package com.takeshi.config.satoken;

import cn.dev33.satoken.router.SaRouteFunction;
import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.servlet.model.SaRequestForServlet;
import cn.dev33.satoken.servlet.model.SaResponseForServlet;
import cn.dev33.satoken.stp.StpUtil;
import cn.dev33.satoken.strategy.SaStrategy;
import cn.hutool.core.util.ObjUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.http.Header;
import cn.hutool.http.useragent.UserAgentUtil;
import com.takeshi.annotation.RepeatSubmit;
import com.takeshi.annotation.SystemSecurity;
import com.takeshi.annotation.TakeshiLog;
import com.takeshi.config.StaticConfig;
import com.takeshi.config.properties.RateLimitProperties;
import com.takeshi.config.properties.TakeshiProperties;
import com.takeshi.constants.TakeshiCode;
import com.takeshi.constants.TakeshiConstants;
import com.takeshi.enums.TakeshiRedisKeyEnum;
import com.takeshi.pojo.bo.IpBlackInfoBO;
import com.takeshi.pojo.bo.ParamBO;
import com.takeshi.pojo.bo.RetBO;
import com.takeshi.util.GsonUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.time.Duration;
import java.time.Instant;
import java.util.HashMap;
import java.util.Optional;
import org.redisson.api.RRateLimiter;
import org.redisson.api.RateIntervalUnit;
import org.redisson.api.RateType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:com/takeshi/config/satoken/TakeshiInterceptor.class */
public class TakeshiInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(TakeshiInterceptor.class);
    public SaRouteFunction function;

    public TakeshiInterceptor() {
        this.function = (saRequest, saResponse, obj) -> {
            StpUtil.checkLogin();
        };
    }

    private TakeshiInterceptor(SaRouteFunction saRouteFunction) {
        this.function = (saRequest, saResponse, obj) -> {
            StpUtil.checkLogin();
        };
        this.function = saRouteFunction;
    }

    public static TakeshiInterceptor newInstance() {
        return new TakeshiInterceptor();
    }

    public static TakeshiInterceptor newInstance(SaRouteFunction saRouteFunction) {
        return new TakeshiInterceptor(saRouteFunction);
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        Method method = handlerMethod.getMethod();
        ParamBO paramBO = (ParamBO) httpServletRequest.getAttribute(TakeshiConstants.PARAM_BO);
        String sb = StrUtil.builder(new CharSequence[]{method.getDeclaringClass().getName(), ".", method.getName()}).toString();
        paramBO.setMethodName(sb);
        paramBO.setTakeshiLog((TakeshiLog) method.getAnnotation(TakeshiLog.class));
        log.info("TakeshiInterceptor.preHandle --> Request Http Method: {}", StrUtil.builder(new CharSequence[]{"[", paramBO.getHttpMethod(), "]", sb}));
        log.info("Request Parameters: {}", paramBO.getParamObjectNode(new String[0]));
        SystemSecurity rateLimit = rateLimit(httpServletRequest, handlerMethod, paramBO);
        if (ObjUtil.isNull(rateLimit) || (!rateLimit.all() && !rateLimit.token())) {
            this.function.run(new SaRequestForServlet(httpServletRequest), new SaResponseForServlet(httpServletResponse), handlerMethod);
        }
        SaStrategy.me.checkMethodAnnotation.accept(method);
        return true;
    }

