package com.takeshi.config.satoken;

import cn.dev33.satoken.fun.SaParamFunction;
import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.strategy.SaStrategy;
import cn.hutool.core.util.ObjUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.extra.spring.SpringUtil;
import cn.hutool.http.Header;
import cn.hutool.http.useragent.UserAgentUtil;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.takeshi.annotation.RepeatSubmit;
import com.takeshi.annotation.SystemSecurity;
import com.takeshi.annotation.TakeshiLog;
import com.takeshi.config.properties.RateLimitProperties;
import com.takeshi.config.properties.TakeshiProperties;
import com.takeshi.constants.TakeshiCode;
import com.takeshi.constants.TakeshiConstants;
import com.takeshi.enums.TakeshiRedisKeyEnum;
import com.takeshi.pojo.basic.ResponseData;
import com.takeshi.pojo.bo.IpBlackInfoBO;
import com.takeshi.pojo.bo.ParamBO;
import com.takeshi.pojo.bo.RetBO;
import com.takeshi.util.GsonUtil;
import com.takeshi.util.ZonedDateTimeUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.time.Duration;
import java.time.Instant;
import java.util.HashMap;
import java.util.Optional;
import org.redisson.api.RRateLimiter;
import org.redisson.api.RateIntervalUnit;
import org.redisson.api.RateType;
import org.redisson.api.RedissonClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:com/takeshi/config/satoken/TakeshiInterceptor.class */
public class TakeshiInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(TakeshiInterceptor.class);
    private final Duration DURATION;
    public SaParamFunction<Object> auth;

    public TakeshiInterceptor() {
        this.DURATION = Duration.ofDays(7L);
        this.auth = obj -> {
        };
    }

    private TakeshiInterceptor(SaParamFunction<Object> saParamFunction) {
        this.DURATION = Duration.ofDays(7L);
        this.auth = obj -> {
        };
        this.auth = saParamFunction;
    }

    public static TakeshiInterceptor newInstance() {
        return new TakeshiInterceptor();
    }

    public static TakeshiInterceptor newInstance(SaParamFunction<Object> saParamFunction) {
        return new TakeshiInterceptor(saParamFunction);
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        Method method = handlerMethod.getMethod();
        ParamBO paramBO = (ParamBO) httpServletRequest.getAttribute(TakeshiConstants.PARAM_BO);
        String sb = StrUtil.builder(new CharSequence[]{method.getDeclaringClass().getName(), ".", method.getName()}).toString();
        paramBO.setMethodName(sb);
        paramBO.setTakeshiLog((TakeshiLog) method.getAnnotation(TakeshiLog.class));
        log.info("TakeshiInterceptor.preHandle --> Request Http Method: {}", StrUtil.builder(new CharSequence[]{"[", paramBO.getHttpMethod(), "]", sb}));
        log.info("Request Parameters: {}", ((ObjectMapper) SpringUtil.getBean(ObjectMapper.class)).writeValueAsString(paramBO.getParamObjectNode(new String[0])));
        SystemSecurity rateLimit = rateLimit(httpServletRequest, handlerMethod, paramBO);
        if (ObjUtil.isNull(rateLimit) || (!rateLimit.all() && !rateLimit.token())) {
            this.auth.run(handlerMethod);
        }
        SaStrategy.instance.checkMethodAnnotation.accept(method);
        return true;
    }

