package com.takeshi.config.satoken;

import cn.dev33.satoken.SaManager;
import cn.dev33.satoken.context.model.SaRequest;
import cn.dev33.satoken.exception.SaSignException;
import cn.dev33.satoken.fun.SaParamFunction;
import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.servlet.model.SaRequestForServlet;
import cn.dev33.satoken.sign.SaSignUtil;
import cn.dev33.satoken.strategy.SaStrategy;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.io.unit.DataSizeUtil;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.ObjUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.extra.servlet.JakartaServletUtil;
import cn.hutool.extra.spring.SpringUtil;
import cn.hutool.http.Header;
import cn.hutool.http.useragent.UserAgentUtil;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.takeshi.annotation.RepeatSubmit;
import com.takeshi.annotation.SystemSecurity;
import com.takeshi.annotation.TakeshiLog;
import com.takeshi.config.properties.IpRateLimitProperties;
import com.takeshi.config.properties.TakeshiProperties;
import com.takeshi.constants.RequestConstants;
import com.takeshi.constants.TakeshiCode;
import com.takeshi.enums.TakeshiRedisKeyEnum;
import com.takeshi.pojo.basic.ResponseData;
import com.takeshi.pojo.bo.IpBlackInfoBO;
import com.takeshi.pojo.bo.RetBO;
import com.takeshi.util.GsonUtil;
import com.takeshi.util.ZonedDateTimeUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.redisson.api.RRateLimiter;
import org.redisson.api.RateIntervalUnit;
import org.redisson.api.RateType;
import org.redisson.api.RedissonClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.multipart.support.StandardMultipartHttpServletRequest;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:com/takeshi/config/satoken/TakeshiInterceptor.class */
public class TakeshiInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(TakeshiInterceptor.class);
    private final Duration DURATION;
    public SaParamFunction<Object> auth;
    private final String[] EXCLUSION_FIELD_NAME;

    public TakeshiInterceptor() {
        this.DURATION = Duration.ofDays(7L);
        this.auth = obj -> {
        };
        this.EXCLUSION_FIELD_NAME = new String[]{"password", "oldPassword", "newPassword", "confirmPassword"};
    }

    private TakeshiInterceptor(SaParamFunction<Object> saParamFunction) {
        this.DURATION = Duration.ofDays(7L);
        this.auth = obj -> {
        };
        this.EXCLUSION_FIELD_NAME = new String[]{"password", "oldPassword", "newPassword", "confirmPassword"};
        this.auth = saParamFunction;
    }

    public static TakeshiInterceptor newInstance() {
        return new TakeshiInterceptor();
    }