    private SystemSecurity rateLimit(HttpServletRequest httpServletRequest, HandlerMethod handlerMethod, ParamBO paramBO) {
        SystemSecurity systemSecurity = (SystemSecurity) Optional.ofNullable((SystemSecurity) handlerMethod.getMethodAnnotation(SystemSecurity.class)).orElse((SystemSecurity) handlerMethod.getBeanType().getAnnotation(SystemSecurity.class));
        String clientIp = paramBO.getClientIp();
        TakeshiProperties takeshiProperties = StaticConfig.takeshiProperties;
        boolean z = false;
        boolean z2 = false;
        if (ObjUtil.isNotNull(systemSecurity)) {
            z = systemSecurity.all() || systemSecurity.platform();
            z2 = systemSecurity.all() || systemSecurity.signature();
        }
        if (takeshiProperties.isAppPlatform() && !z && !UserAgentUtil.parse(httpServletRequest.getHeader(Header.USER_AGENT.getValue())).isMobile()) {
            SaRouter.back(TakeshiCode.USERAGENT_ERROR);
        }
        RepeatSubmit repeatSubmit = (RepeatSubmit) handlerMethod.getMethodAnnotation(RepeatSubmit.class);
        RateLimitProperties rate = takeshiProperties.getRate();
        String header = httpServletRequest.getHeader(TakeshiConstants.TIMESTAMP_NAME);
        String header2 = httpServletRequest.getHeader(TakeshiConstants.NONCE_NAME);
        String servletPath = httpServletRequest.getServletPath();
        String projectKey = TakeshiRedisKeyEnum.IP_BLACKLIST.projectKey(clientIp);
        if (StaticConfig.redisComponent.hasKey(projectKey).booleanValue()) {
            SaRouter.back(TakeshiCode.RATE_LIMIT);
        }
        int maxTimeDiff = (!ObjUtil.isNotNull(repeatSubmit) || repeatSubmit.maxTimeDiff() < 0) ? rate.getMaxTimeDiff() : repeatSubmit.maxTimeDiff();
        if (maxTimeDiff > 0) {
            if (StrUtil.isBlank(header)) {
                SaRouter.back(TakeshiCode.PARAMETER_ERROR);
            }
            if (Math.abs(Instant.now().getEpochSecond() - (Long.parseLong(header) / 1000)) > maxTimeDiff) {
                SaRouter.back(TakeshiCode.CLIENT_DATE_TIME_ERROR);
            }
        }
        String signatureKey = takeshiProperties.getSignatureKey();
        boolean z3 = StrUtil.isNotBlank(signatureKey) && !z2;
        RateLimitProperties.NonceRate nonce = rate.getNonce();
        int rate2 = nonce.getRate();
        int rateInterval = nonce.getRateInterval();
        RateIntervalUnit rateIntervalUnit = nonce.getRateIntervalUnit();
        if (ObjUtil.isNotNull(repeatSubmit) && repeatSubmit.nonceRateInterval() > 0) {
            rate2 = repeatSubmit.nonceRate();
            rateInterval = repeatSubmit.rateInterval();
            rateIntervalUnit = repeatSubmit.nonceRateIntervalUnit();
        }
        if (z3 && rateInterval > 0) {
            RRateLimiter rateLimiter = StaticConfig.redisComponent.getRateLimiter(TakeshiRedisKeyEnum.NONCE_RATE_LIMIT.projectKey(header2));
            rateLimiter.trySetRate(RateType.PER_CLIENT, rate2, rateInterval, rateIntervalUnit);
            rateLimiter.expire(Duration.ofMillis(rateIntervalUnit.toMillis(rateInterval)));
            if (!rateLimiter.tryAcquire()) {
                SaRouter.back(TakeshiCode.RATE_LIMIT);
            }
        }
        RateLimitProperties.IpRate ip = rate.getIp();
        boolean z4 = false;
        int rate3 = ip.getRate();
        int rateInterval2 = ip.getRateInterval();
        RateIntervalUnit rateIntervalUnit2 = ip.getRateIntervalUnit();
        boolean isOpenBlacklist = ip.isOpenBlacklist();
        if (ObjUtil.isNotNull(repeatSubmit) && repeatSubmit.ipRateInterval() > 0) {
            z4 = true;
            rate3 = repeatSubmit.ipRate();
            rateInterval2 = repeatSubmit.ipRateInterval();
            rateIntervalUnit2 = repeatSubmit.ipRateIntervalUnit();
            isOpenBlacklist = repeatSubmit.ipRateOpenBlacklist();
        }
        if (rateInterval2 > 0) {
            RRateLimiter rateLimiter2 = StaticConfig.redisComponent.getRateLimiter(TakeshiRedisKeyEnum.IP_RATE_LIMIT.projectKey(clientIp));
            rateLimiter2.trySetRate(RateType.PER_CLIENT, rate3, rateInterval2, rateIntervalUnit2);
            rateLimiter2.expire(Duration.ofDays(1L));
            if (!rateLimiter2.tryAcquire()) {
                if (isOpenBlacklist) {
                    StaticConfig.redisComponent.saveToMidnight(projectKey, GsonUtil.toJson(new IpBlackInfoBO(clientIp, servletPath, ip, Boolean.valueOf(z4), Instant.now())));
                }
                SaRouter.back(TakeshiCode.RATE_LIMIT);
            }
        }
        if (z3 && !StrUtil.equals(httpServletRequest.getHeader(TakeshiConstants.SIGN_NAME), SecureUtil.signParamsMd5(paramBO.getParamMap(), new String[]{StrUtil.toStringOrNull(paramBO.getBodyOther()), signatureKey, header2, header}))) {
            SaRouter.back(TakeshiCode.SIGN_ERROR);
        }
        if (ObjUtil.isNotNull(repeatSubmit) && repeatSubmit.rateInterval() > 0) {
            RetBO retBO = TakeshiCode.REPEAT_SUBMIT;
            long rateInterval3 = repeatSubmit.rateInterval();
            if (StrUtil.isNotBlank(repeatSubmit.msg())) {
                retBO.setMessage(repeatSubmit.msg());
            }
            HashMap hashMap = new HashMap(8);
            hashMap.put("repeatUrl", servletPath);
            hashMap.put("repeatLoginId", paramBO.getLoginId());
            hashMap.put("repeatParams", paramBO.getParamObjectNode(repeatSubmit.exclusionFieldName()));
            RRateLimiter rateLimiter3 = StaticConfig.redisComponent.getRateLimiter(TakeshiRedisKeyEnum.REPEAT_SUBMIT.projectKey(SecureUtil.md5(GsonUtil.toJson(hashMap))));
            rateLimiter3.trySetRate(RateType.PER_CLIENT, 1L, rateInterval3, repeatSubmit.rateIntervalUnit());
            rateLimiter3.expire(Duration.ofMillis(repeatSubmit.rateIntervalUnit().toMillis(rateInterval3)));
            if (!rateLimiter3.tryAcquire()) {
                SaRouter.back(retBO);
            }
        }
        return systemSecurity;
    }
}
