package com.byh.zuul.filter;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.byh.zuul.config.AuthorityConfig;
import com.byh.zuul.config.RequestWrapper;
import com.byh.zuul.dao.TokenJson;
import com.byh.zuul.enums.Constants;
import com.byh.zuul.enums.ErrorEnum;
import com.byh.zuul.feign.CloudValidFeignClient;
import com.byh.zuul.service.IgnoreService;
import com.byh.zuul.utils.RedisUtil;
import com.doctoruser.api.pojo.vo.TokenCheckReqVO;
import com.ebaiyihui.framework.response.BaseResponse;
import com.ebaiyihui.sysinfocloudclient.SuperAdminClient;
import com.netflix.eureka.ServerRequestAuthFilter;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants;
import org.springframework.stereotype.Component;

@RefreshScope
@Component
/* loaded from: input_file:BOOT-INF/classes/com/byh/zuul/filter/MyFilter.class */
public class MyFilter extends ZuulFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MyFilter.class);
    public static final String CLOUD_AUTH = "cloudAuth";
    public static final String INTEGRATED_MANAGEMENT = "integratedManagement";
    public static final String LARGE_TERMINAL = "largeTerminal";
    public static final String DOCTOR_WEB = "doctor_web";
    public static final String CHANNEL_SOURCE = "channelSource";
    public static final String APP_CHANNEL = "appChannel";
    public static final String LR_NODE = "LR";
    public static final String YCRMYY_NODE = "YCRMYY";
    public static final String NCEFY_NODE = "NCEFY";
    public static final String APP_CODE = "appCode";

    @Autowired
    private SuperAdminClient superAdminClient;

    @Autowired
    private CloudValidFeignClient cloudValidFeignClient;

    @Autowired
    private AuthorityConfig authorityConfig;

    @Autowired
    private IgnoreService ignoreService;

    @Override // com.netflix.zuul.ZuulFilter
    public String filterType() {
        return FilterConstants.PRE_TYPE;
    }

    @Override // com.netflix.zuul.ZuulFilter
    public int filterOrder() {
        return 0;
    }

    @Override // com.netflix.zuul.IZuulFilter
    public boolean shouldFilter() {
        List<String> parseArray;
        List<String> parseArray2;
        HttpServletRequest request = RequestContext.getCurrentContext().getRequest();
        String str = RedisUtil.get(Constants.IGNOREIPLIST_KEY);
        log.info("whiteIpString:{}", str);
        if (StringUtils.isEmpty(str)) {
            parseArray = this.authorityConfig.getWhiteIpList();
            RedisUtil.set(Constants.IGNOREIPLIST_KEY, JSON.toJSONString(parseArray));
        } else {
            parseArray = JSON.parseArray(str, String.class);
        }
        String str2 = RedisUtil.get(Constants.IGNOREURLLIST_KEY);
        log.info("whiteUrlSltring:{}", str2);
        if (StringUtils.isNotEmpty(str2)) {
            parseArray2 = this.authorityConfig.getIgnoreUrlList();
            RedisUtil.set(Constants.IGNOREURLLIST_KEY, JSON.toJSONString(parseArray2));
        } else {
            parseArray2 = JSON.parseArray(str2, String.class);
        }
        String ipAddress = getIpAddress(request);
        String urlAddress = getUrlAddress(request);
        log.info("请求来源的ip地址:{},请求来源的URL:{}", ipAddress, urlAddress);
        boolean contains = parseArray.contains(ipAddress);
        boolean contains2 = parseArray2.contains(urlAddress);
        if (!contains && !contains2) {
            return true;
        }
        log.info("白名单IP内的URL调用: [{}]", request.getMethod() + ", " + request.getRequestURL().toString());
        return false;
    }

    @Override // com.netflix.zuul.IZuulFilter
    public Object run() {
        RequestContext currentContext = RequestContext.getCurrentContext();
        HttpServletRequest request = currentContext.getRequest();
        log.info(String.format("%s >>> %s", request.getMethod(), request.getRequestURL().toString()));
        if ("true".equals(request.getAttribute("auth"))) {
            log.info("不需要验证--------------------------------------------------");
            currentContext.addZuulResponseHeader("X-Logged-In", "false");
            return null;
        }
        validateToken(currentContext, request);
        validateDataSign(currentContext, request);
        return null;
    }

