package com.dtyunxi.yundt.cube.api.permission;

import com.dtyunxi.app.ServiceContext;
import com.dtyunxi.rest.RestResponse;
import com.dtyunxi.yundt.cube.center.data.api.IApiPermissionQueryApi;
import com.dtyunxi.yundt.cube.center.data.dto.AppInstanceApiAuthStatusReqDto;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.HandlerMapping;

/* loaded from: input_file:com/dtyunxi/yundt/cube/api/permission/ApiPermissionInterceptor.class */
public class ApiPermissionInterceptor implements HandlerInterceptor {
    private static final Logger logger = LoggerFactory.getLogger(ApiPermissionInterceptor.class);
    private static final String RESP_RESULT = "{\"resultCode\":403,\"resultMsg\":\"not allowed\"}";
    private final String module;
    private final ApiPermissionConfig apiPermissionConfig;
    private IApiPermissionQueryApi apiPermissionQueryApi;

    public ApiPermissionInterceptor(String str, ApiPermissionConfig apiPermissionConfig, IApiPermissionQueryApi iApiPermissionQueryApi) {
        this.module = str;
        this.apiPermissionConfig = apiPermissionConfig;
        this.apiPermissionQueryApi = iApiPermissionQueryApi;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (HttpMethod.OPTIONS.name().equalsIgnoreCase(httpServletRequest.getMethod())) {
            return true;
        }
        String obj2 = httpServletRequest.getAttribute(HandlerMapping.BEST_MATCHING_PATTERN_ATTRIBUTE).toString();
        if ((CollectionUtils.isEmpty(this.apiPermissionConfig.getWhiteList()) || !this.apiPermissionConfig.getWhiteList().contains(obj2)) && !"true".equals(httpServletRequest.getHeader(ApiConstant.API_PERMISSION_HANDLE))) {
            AppInstanceApiAuthStatusReqDto appInstanceApiAuthStatusReqDto = new AppInstanceApiAuthStatusReqDto();
            appInstanceApiAuthStatusReqDto.setModuleCode(this.module);
            appInstanceApiAuthStatusReqDto.setPath(obj2);
            appInstanceApiAuthStatusReqDto.setMethod(httpServletRequest.getMethod());
            RestResponse<Boolean> queryInstanceApiAuthStatus = this.apiPermissionQueryApi.queryInstanceApiAuthStatus(appInstanceApiAuthStatusReqDto);
            if ("0".equals(queryInstanceApiAuthStatus.getResultCode()) && !((Boolean) queryInstanceApiAuthStatus.getData()).booleanValue()) {
                logger.info("moduleCode:{},path:{},method:{} no api access!", new Object[]{this.module, obj2, httpServletRequest.getMethod()});
                httpServletResponse.setStatus(403);
                PrintWriter writer = httpServletResponse.getWriter();
                writer.append((CharSequence) RESP_RESULT);
                writer.close();
                return false;
            }
            logger.info("moduleCode:{},path:{},method:{} have api access!", new Object[]{this.module, obj2, httpServletRequest.getMethod()});
        }
        ServiceContext.getContext().setAttachment(ApiConstant.API_PERMISSION_HANDLE, "true");
        logger.info("set param:{}, value:true in ServiceContext", ApiConstant.API_PERMISSION_HANDLE);
        return true;
    }
}
