package io.gitee.malbolge.auth.service;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.StrUtil;
import io.gitee.malbolge.annotation.AutoSpi;
import io.gitee.malbolge.api.SpringApi;
import io.gitee.malbolge.auth.AuthConfig;
import io.gitee.malbolge.basic.exception.BusinessException;
import io.gitee.malbolge.model.UserSession;
import io.gitee.malbolge.orm.AppendDataSource;
import io.gitee.malbolge.servlet.HttpInterceptor;
import io.gitee.malbolge.session.SessionInterceptor;
import io.gitee.malbolge.util.JsonUtil;
import io.gitee.malbolge.util.RedisUtil;
import jakarta.annotation.Resource;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.springframework.beans.factory.InitializingBean;

@AutoSpi(HttpInterceptor.class)
/* loaded from: input_file:io/gitee/malbolge/auth/service/ApiVerifyInterceptor.class */
public class ApiVerifyInterceptor extends HttpInterceptor implements InitializingBean, AppendDataSource {
    private final Map<String, String> mapping = new HashMap();

    @Resource
    private AuthConfig config;

    @Resource
    private SysAuthService authService;

    protected void intercept() throws Exception {
        List<String> queryApiGrantRoleIds;
        if (StrUtil.isNotBlank(this.config.getApiVerifySource())) {
            UserSession session = getSession();
            if (session.isLogin() && !session.isSuperUser()) {
                String requestPath = requestPath();
                String str = RedisUtil.hash.get("auth:apis", requestPath);
                if (StrUtil.isNotBlank(str)) {
                    queryApiGrantRoleIds = (List) JsonUtil.read(str, JsonUtil.ls);
                } else {
                    queryApiGrantRoleIds = this.authService.queryApiGrantRoleIds(requestPath);
                    RedisUtil.hash.put("auth:apis", requestPath, JsonUtil.toString(queryApiGrantRoleIds));
                }
                if (CollUtil.isNotEmpty(queryApiGrantRoleIds)) {
                    if (!CollUtil.containsAny(queryApiGrantRoleIds, session.getExtendRoleIds())) {
                        throw new BusinessException(-106, "接口未授权：" + SpringApi.projectName() + " " + requestPath);
                    }
                }
            }
        }
        next();
    }

    public Set<Class<? extends HttpInterceptor>> after() {
        return Set.of(SessionInterceptor.class);
    }

    public void afterPropertiesSet() {
        String apiVerifySource = this.config.getApiVerifySource();
        if (StrUtil.isNotBlank(apiVerifySource)) {
            this.mapping.putIfAbsent(apiVerifySource, null);
        }
    }

    public Map<String, String> appendMapping() {
        return this.mapping;
    }
}