    public static TakeshiInterceptor newInstance(SaParamFunction<Object> saParamFunction) {
        return new TakeshiInterceptor(saParamFunction);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        Method method = handlerMethod.getMethod();
        String sb = StrUtil.builder(new CharSequence[]{method.getDeclaringClass().getName(), ".", method.getName()}).toString();
        httpServletRequest.setAttribute(RequestConstants.METHOD_NAME, sb);
        TakeshiLog takeshiLog = (TakeshiLog) method.getAnnotation(TakeshiLog.class);
        log.info("TakeshiInterceptor.preHandle --> Request Http Method: {}", StrUtil.builder(new CharSequence[]{"[", httpServletRequest.getMethod(), "]", sb}));
        ObjectMapper objectMapper = (ObjectMapper) SpringUtil.getBean(ObjectMapper.class);
        Map paramMap = JakartaServletUtil.getParamMap(httpServletRequest);
        Map map = null;
        Object obj2 = null;
        if (HttpMethod.POST.matches(httpServletRequest.getMethod()) && (httpServletRequest instanceof StandardMultipartHttpServletRequest)) {
            map = (Map) ((StandardMultipartHttpServletRequest) httpServletRequest).getMultiFileMap().entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, entry -> {
                return (String) ((List) entry.getValue()).stream().map(multipartFile -> {
                    return StrUtil.builder(new CharSequence[]{multipartFile.getOriginalFilename(), "[", DataSizeUtil.format(multipartFile.getSize()), "]"});
                }).collect(Collectors.joining(","));
            }));
        } else if (!HttpMethod.GET.matches(httpServletRequest.getMethod())) {
            JsonNode readTree = objectMapper.readTree(httpServletRequest.getInputStream());
            if (!readTree.isNull()) {
                obj2 = readTree.isObject() ? objectMapper.convertValue(readTree, new TypeReference<Map<String, Object>>() { // from class: com.takeshi.config.satoken.TakeshiInterceptor.1
                }) : readTree.isArray() ? objectMapper.convertValue(readTree, new TypeReference<Collection<Object>>() { // from class: com.takeshi.config.satoken.TakeshiInterceptor.2
                }) : readTree.isTextual() ? readTree.textValue() : readTree.isNumber() ? readTree.numberValue() : readTree.isBoolean() ? Boolean.valueOf(readTree.booleanValue()) : readTree.toString();
            }
        }
        ObjectNode createObjectNode = objectMapper.createObjectNode();
        if (CollUtil.isNotEmpty(paramMap)) {
            createObjectNode.putPOJO("urlParam", paramMap);
        }
        if (CollUtil.isNotEmpty(map)) {
            createObjectNode.putPOJO("multipart", map);
        }
        if (ObjUtil.isNotEmpty(obj2)) {
            createObjectNode.putPOJO("bodyObject", obj2);
        }
        String writeValueAsString = objectMapper.writeValueAsString(createObjectNode);
        log.info("Request Parameters: {}", writeValueAsString);
        if (ObjUtil.isNotNull(takeshiLog)) {
            for (String str : (String[]) Stream.of((Object[]) new String[]{this.EXCLUSION_FIELD_NAME, takeshiLog.exclusionFieldName()}).flatMap((v0) -> {
                return Arrays.stream(v0);
            }).toArray(i -> {
                return new String[i];
            })) {
                createObjectNode.findParents(str).forEach(jsonNode -> {
                    ((ObjectNode) jsonNode).remove(str);
                });
            }
            httpServletRequest.setAttribute(RequestConstants.TAKESHI_LOG, takeshiLog);
            httpServletRequest.setAttribute(RequestConstants.PARAM_OBJECT_VALUE, objectMapper.writeValueAsString(createObjectNode));
        }
        SystemSecurity rateLimit = rateLimit(httpServletRequest, handlerMethod, objectMapper, (ObjectNode) objectMapper.readValue(writeValueAsString, ObjectNode.class));
        if (ObjUtil.isNull(rateLimit) || (!rateLimit.all() && !rateLimit.token())) {
            this.auth.run(handlerMethod);
        }
        SaStrategy.instance.checkMethodAnnotation.accept(method);
        return true;
    }

    private SystemSecurity rateLimit(HttpServletRequest httpServletRequest, HandlerMethod handlerMethod, ObjectMapper objectMapper, ObjectNode objectNode) throws Exception {
        SystemSecurity systemSecurity = (SystemSecurity) Optional.ofNullable((SystemSecurity) handlerMethod.getMethodAnnotation(SystemSecurity.class)).orElse((SystemSecurity) handlerMethod.getBeanType().getAnnotation(SystemSecurity.class));
        String str = (String) httpServletRequest.getAttribute(RequestConstants.CLIENT_IP);
        TakeshiProperties takeshiProperties = (TakeshiProperties) SpringUtil.getBean(TakeshiProperties.class);
        boolean z = false;
        boolean z2 = false;
        if (ObjUtil.isNotNull(systemSecurity)) {
            z = systemSecurity.all() || systemSecurity.platform();
            boolean z3 = systemSecurity.all() || systemSecurity.signature();
            z2 = systemSecurity.all() || systemSecurity.timestamp();
        }
        if (takeshiProperties.isAppPlatform() && !z && !UserAgentUtil.parse(httpServletRequest.getHeader(Header.USER_AGENT.getValue())).isMobile()) {
            SaRouter.back(ResponseData.retData(TakeshiCode.USERAGENT_ERROR));
        }
        RepeatSubmit repeatSubmit = (RepeatSubmit) handlerMethod.getMethodAnnotation(RepeatSubmit.class);
        String method = httpServletRequest.getMethod();
        String servletPath = httpServletRequest.getServletPath();
        Object attribute = httpServletRequest.getAttribute(RequestConstants.LOGIN_ID);
        String str2 = ":[" + method + "]" + servletPath;
        String projectKey = TakeshiRedisKeyEnum.IP_BLACKLIST.projectKey(str);
        RedissonClient redissonClient = (RedissonClient) SpringUtil.getBean(RedissonClient.class);
        if (redissonClient.getBucket(projectKey).isExists()) {
            SaRouter.back(ResponseData.retData(TakeshiCode.BLACK_LIST_RATE_LIMIT));
        }
        verifyIp(redissonClient, repeatSubmit, (IpRateLimitProperties) SpringUtil.getBean(IpRateLimitProperties.class), str, str2, method, servletPath, projectKey);
        verifySign(z2, false, new SaRequestForServlet(httpServletRequest));
        verifyRepeatSubmit(redissonClient, repeatSubmit, objectMapper, str, method, servletPath, attribute, objectNode);
        return systemSecurity;
    }

