package com.jeesuite.gateway.security;

import com.jeesuite.common.CurrentRuntimeContext;
import com.jeesuite.common.ThreadLocalContext;
import com.jeesuite.common.model.ApiInfo;
import com.jeesuite.common.util.TokenGenerator;
import com.jeesuite.gateway.CurrentSystemHolder;
import com.jeesuite.gateway.GatewayConfigs;
import com.jeesuite.gateway.GatewayConstants;
import com.jeesuite.gateway.helper.RuequestHelper;
import com.jeesuite.gateway.model.BizSystemModule;
import com.jeesuite.gateway.model.BizSystemPortal;
import com.jeesuite.logging.integrate.ActionLogCollector;
import com.jeesuite.security.ReactiveCustomAuthnHandler;
import com.jeesuite.security.model.UserSession;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.web.server.ServerWebExchange;

/* loaded from: input_file:com/jeesuite/gateway/security/GatewayReactiveCustomAuthnHandler.class */
public class GatewayReactiveCustomAuthnHandler implements ReactiveCustomAuthnHandler {
    public void beforeAuthentication(ServerWebExchange serverWebExchange) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        BizSystemPortal systemPortal = CurrentSystemHolder.getSystemPortal(RuequestHelper.getOriginDomain(request));
        if (systemPortal != null) {
            CurrentRuntimeContext.setTenantId(systemPortal.getTenantId());
            CurrentRuntimeContext.setClientType(systemPortal.getClientType());
            CurrentRuntimeContext.setPlatformType(systemPortal.getCode());
        }
        serverWebExchange.getAttributes().put(GatewayConstants.CONTEXT_ROUTE_SERVICE, CurrentSystemHolder.getModule(RuequestHelper.getCurrentRouteName(request)));
    }

    public boolean customAuthentication(ServerWebExchange serverWebExchange) {
        BizSystemModule bizSystemModule = (BizSystemModule) serverWebExchange.getAttribute(GatewayConstants.CONTEXT_ROUTE_SERVICE);
        ServerHttpRequest request = serverWebExchange.getRequest();
        if (bizSystemModule.getAnonUriMatcher() != null && bizSystemModule.getAnonUriMatcher().match(request.getPath().value())) {
            return true;
        }
        boolean containsKey = request.getHeaders().containsKey(GatewayConstants.X_SIGN_HEADER);
        if (!containsKey) {
            containsKey = isIpWhilelistAccess(request);
        }
        if (!containsKey) {
            containsKey = isInternalTrustedAccess(request);
        }
        if (!containsKey) {
            containsKey = isCrossClusterTrustedAccess(request);
        }
        return containsKey;
    }

    public void afterAuthentication(ServerWebExchange serverWebExchange, UserSession userSession) {
        if (GatewayConfigs.actionLogEnabled) {
            ServerHttpRequest request = serverWebExchange.getRequest();
            ApiInfo apiInfo = CurrentSystemHolder.getModule(RuequestHelper.getCurrentRouteName(request)).getApiInfo(request.getPath().value());
            boolean isActionLog = apiInfo != null ? apiInfo.isActionLog() : true;
            if (isActionLog) {
                isActionLog = (GatewayConfigs.actionLogGetMethodIngore && request.getMethod().equals(HttpMethod.GET)) ? false : true;
            }
            if (isActionLog) {
                serverWebExchange.getAttributes().put("ctx_cur_log", ActionLogCollector.onRequestStart(request.getMethodValue(), request.getPath().value(), RuequestHelper.getIpAddr(request)).apiMeta(apiInfo));
            }
        }
    }

    private boolean isIpWhilelistAccess(ServerHttpRequest serverHttpRequest) {
        if (GatewayConfigs.anonymousIpWhilelist.isEmpty()) {
            return false;
        }
        return GatewayConfigs.anonymousIpWhilelist.contains(RuequestHelper.getIpAddr(serverHttpRequest));
    }

    private boolean isInternalTrustedAccess(ServerHttpRequest serverHttpRequest) {
        String first = serverHttpRequest.getHeaders().getFirst("x-ignore-auth");
        String first2 = serverHttpRequest.getHeaders().getFirst("x-internal-request");
        if (!Boolean.parseBoolean(first) || !Boolean.parseBoolean(first2) || !validateInvokeToken(serverHttpRequest)) {
            return false;
        }
        ThreadLocalContext.set(GatewayConstants.CONTEXT_TRUSTED_REQUEST, Boolean.TRUE);
        return true;
    }

    private boolean isCrossClusterTrustedAccess(ServerHttpRequest serverHttpRequest) {
        boolean z = false;
        try {
            if (StringUtils.isNotBlank(serverHttpRequest.getHeaders().getFirst("x-cluster-id")) && validateInvokeToken(serverHttpRequest)) {
                ThreadLocalContext.set(GatewayConstants.CONTEXT_TRUSTED_REQUEST, Boolean.TRUE);
                z = true;
            }
        } catch (Exception e) {
        }
        return z;
    }

    private boolean validateInvokeToken(ServerHttpRequest serverHttpRequest) {
        String first = serverHttpRequest.getHeaders().getFirst("x-invoke-token");
        if (StringUtils.isBlank(first)) {
            return false;
        }
        try {
            TokenGenerator.validate(first, true);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
