package cc.chensoul.rose.mybatis.tenant.filter;

import cc.chensoul.rose.core.spring.WebUtils;
import cc.chensoul.rose.core.util.RestResponse;
import cc.chensoul.rose.mybatis.tenant.util.TenantContextHolder;
import cc.chensoul.rose.security.util.SecurityUser;
import cc.chensoul.rose.security.util.SecurityUtils;
import java.io.IOException;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:cc/chensoul/rose/mybatis/tenant/filter/TenantSecurityFilter.class */
public class TenantSecurityFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(TenantSecurityFilter.class);
    private static final AntPathMatcher pathMatcher = new AntPathMatcher();
    private final Set<String> ignoreUrls;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String tenantId = TenantContextHolder.getTenantId();
        if (isIgnoreUrl(httpServletRequest)) {
            if (tenantId == null) {
                TenantContextHolder.setIgnore(true);
            }
        } else if (tenantId == null) {
            log.error("[doFilterInternal][URL({}/{}) 未传递租户编号]", httpServletRequest.getRequestURI(), httpServletRequest.getMethod());
            WebUtils.renderJson(HttpStatus.FORBIDDEN.value(), RestResponse.error("请求的租户标识未传递"));
            return;
        }
        SecurityUser currentUser = SecurityUtils.getCurrentUser();
        if (currentUser != null) {
            if (tenantId == null) {
                TenantContextHolder.setTenantId((String) currentUser.getTenants().get(0));
            } else if (!currentUser.getTenants().contains(TenantContextHolder.getTenantId())) {
                log.error("用户{}越权访问租户({}) URL({}/{})]", new Object[]{currentUser.getUsername(), TenantContextHolder.getTenantId(), httpServletRequest.getRequestURI(), httpServletRequest.getMethod()});
                WebUtils.renderJson(HttpStatus.FORBIDDEN.value(), RestResponse.error("您无权访问该租户的数据"));
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean isIgnoreUrl(HttpServletRequest httpServletRequest) {
        if (!this.ignoreUrls.contains(httpServletRequest.getRequestURI())) {
            return true;
        }
        Iterator<String> it = this.ignoreUrls.iterator();
        while (it.hasNext()) {
            if (pathMatcher.match(it.next(), httpServletRequest.getRequestURI())) {
                return true;
            }
        }
        return false;
    }

    public TenantSecurityFilter(Set<String> set) {
        this.ignoreUrls = set;
    }
}