    private void verifyIp(RedissonClient redissonClient, RepeatSubmit repeatSubmit, IpRateLimitProperties ipRateLimitProperties, String str, String str2, String str3, String str4, String str5) {
        boolean z = false;
        int rate = ipRateLimitProperties.getRate();
        int rateInterval = ipRateLimitProperties.getRateInterval();
        RateIntervalUnit rateIntervalUnit = ipRateLimitProperties.getRateIntervalUnit();
        boolean isOpenBlacklist = ipRateLimitProperties.isOpenBlacklist();
        String str6 = str;
        if (ObjUtil.isNotNull(repeatSubmit) && repeatSubmit.ipRateInterval() >= 0) {
            rate = repeatSubmit.ipRate();
            rateInterval = repeatSubmit.ipRateInterval();
            rateIntervalUnit = repeatSubmit.ipRateIntervalUnit();
            isOpenBlacklist = repeatSubmit.ipRateOpenBlacklist();
            z = true;
            str6 = str6 + str2;
        }
        if (rateInterval > 0) {
            RRateLimiter rateLimiter = redissonClient.getRateLimiter(TakeshiRedisKeyEnum.IP_RATE_LIMIT.projectKey(str6));
            if (rateLimiter.getConfig().getRate().longValue() != rate || rateLimiter.getConfig().getRateInterval().longValue() != rateIntervalUnit.toMillis(rateInterval)) {
                rateLimiter.delete();
            }
            rateLimiter.trySetRate(RateType.OVERALL, rate, rateInterval, rateIntervalUnit);
            rateLimiter.expire(this.DURATION);
            if (rateLimiter.tryAcquire()) {
                return;
            }
            if (isOpenBlacklist) {
                redissonClient.getBucket(str5).set(new IpBlackInfoBO(str, str3, str4, new IpBlackInfoBO.IpRate(rate, rateInterval, rateIntervalUnit, isOpenBlacklist, z), Instant.now()), ZonedDateTimeUtil.untilEndOfDay());
            }
            SaRouter.back(ResponseData.retData(TakeshiCode.RATE_LIMIT));
        }
    }

    private void verifySign(boolean z, boolean z2, SaRequest saRequest) {
        if (!z && StrUtil.isNotBlank(SaManager.getSaSignTemplate().getSecretKey())) {
            SaSignUtil.checkRequest(saRequest);
        } else {
            if (z2) {
                return;
            }
            String header = saRequest.getHeader(RequestConstants.Header.TIMESTAMP);
            SaSignException.notEmpty(header, "Missing timestamp field");
            SaSignUtil.checkTimestamp(Long.parseLong(header));
        }
    }

    private void verifyRepeatSubmit(RedissonClient redissonClient, RepeatSubmit repeatSubmit, ObjectMapper objectMapper, String str, String str2, String str3, Object obj, ObjectNode objectNode) throws JsonProcessingException {
        if (!ObjUtil.isNotNull(repeatSubmit) || repeatSubmit.rateInterval() <= 0) {
            return;
        }
        RetBO cloneWithMessage = TakeshiCode.REPEAT_SUBMIT.cloneWithMessage(repeatSubmit.msg());
        long rateInterval = repeatSubmit.rateInterval();
        HashMap hashMap = new HashMap(8);
        hashMap.put("repeatIp", str);
        hashMap.put("repeatMethod", str2);
        hashMap.put("repeatUrl", str3);
        hashMap.put("repeatLoginId", obj);
        if (ArrayUtil.isNotEmpty(repeatSubmit.exclusionFieldName())) {
            for (String str4 : repeatSubmit.exclusionFieldName()) {
                objectNode.findParents(str4).forEach(jsonNode -> {
                    ((ObjectNode) jsonNode).remove(str4);
                });
            }
        }
        hashMap.put("repeatParams", objectMapper.writeValueAsString(objectNode));
        RRateLimiter rateLimiter = redissonClient.getRateLimiter(TakeshiRedisKeyEnum.REPEAT_SUBMIT.projectKey(SecureUtil.md5(GsonUtil.toJson(hashMap))));
        rateLimiter.trySetRate(RateType.OVERALL, 1L, rateInterval, repeatSubmit.rateIntervalUnit());
        rateLimiter.expire(this.DURATION);
        if (rateLimiter.tryAcquire()) {
            return;
        }
        SaRouter.back(ResponseData.retData(cloneWithMessage));
    }
}
