package com.ebaiyihui.gateway.filter;

import com.alibaba.druid.support.profile.Profiler;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.ebaiyihui.common.token.TokenJson;
import com.ebaiyihui.framework.response.BaseResponse;
import com.ebaiyihui.framework.response.IError;
import com.ebaiyihui.gateway.common.Constants;
import com.ebaiyihui.gateway.config.AuthorityConfig;
import com.ebaiyihui.gateway.config.RequestWrapper;
import com.ebaiyihui.gateway.enums.ErrorEnum;
import com.ebaiyihui.gateway.service.AuthFeignClientAPI;
import com.ebaiyihui.gateway.service.LoginCheck;
import com.netflix.eureka.ServerRequestAuthFilter;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Component;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.RestTemplate;

@RefreshScope
@Component
/* loaded from: input_file:BOOT-INF/classes/com/ebaiyihui/gateway/filter/AuthorityFilter.class */
public class AuthorityFilter extends ZuulFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthorityFilter.class);
    public static final String LY_NODE = "LYCITYYS";
    public static final String DOCTOR_WEB = "doctor_web";
    public static final String CLOUD = "cloud";

    @Autowired
    private AuthorityConfig authorityConfig;

    @Autowired
    private LoginCheck loginCheckToken;

    @Autowired
    private AuthFeignClientAPI authFeignClientAPI;

    @Override // com.netflix.zuul.IZuulFilter
    public boolean shouldFilter() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        if (currentContext.getBoolean(Constants.ILLEGAL_PARAM_FILTER_FLAG, Boolean.FALSE.booleanValue())) {
            return false;
        }
        HttpServletRequest request = currentContext.getRequest();
        boolean isEnabled = this.authorityConfig.isEnabled();
        List<String> whiteIpList = this.authorityConfig.getWhiteIpList();
        List<String> ignoreUrlList = this.authorityConfig.getIgnoreUrlList();
        String ipAddress = getIpAddress(request);
        String urlAddress = getUrlAddress(request);
        log.info("请求来源的ip地址:{},请求来源的URL:{}", ipAddress, urlAddress);
        log.info("请求来源的appCode:{}", request.getHeader(Constants.APP_CODE));
        String[] split = ipAddress.split(",");
        if (ipAddress.length() > 0) {
            ipAddress = split[0];
        }
        if (whiteIpList.contains(ipAddress)) {
            currentContext.set("isWhiteIp", true);
        }
        boolean contains = ignoreUrlList.contains(urlAddress);
        if (isEnabled && !whiteIpList.contains(ipAddress) && !contains) {
            currentContext.addZuulResponseHeader("X-Logged-In", "true");
            return true;
        }
        log.info("白名单ip或开放的接口调用 -> 请求方式:{},请求url:{}", request.getMethod(), request.getRequestURL().toString());
        currentContext.addZuulResponseHeader("X-Logged-In", "false");
        return false;
    }

    @Override // com.netflix.zuul.IZuulFilter
    public Object run() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        log.info("进入登录拦截检验 -> 请求方式:{},请求url:{}", request.getMethod(), request.getRequestURL().toString());
        String header = request.getHeader(Constants.CLOUD_AUTH);
        String header2 = request.getHeader(Constants.CLOUD_TOKEN);
        String header3 = request.getHeader(Constants.ACCESS_TOKEN);
        String header4 = request.getHeader(Constants.APP_CHANNEL);
        String header5 = request.getHeader(Constants.CHANNEL_SOURCE);
        String header6 = request.getHeader(CLOUD);
        log.info("角色端:[{}],超管检验头cloudAuth:[{}],医生校验头appChannel:[{}]", header5, header, header4);
        if (StringUtils.isNotBlank(header6) && CLOUD.equals(header6)) {
            log.info("认证中心超管登录");
            this.authFeignClientAPI.validToken(header2);
        } else if (StringUtils.isNotEmpty(header) && Constants.CLOUD_AUTH.equals(header)) {
            log.info("云端校验超管,token:[{}]", header2);
            checkCloudAuth(currentContext, header2);
        } else if (StringUtils.isNotEmpty(header5) && Constants.INTEGRATED_MANAGEMENT.equalsIgnoreCase(header5)) {
            log.info("节点校验管理员,channelSource:{},token:[{}]", header5, header2);
            checkNodeAuth(currentContext, header2, true);
        } else if (StringUtils.isNotEmpty(header5) && Constants.LARGE_TERMINAL.equalsIgnoreCase(header5)) {
            log.info("节点校验患者,accessToken:[{}]", header3);
            checkNodeAuth(currentContext, header3 == null ? header2 : header3, false);
        } else {
            log.info("云端校验医生,token:[{}]", header2);
            checkCloudDoctor(currentContext, header2);
        }
        if (currentContext.getBoolean("isWhiteIp")) {
            return null;
        }
        validateDataSign(currentContext, request);
        return null;
    }

