package com.geoway.ns.proxy.service.impl;

import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.digest.MD5;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.geoway.ns.proxy.config.ApplicationYmlConfig;
import com.geoway.ns.proxy.constant.enums.DataServiceType;
import com.geoway.ns.proxy.constant.enums.ResponseExceptionType;
import com.geoway.ns.proxy.constant.enums.ServiceType;
import com.geoway.ns.proxy.constant.enums.VertorTypeEnums;
import com.geoway.ns.proxy.constant.enums.VertorTypeExEnums;
import com.geoway.ns.proxy.dto.ResourceInfoDTO;
import com.geoway.ns.proxy.entity.AuthorizeToken;
import com.geoway.ns.proxy.mapper.AccessRollMapper;
import com.geoway.ns.proxy.mapper.AuthorizeTokenMapper;
import com.geoway.ns.proxy.service.AccessVerifcationService;
import com.geoway.ns.proxy.service.RedisTemplateService;
import com.geoway.ns.proxy.utils.IpVerification;
import com.geoway.ns.proxy.utils.UnityUtils;
import java.lang.invoke.SerializedLambda;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.time.LocalTime;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/geoway/ns/proxy/service/impl/AccessVerifcationServiceImpl.class */
public class AccessVerifcationServiceImpl implements AccessVerifcationService {

    @Value("${xzqLimit:}")
    private String XZQ_LIMITS;

    @Autowired
    private AuthorizeTokenMapper authorizeTokenMapper;

    @Autowired
    private AccessRollMapper rollMapper;

    @Autowired
    private IpVerification ipVerification;

    @Autowired
    private RedisTemplateService redisTemplateService;

    @Autowired
    private ApplicationYmlConfig applicationYmlConfig;

    @Autowired
    private HttpServletRequest request;

    @Override // com.geoway.ns.proxy.service.AccessVerifcationService
    public JSONObject verification(String str, HttpServletRequest httpServletRequest) throws Exception {
        JSONObject jSONObject = new JSONObject();
        new ResourceInfoDTO();
        if (StrUtil.isBlank(str)) {
            throw new Exception("传递的Token为null！");
        }
        AuthorizeToken authorization = getAuthorization(str);
        ResourceInfoDTO resourceInfoDTO = (ResourceInfoDTO) JSON.parseObject(authorization.getParams(), ResourceInfoDTO.class);
        jSONObject.put("status", ResponseExceptionType.NotException.value);
        try {
        } catch (Exception e) {
            resourceInfoDTO.setSourceUrl(authorization.getUrl());
            jSONObject.put("status", ResponseExceptionType.Exception.value);
            jSONObject.put("message", e.getMessage());
        }
        if (authorization.getStatus().intValue() != 0) {
            throw new Exception("token为【" + str + "】不具备访问权限！！！请联系管理员确认是否授权！");
        }
        String url = authorization.getUrl();
        String str2 = (String) httpServletRequest.getAttribute("requestURL");
        String str3 = "verify:" + MD5.create().digestHex(str2);
        if (!this.redisTemplateService.isHasKey(str3).booleanValue()) {
            isOverdue(authorization.getIndate());
            isRoll(authorization.getAuthorizerId());
            verificationOnIp(authorization.getIpScope(), httpServletRequest);
            isFrequency(authorization.getFrequency(), authorization.getToken());
            serviceVerification(str2, url, authorization, resourceInfoDTO);
            this.redisTemplateService.setInfoByBoundValueOps(str3, "", 10, TimeUnit.SECONDS);
        }
        xzqLimit(authorization.getXzqLimit(), authorization.getResourceType());
        resourceInfoDTO.setSourceUrl(getUrl(str2, url));
        jSONObject.put("authorizeToken", authorization);
        jSONObject.put("resultInfo", resourceInfoDTO);
        return jSONObject;
    }

    private void serviceVerification(String str, String str2, AuthorizeToken authorizeToken, ResourceInfoDTO resourceInfoDTO) throws Exception {
        if (ServiceType.MAP.value == authorizeToken.getResourceType().intValue()) {
            String sourceGroupType = resourceInfoDTO.getSourceGroupType();
            if (DataServiceType.verification(Integer.valueOf(sourceGroupType)).booleanValue()) {
                if (DataServiceType.SLWP.value == Integer.valueOf(sourceGroupType)) {
                    mapServerVerify(str, str2, resourceInfoDTO);
                    return;
                }
                return;
            }
        }
        if (!str.contains(authorizeToken.getRelativeUrl())) {
            throw new Exception("地址校验失败！请检查服务地址！");
        }
    }

