package com.geoway.ns.proxy.service.impl;

import cn.hutool.core.date.DatePattern;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.StringUtils;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.geoway.ns.monitor.constants.DataConstants;
import com.geoway.ns.monitor.constants.enums.AccessType;
import com.geoway.ns.monitor.entity.AccessRoll;
import com.geoway.ns.monitor.entity.AuthorizeToken;
import com.geoway.ns.monitor.mapper.AccessRollMapper;
import com.geoway.ns.monitor.mapper.AuthorizeTokenMapper;
import com.geoway.ns.monitor.utils.MyBatisQueryMapperUtils;
import com.geoway.ns.proxy.service.AccessVerifcationService;
import com.geoway.ns.proxy.service.RedisTemplateService;
import com.geoway.ns.proxy.utils.IpVerification;
import java.lang.invoke.SerializedLambda;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/com/geoway/ns/proxy/service/impl/AccessVerifcationServiceImpl.class */
public class AccessVerifcationServiceImpl implements AccessVerifcationService {
    MyBatisQueryMapperUtils<AuthorizeToken> qmu = new MyBatisQueryMapperUtils<>();

    @Autowired
    private AuthorizeTokenMapper authorizeTokenMapper;

    @Autowired
    private AccessRollMapper rollMapper;

    @Autowired
    private IpVerification ipVerification;

    @Autowired
    private RedisTemplateService redisTemplateService;

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.geoway.ns.proxy.service.AccessVerifcationService
    public AuthorizeToken verification(String str, HttpServletRequest httpServletRequest) throws Exception {
        if (StrUtil.isBlank(str)) {
            throw new Exception("传递的Token为null！");
        }
        AuthorizeToken authorizeToken = this.redisTemplateService.getAuthorizeToken("authorizers:" + str);
        if (ObjectUtil.isEmpty(authorizeToken)) {
            QueryWrapper queryWrapper = new QueryWrapper();
            queryWrapper.eq("f_token", str);
            queryWrapper.ne("f_status", 2);
            authorizeToken = this.authorizeTokenMapper.selectOne(queryWrapper);
            this.redisTemplateService.setAuthorizeToken("authorizers:" + str, authorizeToken);
        }
        if (authorizeToken == null) {
            throw new Exception("不存在token为【" + str + "】的授权用户！！！请联系管理员确认是否授权！");
        }
        if (authorizeToken.getStatus().intValue() != 0) {
            throw new Exception("token为【" + str + "】不具备访问权限！！！请联系管理员确认是否授权！");
        }
        if (authorizeToken.getAuthorizerType().intValue() == AccessType.APPLICATION.value) {
            String string = JSONObject.parseObject(authorizeToken.getParams()).getString("appUrl");
            String header = httpServletRequest.getHeader("Referer");
            if (StringUtils.isBlank(header) || !header.equals(string)) {
                throw new Exception("不具备访问权限！");
            }
        }
        Date indate = authorizeToken.getIndate();
        if (indate != null) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DatePattern.CHINESE_DATE_PATTERN);
            if (indate.before(simpleDateFormat.parse(simpleDateFormat.format(new Date())))) {
                throw new Exception("您的授权已过期！请重新申请！");
            }
        }
        String authorizerId = authorizeToken.getAuthorizerId();
        String resourceId = authorizeToken.getResourceId();
        LambdaQueryWrapper lambdaQuery = Wrappers.lambdaQuery();
        ((LambdaQueryWrapper) lambdaQuery.eq((v0) -> {
            return v0.getAuthorizerId();
        }, authorizerId)).eq((v0) -> {
            return v0.getResourceId();
        }, resourceId);
        AccessRoll selectOne = this.rollMapper.selectOne(lambdaQuery);
        if (selectOne != null && selectOne.getRoll().equals(DataConstants.ROLL_BlACK)) {
            throw new Exception("您已被列入黑名单！无权访问该服务资源！请联系管理员处理！");
        }
        if (!verificationOnIp(authorizeToken.getIpScope(), httpServletRequest)) {
            throw new Exception("您的IP地址禁止访问该服务！");
        }
        Integer frequency = authorizeToken.getFrequency();
        if (frequency != null && frequency.intValue() != 0) {
            verificationAccess(str);
            saveAuthorizer(str, authorizeToken);
        }
        return authorizeToken;
    }

    public boolean verificationOnIp(String str, HttpServletRequest httpServletRequest) {
        if (StrUtil.isBlank(str)) {
            return true;
        }
        return this.ipVerification.ipExistsInRange(httpServletRequest.getRemoteAddr(), str);
    }

    public void verificationAccess(String str) throws Exception {
        if (this.redisTemplateService.isHasKey("restrict:c" + str).booleanValue()) {
            throw new Exception("您的访问已被限制！");
        }
    }

    public void saveAuthorizer(String str, AuthorizeToken authorizeToken) throws Exception {
        Integer frequency = this.redisTemplateService.getFrequency("restrict:a" + str);
        if (frequency == null) {
            frequency = 0;
        } else if (frequency.intValue() >= authorizeToken.getFrequency().intValue()) {
            this.redisTemplateService.setFrequency("restrict:c" + str, 1, 5, TimeUnit.MINUTES);
            throw new Exception("您的访问已被限制！");
        }
        this.redisTemplateService.setFrequency("restrict:a" + str, Integer.valueOf(frequency.intValue() + 1), 1, TimeUnit.MINUTES);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1743205606:
                if (implMethodName.equals("getAuthorizerId")) {
                    z = false;
                    break;
                }
                break;
            case -1643398721:
                if (implMethodName.equals("getResourceId")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/geoway/ns/monitor/entity/AccessRoll") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getAuthorizerId();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/geoway/ns/monitor/entity/AccessRoll") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getResourceId();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