    private SystemSecurity rateLimit(HttpServletRequest httpServletRequest, HandlerMethod handlerMethod, ParamBO paramBO) throws Exception {
        SystemSecurity systemSecurity = (SystemSecurity) Optional.ofNullable((SystemSecurity) handlerMethod.getMethodAnnotation(SystemSecurity.class)).orElse((SystemSecurity) handlerMethod.getBeanType().getAnnotation(SystemSecurity.class));
        String clientIp = paramBO.getClientIp();
        TakeshiProperties takeshiProperties = (TakeshiProperties) SpringUtil.getBean(TakeshiProperties.class);
        boolean z = false;
        boolean z2 = false;
        if (ObjUtil.isNotNull(systemSecurity)) {
            z = systemSecurity.all() || systemSecurity.platform();
            z2 = systemSecurity.all() || systemSecurity.signature();
        }
        if (takeshiProperties.isAppPlatform() && !z && !UserAgentUtil.parse(httpServletRequest.getHeader(Header.USER_AGENT.getValue())).isMobile()) {
            SaRouter.back(ResponseData.retData(TakeshiCode.USERAGENT_ERROR));
        }
        RepeatSubmit repeatSubmit = (RepeatSubmit) handlerMethod.getMethodAnnotation(RepeatSubmit.class);
        String header = httpServletRequest.getHeader(TakeshiConstants.TIMESTAMP_NAME);
        String header2 = httpServletRequest.getHeader(TakeshiConstants.NONCE_NAME);
        String method = httpServletRequest.getMethod();
        String servletPath = httpServletRequest.getServletPath();
        String str = ":[" + method + "]" + servletPath;
        String projectKey = TakeshiRedisKeyEnum.IP_BLACKLIST.projectKey(clientIp);
        RedissonClient redissonClient = (RedissonClient) SpringUtil.getBean(RedissonClient.class);
        if (redissonClient.getBucket(projectKey).isExists()) {
            SaRouter.back(ResponseData.retData(TakeshiCode.BLACK_LIST_RATE_LIMIT));
        }
        RateLimitProperties rateLimitProperties = (RateLimitProperties) SpringUtil.getBean(RateLimitProperties.class);
        verifyMaxTimeDiff(repeatSubmit, rateLimitProperties.getMaxTimeDiff(), header);
        String signatureKey = takeshiProperties.getSignatureKey();
        boolean z3 = StrUtil.isNotBlank(signatureKey) && !z2;
        verifyNonce(redissonClient, repeatSubmit, rateLimitProperties.getNonce(), clientIp, header2, str, z3);
        verifyIp(redissonClient, repeatSubmit, rateLimitProperties.getIp(), clientIp, str, method, servletPath, projectKey);
        verifySign(z3, httpServletRequest.getHeader(TakeshiConstants.SIGN_NAME), paramBO, signatureKey, header2, header);
        verifyRepeatSubmit(redissonClient, repeatSubmit, paramBO, clientIp, method, servletPath);
        return systemSecurity;
    }

    private void verifyMaxTimeDiff(RepeatSubmit repeatSubmit, int i, String str) {
        int maxTimeDiff = (!ObjUtil.isNotNull(repeatSubmit) || repeatSubmit.maxTimeDiff() < 0) ? i : repeatSubmit.maxTimeDiff();
        if (maxTimeDiff > 0) {
            if (StrUtil.isBlank(str)) {
                SaRouter.back(ResponseData.retData(TakeshiCode.PARAMETER_ERROR));
            }
            if (Math.abs(Instant.now().getEpochSecond() - (Long.parseLong(str) / 1000)) > maxTimeDiff) {
                SaRouter.back(ResponseData.retData(TakeshiCode.CLIENT_DATE_TIME_ERROR));
            }
        }
    }

    private void verifyNonce(RedissonClient redissonClient, RepeatSubmit repeatSubmit, RateLimitProperties.NonceRate nonceRate, String str, String str2, String str3, boolean z) {
        int rate = nonceRate.getRate();
        int rateInterval = nonceRate.getRateInterval();
        RateIntervalUnit rateIntervalUnit = nonceRate.getRateIntervalUnit();
        String str4 = str + ":" + str2;
        if (ObjUtil.isNotNull(repeatSubmit) && repeatSubmit.nonceRateInterval() >= 0) {
            rate = repeatSubmit.nonceRate();
            rateInterval = repeatSubmit.nonceRateInterval();
            rateIntervalUnit = repeatSubmit.nonceRateIntervalUnit();
            str4 = str4 + str3;
        }
        if (!z || rateInterval <= 0) {
            return;
        }
        RRateLimiter rateLimiter = redissonClient.getRateLimiter(TakeshiRedisKeyEnum.NONCE_RATE_LIMIT.projectKey(str4));
        if (rateLimiter.getConfig().getRate().longValue() != rate || rateLimiter.getConfig().getRateInterval().longValue() != rateIntervalUnit.toMillis(rateInterval)) {
            rateLimiter.delete();
        }
        rateLimiter.trySetRate(RateType.OVERALL, rate, rateInterval, rateIntervalUnit);
        rateLimiter.expire(this.DURATION);
        if (rateLimiter.tryAcquire()) {
            return;
        }
        SaRouter.back(ResponseData.retData(TakeshiCode.RATE_LIMIT));
    }

