package com.ifourthwall.web.security.shiro;

import com.ifourthwall.common.CacheKeyDecorator;
import com.ifourthwall.common.base.IFWModule;
import com.ifourthwall.common.base.IFWUser;
import com.ifourthwall.common.security.TokenUtils;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.dao.InvalidResourceUsageException;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.data.redis.core.RedisTemplate;

/* loaded from: input_file:BOOT-INF/lib/ifourthwall-web-1.31.0.jar:com/ifourthwall/web/security/shiro/AuthRealm.class */
public class AuthRealm extends AuthorizingRealm {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthRealm.class);

    @Autowired
    private RedisTemplate redisTemplate;

    @Autowired
    private Environment env;
    private static final long DEFAULT_EXPIRED_TIME = 30;
    public static final String MATCH_ALL_URIS = "/*";
    private String[] excludeUrls;

    @Override // org.apache.shiro.realm.AuthenticatingRealm, org.apache.shiro.realm.Realm
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof AuthToken;
    }

    @Override // org.apache.shiro.realm.AuthorizingRealm
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }

    @Override // org.apache.shiro.realm.AuthenticatingRealm
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        String str = (String) authenticationToken.getPrincipal();
        String tokenFromBasicToken = TokenUtils.getTokenFromBasicToken(str);
        Object obj = this.redisTemplate.opsForValue().get(CacheKeyDecorator.getUserInfoKey(tokenFromBasicToken));
        if (obj == null) {
            log.warn("当前访问用户:{}登陆过期或未登陆", tokenFromBasicToken);
            throw new IncorrectCredentialsException("登陆过期或未登陆.");
        }
        if (auditURI(((AuthToken) authenticationToken).getUri(), (IFWUser) obj)) {
            log.info("当前访问用户已被授权");
            return new SimpleAuthenticationInfo(tokenFromBasicToken, str, getName());
        }
        log.warn("当前访问用户未被授权，无访问{}权限", ((AuthToken) authenticationToken).getUri());
        throw new InvalidResourceUsageException("无接口访问权限");
    }

    private boolean auditURI(String str, IFWUser iFWUser) {
        if (isExclude(str)) {
            return true;
        }
        Object obj = this.redisTemplate.opsForValue().get(CacheKeyDecorator.getModulesAuthenticationKey(iFWUser.getUserId()));
        if (obj == null) {
            return false;
        }
        List list = (List) obj;
        if (!CollectionUtils.isEmpty(list)) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                if (StringUtils.equals(((IFWModule) it.next()).getModuleUrl(), str)) {
                    return true;
                }
            }
        }
        log.warn("{}无访问{}的权限.", iFWUser.getLoginName(), str);
        return false;
    }

    private boolean isExclude(String str) {
        if (this.excludeUrls == null) {
            this.excludeUrls = StringUtils.split(this.env.getProperty("ifw.auth.exclude.urls"), ",");
        }
        if (ArrayUtils.contains(this.excludeUrls, str)) {
            return true;
        }
        if (this.excludeUrls == null) {
            return false;
        }
        for (String str2 : this.excludeUrls) {
            if (StringUtils.equals(str2, MATCH_ALL_URIS)) {
                return true;
            }
            if (StringUtils.endsWith(str2, MATCH_ALL_URIS) && StringUtils.startsWith(str, StringUtils.substringBefore(str2, MATCH_ALL_URIS))) {
                return true;
            }
        }
        return false;
    }
}