    private void validateDataSign(RequestContext requestContext, HttpServletRequest httpServletRequest) {
        String str;
        Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String nextElement = headerNames.nextElement();
            log.info(nextElement + ":" + httpServletRequest.getHeader(nextElement));
        }
        httpServletRequest.getHeader(CHANNEL_SOURCE);
        httpServletRequest.getHeader(APP_CHANNEL);
        httpServletRequest.getHeader(CLOUD_AUTH);
        httpServletRequest.getHeader(APP_CODE);
        String header = httpServletRequest.getHeader("signMsg");
        if (StringUtils.isBlank(header)) {
            requestContext.getResponse().setContentType("text/html;charset=utf-8");
            requestContext.setSendZuulResponse(false);
            requestContext.setResponseStatusCode(200);
            requestContext.setResponseBody("{\"data\":\"unauthorized\",\"code\":1110004, \"msg\":\"数据签名校验失败\"}");
            return;
        }
        String body = new RequestWrapper(httpServletRequest).getBody();
        String paramOfMethodGet = getParamOfMethodGet(httpServletRequest);
        if (StringUtils.isNotBlank(paramOfMethodGet)) {
            str = paramOfMethodGet;
            try {
                str = URLDecoder.decode(str, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                log.error("解码参数异常： " + e.getMessage());
            }
            log.info("get请求：" + str + "--------------------");
        } else {
            str = body;
            if (str.contains("=") && !str.contains(":")) {
                str = convertParam(str);
                try {
                    str = URLDecoder.decode(str, "UTF-8");
                } catch (UnsupportedEncodingException e2) {
                    log.error("解码参数异常： " + e2.getMessage());
                }
            }
            if (StringUtils.isNotBlank(httpServletRequest.getContentType()) && httpServletRequest.getContentType().contains("multipart")) {
                str = "";
            }
            log.info("post请求：" + str + "--------------------");
        }
        if (StringUtils.isNotBlank(str)) {
            String str2 = null;
            try {
                log.info("md5参数加密前原文 => {}", str);
                str2 = md5(str);
            } catch (Exception e3) {
                log.error("md5参数加密失败 => {}", e3.getMessage());
            }
            if (str2.equals(header)) {
                log.info("参数签名校验成功： sign->{}", header);
                return;
            }
            log.info("参数签名校验失败： 传参为->{},  计算得到的结果sign->{},  前端传递sign->{}", str, str2, header);
            requestContext.getResponse().setContentType("text/html;charset=utf-8");
            requestContext.setSendZuulResponse(false);
            requestContext.setResponseStatusCode(200);
            requestContext.setResponseBody("{\"data\":\"unauthorized\",\"code\":1110004, \"msg\":\"数据签名校验失败\"}");
        }
    }

    private void validateToken(RequestContext requestContext, HttpServletRequest httpServletRequest) {
        BaseResponse doctorTokenValidate;
        try {
            new BaseResponse();
            String header = httpServletRequest.getHeader("token");
            String requestURI = httpServletRequest.getRequestURI();
            String header2 = httpServletRequest.getHeader(CLOUD_AUTH);
            String header3 = httpServletRequest.getHeader(CHANNEL_SOURCE);
            if (null == header) {
                log.info("token获取失败--------------------------------------------------");
                requestContext.setSendZuulResponse(false);
                requestContext.setResponseStatusCode(200);
                requestContext.setResponseBody("{\"code\":1110001,\"msg\":\"unauthorized\"}");
                return;
            }
            requestContext.addZuulResponseHeader("X-Logged-In", "true");
            if (StringUtils.isNotBlank(header2) && CLOUD_AUTH.equals(header2)) {
                log.info("super user admin auth token validate: ");
                doctorTokenValidate = this.superAdminClient.BaseResponsevalidateToken(header);
                log.info(doctorTokenValidate.toString());
                requestContext.set("byhApplication", "super_application");
                saveLoggingStored(doctorTokenValidate, requestContext);
            } else if (StringUtils.isNotBlank(header3) && LARGE_TERMINAL.equals(header3)) {
                log.info("large terminal auth token validate: ");
                requestContext.set("byhApplication", "patient_application");
                doctorTokenValidate = customerTerminalTokenValidate(header);
            } else if (StringUtils.isNotBlank(header3) && INTEGRATED_MANAGEMENT.equals(header3)) {
                log.info("进入V2版本管理端token校验===token:{}===uri:{}", header, requestURI);
                log.info("integrated management auth token validate: ");
                requestContext.set("byhApplication", "admin_application");
                doctorTokenValidate = customerTerminalTokenValidateV2(header, requestURI, requestContext);
            } else {
                requestContext.set("byhApplication", "doctor_application");
                log.info("doctor auth token validate: ");
                doctorTokenValidate = doctorTokenValidate(header);
                saveLoggingStored(doctorTokenValidate, requestContext);
            }
            if (ErrorEnum.NO_PERMISSION.getErrCode().equals(doctorTokenValidate.getErrCode())) {
                requestContext.getResponse().setContentType("text/html;charset=utf-8");
                requestContext.setSendZuulResponse(false);
                requestContext.setResponseStatusCode(200);
                requestContext.setResponseBody("{\"data\":\"unauthorized\",\"code\":1110001, \"msg\":\"" + doctorTokenValidate.getMsg() + "\"}");
            } else if ("0".equalsIgnoreCase(doctorTokenValidate.getCode())) {
                requestContext.getResponse().setContentType("text/html;charset=utf-8");
                requestContext.setSendZuulResponse(false);
                requestContext.setResponseStatusCode(200);
                requestContext.setResponseBody("{\"data\":\"unauthorized\",\"code\":1110001, \"msg\":\"" + doctorTokenValidate.getMsg() + "\"}");
            }
            log.info("网关权限校验流程完成,baseResponse: [{}]", doctorTokenValidate.toString());
        } catch (Exception e) {
            requestContext.setSendZuulResponse(false);
            requestContext.setResponseStatusCode(200);
            requestContext.setResponseBody("{\"code\":1110001,\"msg\":\"unauthorized\"}");
            log.error("权限服务参数解析异常:" + e);
        }
    }

