package top.dcenter.ums.security.core.auth.controller;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.support.GenericApplicationContext;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import top.dcenter.ums.security.common.enums.ErrorCodeEnum;
import top.dcenter.ums.security.common.utils.IpUtil;
import top.dcenter.ums.security.common.utils.ReflectionUtil;
import top.dcenter.ums.security.core.api.controller.BaseSecurityController;
import top.dcenter.ums.security.core.auth.properties.ClientProperties;
import top.dcenter.ums.security.core.exception.IllegalAccessUrlException;

@Api(tags = {"登录路由控制"})
@ResponseBody
/* loaded from: input_file:top/dcenter/ums/security/core/auth/controller/ClientSecurityController.class */
public class ClientSecurityController implements BaseSecurityController, InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(ClientSecurityController.class);
    public static final String URL_REGEX = "^.*://[^/]*(/.*$)";
    public static final String URI_$1 = "$1";
    private final ClientProperties clientProperties;
    private final Map<String, String> authRedirectUrls;

    @Autowired
    private GenericApplicationContext applicationContext;
    private final RequestCache requestCache = new HttpSessionRequestCache();
    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    private final AntPathMatcher pathMatcher = new AntPathMatcher();

    public ClientSecurityController(ClientProperties clientProperties) {
        this.clientProperties = clientProperties;
        this.authRedirectUrls = (Map) clientProperties.getAuthRedirectSuffixCondition().stream().map(str -> {
            return str.split("=");
        }).collect(Collectors.toMap(strArr -> {
            return strArr[0];
        }, strArr2 -> {
            return strArr2[1];
        }));
    }

    @Override // top.dcenter.ums.security.core.api.controller.BaseSecurityController
    @RequestMapping(value = {"/authentication/require"}, method = {RequestMethod.GET})
    @ApiOperation(value = "登录路由控制", notes = "设置 uri 相对应的跳转登录页, 例如：key=/**: value=/login.html, 用等号隔开key与value, 如: /**=/login.html, 默认为空.\n支持通配符, 匹配规则： /user/aa/bb/cc.html 匹配 pattern：/us?r/**/*.html, /user/**, /user/*/bb/c?.html, /user/**/*.*.\n规则具体看 AntPathMatcher.match(pattern, path)", httpMethod = "GET")
    public void requireAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            SavedRequest request = this.requestCache.getRequest(httpServletRequest, httpServletResponse);
            if (request != null) {
                String redirectUrl = request.getRedirectUrl();
                if (StringUtils.hasText(redirectUrl)) {
                    String substring = redirectUrl.replaceFirst(URL_REGEX, URI_$1).substring(httpServletRequest.getServletContext().getContextPath().length());
                    for (Map.Entry<String, String> entry : this.authRedirectUrls.entrySet()) {
                        if (this.pathMatcher.match(entry.getKey(), substring)) {
                            this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, entry.getValue());
                            return;
                        }
                    }
                }
            }
            this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, this.clientProperties.getLoginPage());
        } catch (Exception e) {
            String requestURI = httpServletRequest.getRequestURI();
            String realIp = IpUtil.getRealIp(httpServletRequest);
            log.error(String.format("IllegalAccessUrlException: ip=%s, uri=%s, sid=%s, error=%s", realIp, requestURI, httpServletRequest.getSession(true).getId(), e.getMessage()), e);
            throw new IllegalAccessUrlException(ErrorCodeEnum.SERVER_ERROR, requestURI, realIp);
        }
    }

    public void afterPropertiesSet() throws Exception {
        if (this.clientProperties.getOpenAuthenticationRedirect().booleanValue()) {
            ReflectionUtil.setRequestMappingUri("requireAuthentication", this.clientProperties.getLoginUnAuthenticationRoutingUrl(), getClass(), new Class[]{HttpServletRequest.class, HttpServletResponse.class});
            ReflectionUtil.registerController("clientSecurityController", this.applicationContext, BaseSecurityController.class);
        }
    }
}