    private void mapServerVerify(String str, String str2, ResourceInfoDTO resourceInfoDTO) {
        List<Integer> sourceType = resourceInfoDTO.getSourceType();
        List<String> sourceStyle = resourceInfoDTO.getSourceStyle();
        if (!CollectionUtil.isEmpty(sourceStyle)) {
            String parameter = this.request.getParameter("styleId");
            if (StringUtils.isBlank(parameter)) {
                String[] split = UnityUtils.getRealUrlUtil(str, 2).split("/");
                parameter = split[split.length - 1];
            }
            String str3 = parameter;
            if (!sourceStyle.stream().anyMatch(str4 -> {
                return str4.equalsIgnoreCase(str3);
            })) {
                throw new RuntimeException("样式校验失败！请检查样式！");
            }
        }
        Boolean bool = false;
        if (!CollectionUtil.isEmpty(sourceType)) {
            Iterator<Integer> it = sourceType.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (str.contains(VertorTypeEnums.getEnumByValue(it.next().intValue()).rule.replace("serviceName", resourceInfoDTO.getSourceName()))) {
                        bool = true;
                        break;
                    }
                } else {
                    break;
                }
            }
        } else {
            List<String> asList = Arrays.asList(UnityUtils.getRealUrlUtil(str, 2).split("/"));
            List asList2 = Arrays.asList(UnityUtils.getRealUrlUtil(str2, 2).split("/"));
            if (((String) asList2.get(1)).equals(asList.get(1))) {
                for (String str5 : asList) {
                    int indexOf = str5.indexOf(".");
                    if (((String) asList2.get(3)).equals(indexOf < 0 ? str5 : str5.substring(0, indexOf))) {
                        bool = true;
                    }
                }
            }
        }
        if (!bool.booleanValue() && VertorTypeExEnums.verify(UnityUtils.getRealUrlUtil(str, 2), resourceInfoDTO.getSourceName()).booleanValue()) {
            bool = true;
        }
        if (!bool.booleanValue()) {
            throw new RuntimeException("地址校验失败！请检查服务地址！");
        }
    }

    private String getUrl(String str, String str2) {
        return UnityUtils.getRealUrlUtil(str2, 1) + UnityUtils.getRealUrlUtil(str, 3);
    }

    private AuthorizeToken getAuthorization(String str) throws Exception {
        AuthorizeToken authorizeToken = this.redisTemplateService.getAuthorizeToken("authorizers:" + str);
        if (ObjectUtil.isEmpty(authorizeToken)) {
            Wrapper queryWrapper = new QueryWrapper();
            queryWrapper.eq("f_token", str);
            queryWrapper.ne("f_status", 2);
            authorizeToken = (AuthorizeToken) this.authorizeTokenMapper.selectOne(queryWrapper);
            this.redisTemplateService.setAuthorizeToken("authorizers:" + str, authorizeToken);
        }
        if (authorizeToken == null) {
            throw new Exception("不存在token为【" + str + "】的授权用户！！！请联系管理员确认是否授权！");
        }
        return authorizeToken;
    }

    private void isRoll(String str) throws Exception {
        Wrapper lambdaQuery = Wrappers.lambdaQuery();
        lambdaQuery.eq((v0) -> {
            return v0.getAuthorizerId();
        }, str);
        List selectList = this.rollMapper.selectList(lambdaQuery);
        if (selectList.size() > 0 && selectList.stream().filter(accessRoll -> {
            return "all".equals(accessRoll.getAuthorizerId()) || accessRoll.getAuthorizerId().equals(accessRoll.getAuthorizerId());
        }).count() > 0) {
            throw new Exception("您已被列入黑名单！无权访问该服务资源！请联系管理员处理！");
        }
    }

    private void isOverdue(Date date) throws Exception {
        if (date != null) {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy年MM月dd日");
            if (date.before(simpleDateFormat.parse(simpleDateFormat.format(new Date())))) {
                throw new Exception("您的授权已过期！请重新申请！");
            }
        }
    }

    private void isFrequency(String str, String str2) throws Exception {
        if (StringUtils.isNotBlank(str)) {
            verificationAccess(str2);
            for (JSONObject jSONObject : JSONObject.parseArray(str, JSONObject.class)) {
                if (jSONObject.getInteger("value").intValue() != 0 && verifaictionDate(jSONObject.getJSONArray("time"), jSONObject.getString("type"))) {
                    restrict(jSONObject, str2);
                }
            }
        }
    }

    private void xzqLimit(String str, Integer num) {
        if (StringUtils.isNotBlank(str) && ServiceType.MAP.value == num.intValue()) {
            Map map = (Map) JSONObject.parseObject(this.XZQ_LIMITS, Map.class);
            String[] split = str.split("/");
            String str2 = split[split.length - 1];
            String str3 = (String) map.get("filter");
            if ("0000".equals(str2.substring(2))) {
                return;
            }
            map.put("filter", "00".equals(str2.substring(4)) ? str3 + str2.substring(0, 4) : str3 + str2);
            this.request.setAttribute("mask", JSONObject.toJSONString(map));
        }
    }

    private JSONObject getResouceInfo(String str, Integer num) throws Exception {
        JSONObject jSONObject = null;
        String str2 = "resouce:" + num + ":" + str;
        if (this.redisTemplateService.isHasKey(str2).booleanValue()) {
            if (StrUtil.isBlank(this.redisTemplateService.getInfoByBoundValueOps(str2))) {
                throw new Exception("查询服务为空！");
            }
            jSONObject = (JSONObject) JSON.parseObject(this.redisTemplateService.getInfoByBoundValueOps(str2), JSONObject.class);
        }
        return jSONObject;
    }