    private void validateDataSign(RequestContext requestContext, HttpServletRequest httpServletRequest) {
        String str;
        httpServletRequest.getHeader(Constants.CHANNEL_SOURCE);
        httpServletRequest.getHeader(Constants.APP_CHANNEL);
        httpServletRequest.getHeader(Constants.CLOUD_AUTH);
        httpServletRequest.getHeader(Constants.APP_CODE);
        String header = httpServletRequest.getHeader("signMsg");
        log.info("前端传递sign->{}", header);
        if (StringUtils.isBlank(header)) {
            requestContext.getResponse().setContentType("text/html;charset=utf-8");
            requestContext.setSendZuulResponse(false);
            requestContext.setResponseStatusCode(200);
            requestContext.setResponseBody("{\"data\":\"unauthorized\",\"code\":1110004, \"msg\":\"数据签名校验失败\"}");
            return;
        }
        String body = new RequestWrapper(httpServletRequest).getBody();
        String paramOfMethodGet = getParamOfMethodGet(httpServletRequest);
        if (StringUtils.isNotBlank(paramOfMethodGet)) {
            str = paramOfMethodGet;
            log.info("get请求参数：" + str);
            try {
                str = URLDecoder.decode(str, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                log.error("解码参数异常： " + e.getMessage());
            }
        } else {
            str = body;
            log.info("post请求参数：" + str);
            if (str.contains("=") && !str.contains(":")) {
                str = convertParam(str);
                log.info("post请求参数 convertParam后 ：" + str);
                try {
                    str = URLDecoder.decode(str, "UTF-8");
                    log.info("post请求参数 URLDecoder后 ：" + str);
                } catch (UnsupportedEncodingException e2) {
                    log.error("解码参数异常： " + e2.getMessage());
                }
            }
            if (StringUtils.isNotBlank(httpServletRequest.getContentType()) && httpServletRequest.getContentType().contains("multipart")) {
                str = "";
            }
        }
        if (StringUtils.isNotBlank(str)) {
            String str2 = null;
            try {
                log.info("md5参数加密前原文 => {}", str);
                str2 = md5(str);
            } catch (Exception e3) {
                log.error("md5参数加密失败 => {}", e3.getMessage());
            }
            if (str2.equals(header)) {
                log.info("参数签名校验成功： sign->{}", header);
                return;
            }
            log.info("参数签名校验失败： 传参为->{},  计算得到的结果sign->{},  前端传递sign->{}", str, str2, header);
            requestContext.getResponse().setContentType("text/html;charset=utf-8");
            requestContext.setSendZuulResponse(false);
            requestContext.setResponseStatusCode(200);
            requestContext.setResponseBody("{\"data\":\"unauthorized\",\"code\":1110004, \"msg\":\"数据签名校验失败\"}");
        }
    }

    private String md5(String str) {
        String md5Hex = DigestUtils.md5Hex(str);
        String substring = md5Hex.substring(0, 12);
        String substring2 = md5Hex.substring(12, md5Hex.length());
        return DigestUtils.md5Hex(md5Hex.substring(md5Hex.length() - 10) + substring2.substring(0, substring2.length() - 10) + substring);
    }

    public static String getParamOfMethodGet(HttpServletRequest httpServletRequest) {
        return null == httpServletRequest.getQueryString() ? "" : convertParam(URLDecoder.decode(httpServletRequest.getQueryString()));
    }

    public static String convertParam(String str) {
        String[] split = str.split(BeanFactory.FACTORY_BEAN_PREFIX);
        Arrays.sort(split);
        JSONObject jSONObject = new JSONObject(true);
        for (int i = 0; i < split.length; i++) {
            String str2 = split[i].split("=")[0];
            if (split[i].split("=").length > 1) {
                jSONObject.put(str2, (Object) split[i].split("=")[1]);
            } else {
                jSONObject.put(str2, (Object) "");
            }
        }
        return StringEscapeUtils.unescapeJavaScript(jSONObject.toString());
    }

