank(bodyWithString)) {
            return null;
        }
        checkTokenUserIdConsistency(currentContext, request, bodyWithString);
        return null;
    }

    private JwtTokenBO parseToken(RequestContext requestContext, HttpServletRequest httpServletRequest, String str, String str2) throws ZuulException {
        String srcApp = getSrcApp(requestContext, httpServletRequest, str);
        String str3 = this.securityProperties.getAppTokenSecret().get(srcApp);
        if (null != str3) {
            return JwtUtil.parseToken(str2, str3);
        }
        log.error("[{}]未配置对应的签名密钥，请进行配置", srcApp);
        throw new ZuulException("非法请求", HttpStatus.BAD_REQUEST.value(), "请求来源的应用未配置对应的认证密钥");
    }

    private void checkTokenUserIdConsistency(RequestContext requestContext, HttpServletRequest httpServletRequest, String str) throws ZuulException {
        if (this.securityProperties.isCheckTokenUserIdConsistency()) {
            String requestField = RequestUtils.getRequestField(requestContext, GatewayConstant.USER_ID_KEY);
            if (!StringUtils.isNotBlank(requestField) || StringUtils.equals(requestField, str)) {
                return;
            }
            logError("token中的userId与请求中的不一致", httpServletRequest);
            throw new ZuulException("非法请求", HttpStatus.FORBIDDEN.value(), "请求的Token与参数中的UserId不一致");
        }
    }

    private boolean isSecurityUri(String str) {
        String[] split = StringUtils.split(ApiVersionUtils.replace(str), "/");
        if (split == null) {
            return false;
        }
        for (String str2 : split) {
            if (GatewayConstant.AUTH_REGULATION_KEY.equals(str2)) {
                return true;
            }
        }
        return false;
    }
}