    private Boolean dataServerParamVerification(Boolean bool, List<String> list, String str, String str2) {
        Map map = (Map) Arrays.asList(str.split("&")).stream().map(str3 -> {
            return str3.split("=");
        }).collect(Collectors.toMap(strArr -> {
            return strArr[0];
        }, strArr2 -> {
            return strArr2[1];
        }));
        String parameter = this.request.getParameter("styleId");
        String parameter2 = this.request.getParameter("tilesize");
        if (StringUtils.isNotBlank(parameter) && !parameter.equals((String) map.get("styleId"))) {
            return false;
        }
        if (StringUtils.isNotBlank(parameter2) && !parameter2.equals((String) map.get("tilesize"))) {
            return false;
        }
        String str4 = (String) map.get("styleId");
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (str4.equals(it.next())) {
                bool = true;
            }
        }
        return bool;
    }

    private void saveOnRedis(JSONObject jSONObject, Integer num) {
        String str = "resouce:" + num + ":" + jSONObject.getString("id");
        if (this.redisTemplateService.isHasKey(str).booleanValue()) {
            return;
        }
        this.redisTemplateService.setInfoByBoundValueOps(str, jSONObject, 3, TimeUnit.MINUTES);
    }

    public void verifaicationReferer(String str, String str2) throws Exception {
        if (StringUtils.isNotBlank(str)) {
            Boolean bool = false;
            if (StringUtils.isNotBlank(str2)) {
                Iterator it = Arrays.asList(str.split(",")).iterator();
                while (it.hasNext()) {
                    if (str2.equals((String) it.next())) {
                        bool = true;
                    }
                }
            }
            if (!bool.booleanValue()) {
                throw new Exception("不具备访问权限！");
            }
        }
    }

    private boolean verifaictionDate(JSONArray jSONArray, String str) throws ParseException {
        if (jSONArray == null || jSONArray.size() <= 0 || StringUtils.isBlank(jSONArray.getString(0)) || StringUtils.isBlank(jSONArray.getString(1))) {
            return true;
        }
        DateTimeFormatter ofPattern = str.equals("HOURS") ? DateTimeFormatter.ofPattern("HH") : DateTimeFormatter.ofPattern("HH:mm");
        LocalTime parse = LocalTime.parse(jSONArray.getString(0), ofPattern);
        LocalTime parse2 = LocalTime.parse(jSONArray.getString(1), ofPattern);
        LocalTime now = LocalTime.now();
        return (now.compareTo(parse) == -1 || parse2.compareTo(now) == -1) ? false : true;
    }

    public void verificationOnIp(String str, HttpServletRequest httpServletRequest) throws Exception {
        if (StrUtil.isBlank(str)) {
            return;
        }
        if (!this.ipVerification.ipExistsInRange(httpServletRequest.getRemoteAddr(), str)) {
            throw new Exception("您的IP地址禁止访问该服务！");
        }
    }

    private void verificationAccess(String str) throws Exception {
        if (this.redisTemplateService.isHasKey("restrictBlack:" + str).booleanValue()) {
            throw new Exception("您的访问已被限制！");
        }
    }

    private void restrict(JSONObject jSONObject, String str) throws Exception {
        String string = jSONObject.getString("type");
        if ("MINUTES".equals(string)) {
            saveAuthorizer(str, jSONObject.getInteger("value"), TimeUnit.MINUTES);
        } else if ("HOURS".equals(string)) {
            saveAuthorizer(str, jSONObject.getInteger("value"), TimeUnit.HOURS);
        } else if ("DAY".equals(string)) {
            saveAuthorizer(str, jSONObject.getInteger("value"), TimeUnit.DAYS);
        }
    }

    private void saveAuthorizer(String str, Integer num, TimeUnit timeUnit) throws Exception {
        Integer frequency = this.redisTemplateService.getFrequency("restrict:" + str);
        long epochSecond = LocalDateTime.of(LocalDate.now().plusDays(1L), LocalTime.MIN).toInstant(ZoneOffset.of("+8")).getEpochSecond() - LocalDateTime.now().toEpochSecond(ZoneOffset.of("+8"));
        if (frequency == null) {
            frequency = 0;
        } else if (frequency.intValue() >= num.intValue()) {
            this.redisTemplateService.setFrequency("restrictBlack:" + str, 1, Long.valueOf(timeUnit == TimeUnit.DAYS ? epochSecond : 10L), timeUnit == TimeUnit.DAYS ? TimeUnit.SECONDS : TimeUnit.MINUTES);
            throw new Exception("您的访问已被限制！");
        }
        this.redisTemplateService.setFrequency("restrict:" + str, Integer.valueOf(frequency.intValue() + 1), Long.valueOf(timeUnit == TimeUnit.DAYS ? epochSecond : 1L), timeUnit == TimeUnit.DAYS ? TimeUnit.SECONDS : timeUnit);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1743205606:
                if (implMethodName.equals("getAuthorizerId")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/geoway/ns/proxy/entity/AccessRoll") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getAuthorizerId();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
