package com.dev.base.interceptor;

import com.dev.base.constant.CfgConstants;
import com.dev.base.enums.Role;
import com.dev.base.enums.UserRole;
import com.dev.base.exception.AuthException;
import com.dev.base.exception.SessionTimeoutException;
import com.dev.base.util.WebUtil;
import com.dev.user.service.LoginService;
import com.dev.user.vo.UserInfo;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:WEB-INF/classes/com/dev/base/interceptor/PrivilegeInterceptor.class */
public class PrivilegeInterceptor extends HandlerInterceptorAdapter {
    private static Logger logger = LogManager.getLogger(PrivilegeInterceptor.class);

    @Autowired
    private LoginService loginService;
    private String[] authOperArray = {"/json/add.htm", "/json/update.htm", "/json/del.htm"};

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String requestURI = httpServletRequest.getRequestURI();
        logger.debug(requestURI);
        UserInfo userInfo = WebUtil.getUserInfo(httpServletRequest, this.loginService);
        if (userInfo == null) {
            throw new SessionTimeoutException();
        }
        if (userInfo.getRole() == UserRole.admin && (obj instanceof HandlerMethod) && "SwaggerController".equals(((HandlerMethod) obj).getBean().getClass().getSimpleName())) {
            return true;
        }
        authForProject(httpServletRequest, userInfo, requestURI);
        authForDoc(httpServletRequest, userInfo, requestURI);
        return super.preHandle(httpServletRequest, httpServletResponse, obj);
    }

    private void validHttpClient(HttpServletRequest httpServletRequest) {
        if (WebUtil.isAjaxReq(httpServletRequest)) {
            if (CfgConstants.SYS_REQ_TOKEN.equals(httpServletRequest.getHeader("sysReqToken"))) {
                return;
            }
            logger.error("bad req without sys req token:");
            throw new SessionTimeoutException();
        }
    }

    private void authForProject(HttpServletRequest httpServletRequest, UserInfo userInfo, String str) {
        if (StringUtils.isEmpty(httpServletRequest.getParameter("projId"))) {
            return;
        }
        Role roleByProjId = userInfo.getRoleByProjId(Long.valueOf(Long.parseLong(httpServletRequest.getParameter("projId"))));
        if (roleByProjId == null) {
            throw new AuthException();
        }
        authForOper(roleByProjId, str);
    }

    private void authForDoc(HttpServletRequest httpServletRequest, UserInfo userInfo, String str) {
        if (StringUtils.isEmpty(httpServletRequest.getParameter("docId"))) {
            return;
        }
        Role roleByDocId = userInfo.getRoleByDocId(Long.valueOf(Long.parseLong(httpServletRequest.getParameter("docId"))));
        if (roleByDocId == null) {
            throw new AuthException();
        }
        authForOper(roleByDocId, str);
    }

    private void authForOper(Role role, String str) {
        for (String str2 : this.authOperArray) {
            if (role != Role.admin && str.endsWith(str2)) {
                throw new AuthException();
            }
        }
    }
}
