package com.geoway.sso.client.aspect;

import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.geoway.sso.client.annotation.RequireAuth;
import com.geoway.sso.client.client.TenantClient;
import com.geoway.sso.client.enums.RoleLevelEnum;
import com.geoway.sso.client.rpc.SsoUser;
import com.geoway.sso.client.util.CommonLoginUserUtil;
import com.geoway.sso.client.util.HttpServletUtil;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletResponse;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;

@Aspect
@Service
@ConditionalOnExpression("#{!T(com.geoway.sso.client.constant.SystemConstant).IS_SERVER}")
/* loaded from: input_file:BOOT-INF/lib/ns-sso-client-2.0.0-SNAPSHOT.jar:com/geoway/sso/client/aspect/RequireAuthAspect.class */
public class RequireAuthAspect {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RequireAuthAspect.class);

    @Autowired
    TenantClient tenantClient;

    @Pointcut("@within(com.geoway.sso.client.annotation.RequireAuth)")
    public void authClassPointCut() {
    }

    @Before("authClassPointCut()")
    public void beforeClassExec(JoinPoint joinPoint) {
        excute(joinPoint);
    }

    @Pointcut("@annotation(com.geoway.sso.client.annotation.RequireAuth)")
    public void authMethodPointCut() {
    }

    @Before("authMethodPointCut()")
    public void beforeMethodExec(JoinPoint joinPoint) {
        excute(joinPoint);
    }

    private void excute(JoinPoint joinPoint) {
        RequireAuth annotationAuth = getAnnotationAuth(joinPoint);
        if (annotationAuth == null || annotationAuth.roleLevel() == RoleLevelEnum.None) {
            return;
        }
        SsoUser user = CommonLoginUserUtil.getUser();
        if (user == null) {
            markLoginResponse("用户无权限访问");
            return;
        }
        switch (annotationAuth.roleLevel()) {
            case superAdmin:
                if (!user.getUserCatalog().equals(Integer.valueOf(RoleLevelEnum.superAdmin.getValue()))) {
                    throw new RuntimeException("用户无权限访问,需系统管理员权限");
                }
                return;
            case tenantAdmin:
                if (user.getUserCatalog().intValue() > RoleLevelEnum.tenantAdmin.getValue()) {
                    throw new RuntimeException("用户无权限访问,需管理员权限");
                }
                if (!this.tenantClient.isTenantAdmin()) {
                    throw new RuntimeException("用户无权限访问,需管理员权限");
                }
                return;
            default:
                return;
        }
    }

    private RequireAuth getAnnotationAuth(JoinPoint joinPoint) {
        MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
        Method method = methodSignature.getMethod();
        RequireAuth requireAuth = null;
        if (method != null) {
            requireAuth = (RequireAuth) method.getAnnotation(RequireAuth.class);
        }
        if (requireAuth != null) {
            return requireAuth;
        }
        Class declaringType = methodSignature.getDeclaringType();
        if (declaringType != null) {
            requireAuth = (RequireAuth) declaringType.getAnnotation(RequireAuth.class);
        }
        return requireAuth;
    }

    private void markLoginResponse(String str) {
        try {
            HttpServletResponse response = HttpServletUtil.getResponse();
            response.setStatus(HttpStatus.OK.value());
            response.setContentType("application/json");
            response.setCharacterEncoding("UTF-8");
            response.setHeader("Cache-Control", "no-cache, must-revalidate");
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("code", (Object) 2100);
            jSONObject.put("status", (Object) "NEEDLOGIN");
            jSONObject.put("message", (Object) "无效token或token已过期");
            if (StrUtil.isNotEmpty(str)) {
                jSONObject.put("message", (Object) str);
            }
            response.getOutputStream().write(JSON.toJSONString(jSONObject, SerializerFeature.WriteNullStringAsEmpty).getBytes());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
