package com.takeshi.config.satoken;

import cn.dev33.satoken.exception.BackResultException;
import cn.dev33.satoken.exception.StopMatchException;
import cn.dev33.satoken.router.SaRouteFunction;
import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.servlet.model.SaRequestForServlet;
import cn.dev33.satoken.servlet.model.SaResponseForServlet;
import cn.dev33.satoken.stp.StpUtil;
import cn.dev33.satoken.strategy.SaStrategy;
import cn.hutool.core.io.unit.DataSizeUtil;
import cn.hutool.core.util.ObjUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.extra.servlet.JakartaServletUtil;
import cn.hutool.http.ContentType;
import cn.hutool.http.Header;
import cn.hutool.http.useragent.UserAgentUtil;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.takeshi.annotation.RepeatSubmit;
import com.takeshi.annotation.SystemSecurity;
import com.takeshi.config.StaticConfig;
import com.takeshi.config.properties.RateLimitProperties;
import com.takeshi.config.properties.TakeshiProperties;
import com.takeshi.constants.TakeshiCode;
import com.takeshi.constants.TakeshiConstants;
import com.takeshi.enums.TakeshiRedisKeyEnum;
import com.takeshi.exception.Either;
import com.takeshi.pojo.basic.ResponseData;
import com.takeshi.pojo.bo.ParamBO;
import com.takeshi.pojo.bo.RetBO;
import com.takeshi.util.GsonUtil;
import com.takeshi.util.TakeshiUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.lang.reflect.Method;
import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.redisson.api.RRateLimiter;
import org.redisson.api.RateType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.MultiValueMap;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.multipart.support.StandardMultipartHttpServletRequest;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:com/takeshi/config/satoken/TakeshiInterceptor.class */
public class TakeshiInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(TakeshiInterceptor.class);
    public SaRouteFunction function;

    public TakeshiInterceptor() {
        this.function = (saRequest, saResponse, obj) -> {
            StpUtil.checkLogin();
        };
    }

    private TakeshiInterceptor(SaRouteFunction saRouteFunction) {
        this.function = (saRequest, saResponse, obj) -> {
            StpUtil.checkLogin();
        };
        this.function = saRouteFunction;
    }

    public static TakeshiInterceptor newInstance() {
        return new TakeshiInterceptor();
    }

    public static TakeshiInterceptor newInstance(SaRouteFunction saRouteFunction) {
        return new TakeshiInterceptor(saRouteFunction);
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        try {
            if (obj instanceof HandlerMethod) {
                HandlerMethod handlerMethod = (HandlerMethod) obj;
                String header = httpServletRequest.getHeader(Header.USER_AGENT.getValue());
                String header2 = httpServletRequest.getHeader(TakeshiConstants.TIMESTAMP_NAME);
                String clientIp = TakeshiUtil.getClientIp(httpServletRequest);
                Object loginIdDefaultNull = StpUtil.getLoginIdDefaultNull();
                Method method = handlerMethod.getMethod();
                log.info("请求开始, 请求IP: {}, 请求工具: {}, timestamp: {}", new Object[]{clientIp, header, header2});
                log.info("请求的用户ID: {}, 请求地址: {}, 请求方法: [{}] {}.{}", new Object[]{loginIdDefaultNull, httpServletRequest.getRequestURL(), httpServletRequest.getMethod(), method.getDeclaringClass().getName(), method.getName()});
                SystemSecurity systemSecurity = (SystemSecurity) Optional.ofNullable((SystemSecurity) handlerMethod.getMethodAnnotation(SystemSecurity.class)).orElse((SystemSecurity) handlerMethod.getBeanType().getAnnotation(SystemSecurity.class));
                rateLimit(httpServletRequest, handlerMethod, header, clientIp, loginIdDefaultNull, systemSecurity);
                if (ObjUtil.isNull(systemSecurity) || (!systemSecurity.all() && !systemSecurity.token())) {
                    this.function.run(new SaRequestForServlet(httpServletRequest), new SaResponseForServlet(httpServletResponse), handlerMethod);
                }
                SaStrategy.me.checkMethodAnnotation.accept(method);
            }
            return true;
        } catch (BackResultException e) {
            httpServletResponse.setCharacterEncoding("UTF-8");
            httpServletResponse.setContentType(ContentType.JSON.getValue());
            httpServletResponse.setStatus(200);
            Object obj2 = e.result;
            String json = obj2 instanceof RetBO ? GsonUtil.toJson(ResponseData.retData((RetBO) obj2)) : e.getMessage();
            log.error("TakeshiInterceptor.preHandle --> 请求URL: " + httpServletRequest.getRequestURL() + ", 接口验证错误: " + json, e);
            httpServletResponse.getWriter().write(json);
            return false;
        } catch (StopMatchException e2) {
            return true;
        }
    }