    @Override // com.netflix.zuul.ZuulFilter
    public String filterType() {
        return FilterConstants.PRE_TYPE;
    }

    @Override // com.netflix.zuul.ZuulFilter
    public int filterOrder() {
        return 0;
    }

    public static String getIpAddress(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("WL-Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("HTTP_CLIENT_IP");
        }
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getRemoteAddr();
        }
        return header;
    }

    private String getUrlAddress(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI();
    }

    private void checkNodeAuth(RequestContext requestContext, String str, boolean z) {
        BaseResponse baseResponse = new BaseResponse();
        HttpServletResponse response = requestContext.getResponse();
        if (StringUtils.isBlank(str)) {
            log.info("获取accessToken 空");
            requestContext.setSendZuulResponse(false);
            response.setContentType("text/html;charset=utf-8");
            requestContext.setResponseStatusCode(HttpStatus.OK.value());
            baseResponse.setCode(ErrorEnum.NO_PERMISSION.getErrCode());
            baseResponse.setMsg("获取登录信息失败,请稍后再试,或联系管理员");
            requestContext.setResponseBody(JSON.toJSONString(baseResponse));
            return;
        }
        BaseResponse check = this.loginCheckToken.check(str);
        log.info("调用节点用户中心校验登录返回数据:{}", JSON.toJSONString(check));
        log.info("getCode-->{}", check.getCode());
        if (ErrorEnum.FEIGN_FAIL.getErrCode().equals(check.getCode())) {
            log.info("调用用户中心token失败");
            requestContext.setSendZuulResponse(false);
            response.setContentType("text/html;charset=utf-8");
            requestContext.setResponseStatusCode(HttpStatus.INTERNAL_SERVER_ERROR.value());
            requestContext.setResponseBody(JSON.toJSONString(BaseResponse.error(IError.FEIGN_FAIL, "调用用户中心校验Token异常")));
        } else if (!check.isSuccess()) {
            requestContext.setSendZuulResponse(false);
            response.setContentType("text/html;charset=utf-8");
            requestContext.setResponseStatusCode(HttpStatus.OK.value());
            baseResponse.setCode(ErrorEnum.NO_PERMISSION.getErrCode());
            baseResponse.setMsg(check.getMsg());
            requestContext.setResponseBody(JSON.toJSONString(baseResponse));
        }
        if (z) {
            saveLoggingStored(check, requestContext);
        }
    }

    private void checkCloudAuth(RequestContext requestContext, String str) {
        BaseResponse baseResponse = new BaseResponse();
        HttpServletResponse response = requestContext.getResponse();
        if (StringUtils.isBlank(str)) {
            log.info("获取超管端cloudToken 空");
            requestContext.setSendZuulResponse(false);
            response.setContentType("text/html;charset=utf-8");
            requestContext.setResponseStatusCode(HttpStatus.OK.value());
            baseResponse.setCode(ErrorEnum.NO_PERMISSION.getErrCode());
            baseResponse.setMsg("获取登录信息失败,请稍后再试,或联系管理员");
            requestContext.setResponseBody(JSON.toJSONString(baseResponse));
            return;
        }
        RestTemplate restTemplate = new RestTemplate();
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add(Constants.CLOUD_TOKEN, str);
        BaseResponse baseResponse2 = (BaseResponse) restTemplate.postForObject(this.authorityConfig.getSuperAdminAuthUrl(), new HttpEntity(linkedMultiValueMap, httpHeaders), baseResponse.getClass(), new Object[0]);
        log.info("调用云上校验超管登录返回数据:{}", JSON.toJSONString(baseResponse2));
        if (Objects.isNull(baseResponse2) || ErrorEnum.SYSYTEM_UNKNOW.getErrCode().equals(baseResponse2.getErrCode())) {
            requestContext.setSendZuulResponse(false);
            response.setContentType("text/html;charset=utf-8");
            baseResponse.setCode(ErrorEnum.NO_PERMISSION.getErrCode());
            requestContext.setResponseStatusCode(HttpStatus.OK.value());
            baseResponse.setMsg(ErrorEnum.SYSYTEM_UNKNOW.getMsg());
            requestContext.setResponseBody(JSON.toJSONString(baseResponse));
        } else if (ErrorEnum.NO_PERMISSION.getErrCode().equals(baseResponse2.getErrCode())) {
            requestContext.setSendZuulResponse(false);
            response.setContentType("text/html;charset=utf-8");
            baseResponse.setCode(ErrorEnum.NO_PERMISSION.getErrCode());
            requestContext.setResponseStatusCode(HttpStatus.OK.value());
            baseResponse.setMsg(baseResponse2.getMsg());
            requestContext.setResponseBody(JSON.toJSONString(baseResponse));
        }
        saveLoggingStored(baseResponse2, requestContext);
    }

