package com.geoway.jckj.biz.aspect;

import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.geoway.jckj.biz.entity.SysTenant;
import com.geoway.jckj.biz.service.sys.impl.SysMenuServiceImpl;
import com.geoway.jckj.biz.util.TenantUtil;
import com.geoway.sso.client.annotation.RequireAuth;
import com.geoway.sso.client.enums.RoleLevelEnum;
import com.geoway.sso.client.rpc.SsoUser;
import com.geoway.sso.client.util.CommonLoginUserUtil;
import com.geoway.sso.client.util.HttpServletUtil;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletResponse;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;

@Aspect
@Service
@ConditionalOnExpression("#{T(com.geoway.sso.client.constant.SystemConstant).IS_SERVER}")
/* loaded from: input_file:com/geoway/jckj/biz/aspect/RequireAuthAspect.class */
public class RequireAuthAspect {
    private static final Logger log = LoggerFactory.getLogger(RequireAuthAspect.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.geoway.jckj.biz.aspect.RequireAuthAspect$1, reason: invalid class name */
    /* loaded from: input_file:com/geoway/jckj/biz/aspect/RequireAuthAspect$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$geoway$sso$client$enums$RoleLevelEnum = new int[RoleLevelEnum.values().length];

        static {
            try {
                $SwitchMap$com$geoway$sso$client$enums$RoleLevelEnum[RoleLevelEnum.superAdmin.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$geoway$sso$client$enums$RoleLevelEnum[RoleLevelEnum.tenantAdmin.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @Pointcut("@within(com.geoway.sso.client.annotation.RequireAuth)")
    public void authClassPointCut() {
    }

    @Before("authClassPointCut()")
    public void beforeClassExec(JoinPoint joinPoint) {
        excute(joinPoint);
    }

    @Pointcut("@annotation(com.geoway.sso.client.annotation.RequireAuth)")
    public void authMethodPointCut() {
    }

    @Before("authMethodPointCut()")
    public void beforeMethodExec(JoinPoint joinPoint) {
        excute(joinPoint);
    }

    private void excute(JoinPoint joinPoint) {
        RequireAuth annotationAuth = getAnnotationAuth(joinPoint);
        if (annotationAuth == null || annotationAuth.roleLevel() == RoleLevelEnum.None) {
            return;
        }
        SsoUser user = CommonLoginUserUtil.getUser();
        if (user == null) {
            markLoginResponse("用户无权限访问");
            return;
        }
        switch (AnonymousClass1.$SwitchMap$com$geoway$sso$client$enums$RoleLevelEnum[annotationAuth.roleLevel().ordinal()]) {
            case SysMenuServiceImpl.m_relPath /* 1 */:
                if (!user.getUserCatalog().equals(Integer.valueOf(RoleLevelEnum.superAdmin.getValue()))) {
                    throw new RuntimeException("用户无权限访问,需系统管理员权限");
                }
                return;
            case SysMenuServiceImpl.m_absPath /* 2 */:
                if (user.getUserCatalog().intValue() > RoleLevelEnum.tenantAdmin.getValue()) {
                    throw new RuntimeException("用户无权限访问,需管理员权限");
                }
                SysTenant tenant = TenantUtil.getTenant();
                if (tenant.getId().equals("0")) {
                    if (!user.getUserCatalog().equals(Integer.valueOf(RoleLevelEnum.superAdmin.getValue()))) {
                        throw new RuntimeException("用户无权限访问,需系统管理员权限");
                    }
                    return;
                } else {
                    if (!tenant.getUsers().stream().anyMatch(sysUser -> {
                        return sysUser.getId().equals(user.getUserid());
                    })) {
                        throw new RuntimeException("用户无权限访问,需管理员权限");
                    }
                    return;
                }
            default:
                return;
        }
    }

    private RequireAuth getAnnotationAuth(JoinPoint joinPoint) {
        MethodSignature signature = joinPoint.getSignature();
        Method method = signature.getMethod();
        RequireAuth requireAuth = null;
        if (method != null) {
            requireAuth = (RequireAuth) method.getAnnotation(RequireAuth.class);
        }
        if (requireAuth != null) {
            return requireAuth;
        }
        Class declaringType = signature.getDeclaringType();
        if (declaringType != null) {
            requireAuth = (RequireAuth) declaringType.getAnnotation(RequireAuth.class);
        }
        return requireAuth;
    }

    private void markLoginResponse(String str) {
        try {
            HttpServletResponse response = HttpServletUtil.getResponse();
            response.setStatus(HttpStatus.OK.value());
            response.setContentType("application/json");
            response.setCharacterEncoding("UTF-8");
            response.setHeader("Cache-Control", "no-cache, must-revalidate");
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("code", 2100);
            jSONObject.put("status", "NEEDLOGIN");
            jSONObject.put("message", "无效token或token已过期");
            if (StrUtil.isNotEmpty(str)) {
                jSONObject.put("message", str);
            }
            response.getOutputStream().write(JSON.toJSONString(jSONObject, new SerializerFeature[]{SerializerFeature.WriteNullStringAsEmpty}).getBytes());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