    private BaseResponse customerTerminalTokenValidate(String str) {
        TokenCheckReqVO tokenCheckReqVO = new TokenCheckReqVO();
        tokenCheckReqVO.setCustomerFlag(true);
        tokenCheckReqVO.setToken(str);
        tokenCheckReqVO.setChannelCode("byh_customer");
        return this.cloudValidFeignClient.tokenCheck(tokenCheckReqVO);
    }

    private BaseResponse customerTerminalTokenValidateV2(String str, String str2, RequestContext requestContext) {
        log.info("进入云上网关=====参数:token:[" + str + "],url:[" + str2 + "]");
        TokenCheckReqVO tokenCheckReqVO = new TokenCheckReqVO();
        tokenCheckReqVO.setCustomerFlag(true);
        tokenCheckReqVO.setToken(str);
        tokenCheckReqVO.setUri(str2);
        tokenCheckReqVO.setChannelCode("byh_customer");
        BaseResponse<Object> baseResponse = this.cloudValidFeignClient.tokenCheckV2(tokenCheckReqVO);
        log.info("云上网关流程结束====调用返回值为BaseResponse-->{}", JSON.toJSONString(baseResponse));
        saveLoggingStored(baseResponse, requestContext);
        return baseResponse;
    }

    private void saveLoggingStored(BaseResponse baseResponse, RequestContext requestContext) {
        if (!baseResponse.isSuccess() || baseResponse.getData() == null || "true".equals(baseResponse.getData().toString())) {
            return;
        }
        HttpServletRequest request = requestContext.getRequest();
        Map map = (Map) JSON.parseObject(((Map) JSON.parseObject(JSON.toJSONString(baseResponse.getData()), Map.class)).get("tokenJson").toString(), Map.class);
        TokenJson tokenJson = new TokenJson();
        if (Objects.equals((String) requestContext.get("byhApplication"), "doctor_application")) {
            tokenJson.setName("医生端");
            tokenJson.setAccountNo(map.get("accountId").toString());
        } else {
            tokenJson.setName(map.get("name").toString());
            tokenJson.setAccountNo(map.get("accountNo").toString());
        }
        this.ignoreService.loggingStored(tokenJson, requestContext, request.getRequestURL().toString());
    }

    private BaseResponse doctorTokenValidate(String str) {
        TokenCheckReqVO tokenCheckReqVO = new TokenCheckReqVO();
        tokenCheckReqVO.setCustomerFlag(false);
        tokenCheckReqVO.setToken(str);
        tokenCheckReqVO.setChannelCode("byh_doctor");
        return this.cloudValidFeignClient.tokenCheck(tokenCheckReqVO);
    }

    public static String getIpAddress(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("WL-Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("HTTP_CLIENT_IP");
        }
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (header == null || header.length() == 0 || ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header)) {
            header = httpServletRequest.getRemoteAddr();
        }
        log.info("ip list->{}", header);
        if (header != null && header.length() != 0 && !ServerRequestAuthFilter.UNKNOWN.equalsIgnoreCase(header) && header.indexOf(",") != -1) {
            header = header.split(",")[0];
        }
        return header;
    }

    private String getUrlAddress(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI();
    }

    private String md5(String str) {
        String md5Hex = DigestUtils.md5Hex(str);
        String substring = md5Hex.substring(0, 12);
        String substring2 = md5Hex.substring(12, md5Hex.length());
        return DigestUtils.md5Hex(md5Hex.substring(md5Hex.length() - 10) + substring2.substring(0, substring2.length() - 10) + substring);
    }

    public static String getParamOfMethodGet(HttpServletRequest httpServletRequest) {
        return null == httpServletRequest.getQueryString() ? "" : convertParam(URLDecoder.decode(httpServletRequest.getQueryString()));
    }

    public static String convertParam(String str) {
        String[] split = str.split(BeanFactory.FACTORY_BEAN_PREFIX);
        Arrays.sort(split);
        JSONObject jSONObject = new JSONObject(true);
        for (int i = 0; i < split.length; i++) {
            String str2 = split[i].split("=")[0];
            if (split[i].split("=").length > 1) {
                jSONObject.put(str2, (Object) split[i].split("=")[1]);
            } else {
                jSONObject.put(str2, (Object) "");
            }
        }
        return StringEscapeUtils.unescapeJavaScript(jSONObject.toString());
    }
}