    private void rateLimit(HttpServletRequest httpServletRequest, HandlerMethod handlerMethod, String str, String str2, Object obj, SystemSecurity systemSecurity) throws IOException {
        TakeshiProperties takeshiProperties = StaticConfig.takeshiProperties;
        boolean z = false;
        boolean z2 = false;
        if (ObjUtil.isNotNull(systemSecurity)) {
            z = systemSecurity.all() || systemSecurity.platform();
            z2 = systemSecurity.all() || systemSecurity.signature();
        }
        if (takeshiProperties.isAppPlatform() && !z && !UserAgentUtil.parse(str).isMobile()) {
            SaRouter.back(TakeshiCode.USERAGENT_ERROR);
        }
        RateLimitProperties rate = takeshiProperties.getRate();
        String header = httpServletRequest.getHeader(TakeshiConstants.TIMESTAMP_NAME);
        String header2 = httpServletRequest.getHeader(TakeshiConstants.NONCE_NAME);
        String servletPath = httpServletRequest.getServletPath();
        String projectKey = TakeshiRedisKeyEnum.IP_BLACKLIST.projectKey(str2);
        if (StaticConfig.redisComponent.hasKey(projectKey).booleanValue()) {
            SaRouter.back(TakeshiCode.RATE_LIMIT);
        }
        if (rate.getMaxTimeDiff() > 0) {
            if (StrUtil.isBlank(header)) {
                SaRouter.back(TakeshiCode.PARAMETER_ERROR);
            }
            long seconds = Duration.between(Instant.ofEpochMilli(Long.parseLong(header)), Instant.now()).getSeconds();
            if (seconds > rate.getMaxTimeDiff() || seconds < TakeshiConstants.LONGS[0]) {
                SaRouter.back(TakeshiCode.SIGN_ERROR);
            }
        }
        RateLimitProperties.NonceRate nonce = rate.getNonce();
        if (nonce.getRateInterval() > 0) {
            RRateLimiter rateLimiter = StaticConfig.redisComponent.getRateLimiter(TakeshiRedisKeyEnum.NONCE_RATE_LIMIT.projectKey(str2, servletPath));
            rateLimiter.trySetRate(RateType.PER_CLIENT, nonce.getRate(), nonce.getRateInterval(), nonce.getRateIntervalUnit());
            if (!rateLimiter.tryAcquire()) {
                SaRouter.back(TakeshiCode.RATE_LIMIT);
            }
        }
        RepeatSubmit repeatSubmit = (RepeatSubmit) handlerMethod.getMethodAnnotation(RepeatSubmit.class);
        RateLimitProperties.IpRate ip = rate.getIp();
        if (ObjUtil.isNotNull(repeatSubmit) && repeatSubmit.ipRateInterval() > 0) {
            ip.setRate(repeatSubmit.ipRate());
            ip.setRateInterval(repeatSubmit.ipRateInterval());
            ip.setRateIntervalUnit(repeatSubmit.ipRateIntervalUnit());
            ip.setOpenBlacklist(repeatSubmit.ipRateOpenBlacklist());
        }
        if (ip.getRateInterval() > 0) {
            RRateLimiter rateLimiter2 = StaticConfig.redisComponent.getRateLimiter(TakeshiRedisKeyEnum.IP_RATE_LIMIT.projectKey(str2, servletPath));
            rateLimiter2.trySetRate(RateType.PER_CLIENT, ip.getRate(), ip.getRateInterval(), ip.getRateIntervalUnit());
            if (!rateLimiter2.tryAcquire()) {
                if (ip.isOpenBlacklist()) {
                    StaticConfig.redisComponent.saveMidnight(projectKey, Instant.now().toString());
                }
                SaRouter.back(TakeshiCode.RATE_LIMIT);
            }
        }
        ParamBO paramBO = getParamBO(httpServletRequest);
        String jsonString = paramBO.toJsonString();
        log.info("请求参数: {}", jsonString);
        String signatureKey = takeshiProperties.getSignatureKey();
        if (StrUtil.isNotBlank(signatureKey) && !z2 && !StrUtil.equals(httpServletRequest.getHeader(TakeshiConstants.SIGN_NAME), SecureUtil.signParamsMd5(paramBO.getParamMap(), new String[]{StrUtil.toStringOrNull(paramBO.getBodyOther()), signatureKey, header2, header}))) {
            SaRouter.back(TakeshiCode.SIGN_ERROR);
        }
        if (!ObjUtil.isNotNull(repeatSubmit) || repeatSubmit.rateInterval() <= 0) {
            return;
        }
        RetBO retBO = TakeshiCode.REPEAT_SUBMIT;
        long rateInterval = repeatSubmit.rateInterval();
        if (StrUtil.isNotBlank(repeatSubmit.msg())) {
            retBO.setMessage(repeatSubmit.msg());
        }
        HashMap hashMap = new HashMap(8);
        hashMap.put("repeatUrl", servletPath);
        hashMap.put("repeatLoginId", obj);
        JsonNode readTree = StaticConfig.objectMapper.readTree(jsonString);
        Arrays.asList(repeatSubmit.ignoredFieldNames()).forEach(str3 -> {
            readTree.findParents(str3).forEach(jsonNode -> {
                ((ObjectNode) jsonNode).remove(str3);
            });
        });
        hashMap.put("repeatParams", readTree);
        RRateLimiter rateLimiter3 = StaticConfig.redisComponent.getRateLimiter(TakeshiRedisKeyEnum.REPEAT_SUBMIT.projectKey(SecureUtil.md5(GsonUtil.toJson(hashMap))));
        rateLimiter3.trySetRate(RateType.PER_CLIENT, 1L, rateInterval, repeatSubmit.rateIntervalUnit());
        if (rateLimiter3.tryAcquire()) {
            return;
        }
        SaRouter.back(retBO);
    }