    private void checkCloudDoctor(RequestContext requestContext, String str) {
        BaseResponse baseResponse = new BaseResponse();
        HttpServletResponse response = requestContext.getResponse();
        if (StringUtils.isBlank(str)) {
            log.info("获取doctorAccessToken失败 空");
            requestContext.setSendZuulResponse(false);
            response.setContentType("text/html;charset=utf-8");
            requestContext.setResponseStatusCode(HttpStatus.OK.value());
            baseResponse.setCode(ErrorEnum.NO_PERMISSION.getErrCode());
            baseResponse.setMsg("获取登录信息失败,请稍后再试,或联系管理员");
            requestContext.setResponseBody(JSON.toJSONString(baseResponse));
            log.info("云上权限校验完毕,返回数据:{}", requestContext.toString());
            return;
        }
        RestTemplate restTemplate = new RestTemplate();
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON_UTF8);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(Constants.CLOUD_TOKEN, (Object) str);
        jSONObject.put(Constants.CUSTOMER_FLAG, (Object) "false");
        jSONObject.put("channelCode", (Object) "byh_node_gateWay");
        HttpEntity httpEntity = new HttpEntity(jSONObject, httpHeaders);
        log.info("调用云上校验医生,发起请求Url:" + this.authorityConfig.getCloudDoctorAuthUrl());
        BaseResponse baseResponse2 = (BaseResponse) restTemplate.postForObject(this.authorityConfig.getCloudDoctorAuthUrl(), httpEntity, baseResponse.getClass(), new Object[0]);
        log.info("调用云上校验医生登录返回数据:{}", JSON.toJSONString(baseResponse2));
        if (Objects.isNull(baseResponse2) || ErrorEnum.SYSYTEM_UNKNOW.getErrCode().equals(baseResponse2.getErrCode())) {
            requestContext.setSendZuulResponse(false);
            response.setContentType("text/html;charset=utf-8");
            baseResponse.setCode(ErrorEnum.NO_PERMISSION.getErrCode());
            requestContext.setResponseStatusCode(HttpStatus.OK.value());
            baseResponse.setMsg(ErrorEnum.SYSYTEM_UNKNOW.getMsg());
            requestContext.setResponseBody(JSON.toJSONString(baseResponse));
        } else if (!baseResponse2.isSuccess()) {
            requestContext.setSendZuulResponse(false);
            response.setContentType("text/html;charset=utf-8");
            baseResponse.setCode(ErrorEnum.NO_PERMISSION.getErrCode());
            requestContext.setResponseStatusCode(HttpStatus.OK.value());
            baseResponse.setMsg(baseResponse2.getMsg());
            requestContext.setResponseBody(JSON.toJSONString(baseResponse));
        }
        saveLoggingStored(baseResponse2, requestContext);
    }

    private void saveLoggingStored(BaseResponse baseResponse, RequestContext requestContext) {
        if (!"1".equals(baseResponse.getCode().toString()) || "true".equals(baseResponse.getData().toString())) {
            return;
        }
        requestContext.getRequest();
        Map map = (Map) JSON.parseObject(((Map) JSON.parseObject(JSON.toJSONString(baseResponse.getData()), Map.class)).get("tokenJson").toString(), Map.class);
        TokenJson tokenJson = new TokenJson();
        if (Objects.equals("APP", map.get("deviceType").toString()) || Objects.equals(Profiler.PROFILE_TYPE_WEB, map.get("deviceType").toString())) {
            tokenJson.setName("医生端");
            tokenJson.setAccountNo(map.get("accountId").toString());
        } else {
            tokenJson.setName(map.get("name").toString());
            tokenJson.setAccountNo(map.get("accountNo").toString());
        }
        this.loginCheckToken.loggingStored(tokenJson, requestContext, this.authorityConfig.getCloudDoctorAuthUrl());
    }
}
