package com.dtyunxi.yundt.cube.center.user.biz.interceptor;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.dtyunxi.app.ServiceContext;
import com.dtyunxi.cube.utils.TokenUtil;
import com.dtyunxi.yundt.cube.center.user.api.query.IAccessQueryApi;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.PrintWriter;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/dtyunxi/yundt/cube/center/user/biz/interceptor/UserAuthInterceptor.class */
public class UserAuthInterceptor extends HandlerInterceptorAdapter {
    private static final String resp_Result = "{\"resultCode\":403,\"resultMsg\":\"not allowed\"}";

    @Autowired
    private IAccessQueryApi accessApi;
    private static final Logger logger = LoggerFactory.getLogger(UserAuthInterceptor.class);
    private static final ObjectMapper om = new ObjectMapper();

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String replace = httpServletRequest.getRequestURI().replace(httpServletRequest.getContextPath(), "");
        String header = httpServletRequest.getHeader("Access-Token");
        String header2 = httpServletRequest.getHeader("Application-Key");
        Long l = null;
        Long l2 = null;
        String parameter = httpServletRequest.getParameter("example");
        String parameter2 = httpServletRequest.getParameter("filter");
        if (StringUtils.isNotBlank(parameter2)) {
            JSONObject parseObject = JSON.parseObject(parameter2);
            l = parseObject.getLong("instanceId");
            l2 = parseObject.getLong("tenantId");
        }
        HashMap hashMap = new HashMap();
        Long l3 = (Long) TokenUtil.parse(header).get("userId");
        hashMap.put("routePath", replace);
        ServiceContext.getContext().set("tenantId", l2);
        ServiceContext.getContext().set("instanceId", l);
        if (((Integer) this.accessApi.queryPermissions(l, l3, parameter, om.writeValueAsString(hashMap)).getData()).intValue() > 0) {
            logger.debug("该url：{} ，授权通过 ，应用ID:{}，用户ID:{} ", new Object[]{replace, header2, l3});
            return true;
        }
        logger.info("非法访问，用户ID：{},应用ID:{},url:{}", new Object[]{l3, header2, replace});
        httpServletResponse.setStatus(403);
        PrintWriter writer = httpServletResponse.getWriter();
        writer.append((CharSequence) resp_Result);
        writer.close();
        return false;
    }
}