    private ParamBO getParamBO(HttpServletRequest httpServletRequest) throws IOException {
        ParamBO paramBO = new ParamBO();
        paramBO.setUrlParam(JakartaServletUtil.getParamMap(httpServletRequest));
        Object attribute = httpServletRequest.getAttribute(TakeshiConstants.MULTIPART_REQUEST);
        httpServletRequest.removeAttribute(TakeshiConstants.MULTIPART_REQUEST);
        if (JakartaServletUtil.isPostMethod(httpServletRequest) && (attribute instanceof StandardMultipartHttpServletRequest)) {
            MultiValueMap multiFileMap = ((StandardMultipartHttpServletRequest) attribute).getMultiFileMap();
            paramBO.setMultipartData((Map) multiFileMap.entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                return (List) ((List) entry.getValue()).stream().map(Either.warp(multipartFile -> {
                    return SecureUtil.md5(multipartFile.getInputStream());
                })).collect(Collectors.toList());
            })));
            paramBO.setMultipart((Map) multiFileMap.entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry2 -> {
                return (String) ((List) entry2.getValue()).stream().map(multipartFile -> {
                    return StrUtil.builder(new CharSequence[]{multipartFile.getOriginalFilename(), "[", DataSizeUtil.format(multipartFile.getSize()), "]"});
                }).collect(Collectors.joining(","));
            })));
        } else if (!JakartaServletUtil.isGetMethod(httpServletRequest)) {
            paramBO.setBody(httpServletRequest.getInputStream());
        }
        return paramBO;
    }
}