    private void verifyIp(RedissonClient redissonClient, RepeatSubmit repeatSubmit, RateLimitProperties.IpRate ipRate, String str, String str2, String str3, String str4, String str5) {
        boolean z = false;
        int rate = ipRate.getRate();
        int rateInterval = ipRate.getRateInterval();
        RateIntervalUnit rateIntervalUnit = ipRate.getRateIntervalUnit();
        boolean isOpenBlacklist = ipRate.isOpenBlacklist();
        String str6 = str;
        if (ObjUtil.isNotNull(repeatSubmit) && repeatSubmit.ipRateInterval() >= 0) {
            rate = repeatSubmit.ipRate();
            rateInterval = repeatSubmit.ipRateInterval();
            rateIntervalUnit = repeatSubmit.ipRateIntervalUnit();
            isOpenBlacklist = repeatSubmit.ipRateOpenBlacklist();
            z = true;
            str6 = str6 + str2;
        }
        if (rateInterval > 0) {
            RRateLimiter rateLimiter = redissonClient.getRateLimiter(TakeshiRedisKeyEnum.IP_RATE_LIMIT.projectKey(str6));
            if (rateLimiter.getConfig().getRate().longValue() != rate || rateLimiter.getConfig().getRateInterval().longValue() != rateIntervalUnit.toMillis(rateInterval)) {
                rateLimiter.delete();
            }
            rateLimiter.trySetRate(RateType.OVERALL, rate, rateInterval, rateIntervalUnit);
            rateLimiter.expire(this.DURATION);
            if (rateLimiter.tryAcquire()) {
                return;
            }
            if (isOpenBlacklist) {
                redissonClient.getBucket(str5).set(new IpBlackInfoBO(str, str3, str4, new IpBlackInfoBO.IpRate(rate, rateInterval, rateIntervalUnit, isOpenBlacklist, z), Instant.now()), ZonedDateTimeUtil.untilEndOfDay());
            }
            SaRouter.back(ResponseData.retData(TakeshiCode.RATE_LIMIT));
        }
    }

    private void verifySign(boolean z, String str, ParamBO paramBO, String str2, String str3, String str4) {
        if (!z || StrUtil.equals(str, SecureUtil.signParamsMd5(paramBO.getParamMap(), new String[]{StrUtil.toStringOrNull(paramBO.getBodyOther()), str2, str3, str4}))) {
            return;
        }
        SaRouter.back(ResponseData.retData(TakeshiCode.SIGN_ERROR));
    }

    private void verifyRepeatSubmit(RedissonClient redissonClient, RepeatSubmit repeatSubmit, ParamBO paramBO, String str, String str2, String str3) throws JsonProcessingException {
        if (!ObjUtil.isNotNull(repeatSubmit) || repeatSubmit.rateInterval() <= 0) {
            return;
        }
        RetBO cloneWithMessage = TakeshiCode.REPEAT_SUBMIT.cloneWithMessage(repeatSubmit.msg());
        long rateInterval = repeatSubmit.rateInterval();
        HashMap hashMap = new HashMap(8);
        hashMap.put("repeatIp", str);
        hashMap.put("repeatMethod", str2);
        hashMap.put("repeatUrl", str3);
        hashMap.put("repeatLoginId", paramBO.getLoginId());
        hashMap.put("repeatParams", ((ObjectMapper) SpringUtil.getBean(ObjectMapper.class)).writeValueAsString(paramBO.getParamObjectNode(repeatSubmit.exclusionFieldName())));
        RRateLimiter rateLimiter = redissonClient.getRateLimiter(TakeshiRedisKeyEnum.REPEAT_SUBMIT.projectKey(SecureUtil.md5(GsonUtil.toJson(hashMap))));
        rateLimiter.trySetRate(RateType.OVERALL, 1L, rateInterval, repeatSubmit.rateIntervalUnit());
        rateLimiter.expire(this.DURATION);
        if (rateLimiter.tryAcquire()) {
            return;
        }
        SaRouter.back(ResponseData.retData(cloneWithMessage));
    }
}
