package tech.corefinance.common.service;

import jakarta.annotation.PostConstruct;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.data.util.Pair;
import org.springframework.scheduling.annotation.Async;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import tech.corefinance.common.annotation.ControllerManagedResource;
import tech.corefinance.common.annotation.ManualPermissionCheck;
import tech.corefinance.common.annotation.PermissionAction;
import tech.corefinance.common.config.ServiceSecurityConfig;
import tech.corefinance.common.dto.PermissionDto;
import tech.corefinance.common.entity_author.Permission;
import tech.corefinance.common.enums.AccessControl;
import tech.corefinance.common.ex.ReflectiveIncorrectFieldException;
import tech.corefinance.common.model.ResourceAction;
import tech.corefinance.common.repository.ResourceActionRepository;
import tech.corefinance.common.util.CoreFinanceUtil;

@ConditionalOnProperty(prefix = "tech.corefinance.security", name = {"scan-controllers-actions"}, havingValue = "true", matchIfMissing = true)
@Component
/* loaded from: input_file:tech/corefinance/common/service/ControllerScanner.class */
public class ControllerScanner {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ControllerScanner.class);

    @Autowired
    private ResourceActionRepository resourceActionRepository;

    @Autowired
    private ServiceSecurityConfig serviceSecurityConfig;

    @Autowired
    private PermissionService permissionService;

    @Autowired
    private List<RequestMappingHandlerMapping> handlerMappings;

    @Autowired
    private CoreFinanceUtil coreFinanceUtil;

    @Async
    @PostConstruct
    public void scan() {
        Iterator<RequestMappingHandlerMapping> it = this.handlerMappings.iterator();
        while (it.hasNext()) {
            scanHandler(it.next());
        }
    }

    private void scanHandler(RequestMappingHandlerMapping requestMappingHandlerMapping) {
        for (Map.Entry entry : requestMappingHandlerMapping.getHandlerMethods().entrySet()) {
            RequestMappingInfo requestMappingInfo = (RequestMappingInfo) entry.getKey();
            HandlerMethod handlerMethod = (HandlerMethod) entry.getValue();
            Set<Pair<String, String>> buildUrlPair = this.coreFinanceUtil.buildUrlPair(requestMappingInfo.getPatternValues());
            Method method = handlerMethod.getMethod();
            Class<?> declaringClass = method.getDeclaringClass();
            Class beanType = handlerMethod.getBeanType();
            String name = beanType.getName();
            log.debug("{}#{} ==> {}", new Object[]{name, method.getName(), buildUrlPair});
            Iterator<String> it = this.serviceSecurityConfig.getIgnoreControllerScan().iterator();
            while (true) {
                if (it.hasNext()) {
                    String next = it.next();
                    log.debug("Checking if controller full package contain [{}] or not...", next);
                    if (name.contains(next)) {
                        log.debug("Skipped permission scan for {}", declaringClass);
                        break;
                    }
                } else {
                    log.debug("URLs {}", buildUrlPair);
                    Iterator<Pair<String, String>> it2 = buildUrlPair.iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            Pair<String, String> next2 = it2.next();
                            log.debug("Validating URL [{}]", next2);
                            for (String str : this.serviceSecurityConfig.getNoAuthenUrls()) {
                                boolean matches = Pattern.compile(str.replace("*", ".*")).matcher((CharSequence) next2.getSecond()).matches();
                                log.debug("Checking result with pattern [{}] is [{}]", str, Boolean.valueOf(matches));
                                if (matches) {
                                    break;
                                }
                            }
                        } else {
                            ControllerManagedResource controllerManagedResource = (ControllerManagedResource) beanType.getAnnotation(ControllerManagedResource.class);
                            PermissionAction permissionAction = (PermissionAction) method.getAnnotation(PermissionAction.class);
                            ManualPermissionCheck manualPermissionCheck = (ManualPermissionCheck) method.getAnnotation(ManualPermissionCheck.class);
                            if (permissionAction == null && controllerManagedResource == null) {
                                log.error("{}={} have no annotation PermissionAction!", declaringClass.getName(), method.getName());
                                throw new ReflectiveIncorrectFieldException("no_permission_defined");
                            }
                            String resolveResourceType = this.coreFinanceUtil.resolveResourceType(permissionAction, controllerManagedResource);
                            String resolveResourceAction = this.coreFinanceUtil.resolveResourceAction(permissionAction, requestMappingInfo);
                            Iterable<RequestMethod> methods = requestMappingInfo.getMethodsCondition().getMethods();
                            buildListActions(resolveResourceType, resolveResourceAction, buildUrlPair, methods);
                            if (manualPermissionCheck != null) {
                                saveManualCheckPermissions(resolveResourceType, resolveResourceAction, buildUrlPair, methods);
                            }
                        }
                    }
                }
            }
        }
    }

    private List<ResourceAction> buildListActions(String str, String str2, Iterable<Pair<String, String>> iterable, Iterable<RequestMethod> iterable2) {
        LinkedList linkedList = new LinkedList();
        for (Pair<String, String> pair : iterable) {
            for (RequestMethod requestMethod : iterable2) {
                log.debug("Checking URL [{}] with method [{}]", pair, requestMethod);
                ResourceAction newResourceAction = this.permissionService.newResourceAction(str, str2, (String) pair.getSecond(), requestMethod);
                if (this.resourceActionRepository.existsByActionAndRequestMethodAndResourceTypeAndUrl(str2, requestMethod, str, (String) pair.getSecond())) {
                    log.debug("Skip existed action [{}]", newResourceAction);
                } else {
                    log.debug("Saving action [{}]", newResourceAction);
                    linkedList.add((ResourceAction) this.resourceActionRepository.save(newResourceAction));
                }
            }
        }
        return linkedList;
    }

    private void saveManualCheckPermissions(String str, String str2, Iterable<Pair<String, String>> iterable, Iterable<RequestMethod> iterable2) {
        for (Pair<String, String> pair : iterable) {
            for (RequestMethod requestMethod : iterable2) {
                PermissionDto permissionDto = new PermissionDto();
                permissionDto.setControl(AccessControl.MANUAL_CHECK);
                permissionDto.setUrl((String) pair.getSecond());
                permissionDto.setRoleId(Permission.ANY_ROLE_APPLIED_VALUE);
                permissionDto.setResourceType(str);
                permissionDto.setAction(str2);
                permissionDto.setRequestMethod(requestMethod);
                this.permissionService.createOrUpdateEntity(permissionDto);
            }
        }
    }
}
