package com.tplink.ignite.jeelib.authority;

import com.tplink.ignite.jeelib.authority.EnableAuthority;
import com.tplink.ignite.jeelib.common.Errors;
import com.tplink.ignite.jeelib.domain.ApiResult;
import com.tplink.ignite.jeelib.utils.JsonUtils;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

@WebFilter(filterName = "authority-filter", urlPatterns = {"/*"})
@Order(20)
/* loaded from: classes.dex */
public class AuthorityFilter extends OncePerRequestFilter {
    private static Pattern JSID = Pattern.compile("JSESSIONID=([A-Z0-9]+)");

    @Autowired
    AuthorityEntrance authorityEntrance;

    @Autowired
    AuthorityProperties authorityProperties;
    Logger log = LoggerFactory.getLogger(AuthorityFilter.class);

    @Autowired(required = false)
    AuthoritySessionManager sessionManager;

    private String getJSeesionId(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Cookie");
        if (header == null) {
            return null;
        }
        Matcher matcher = JSID.matcher(header);
        if (matcher.find()) {
            return matcher.group(1);
        }
        return null;
    }

    private String getToken(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(!StringUtils.isEmpty(this.authorityProperties.getTokenName()) ? this.authorityProperties.getTokenName() : "token");
    }

    private ApiResult processSessionMode(HttpServletRequest httpServletRequest) {
        Integer permission = PermissionManager.getPermission(httpServletRequest.getRequestURI());
        if (permission == null) {
            permission = 2;
        }
        if (this.sessionManager == null) {
            return ApiResult.SUCCESS;
        }
        if (PermissionManager.isAccountApi(permission.intValue()) || PermissionManager.isIgnore(permission.intValue())) {
            return ApiResult.SUCCESS;
        }
        if (!PermissionManager.isUser(permission.intValue()) && !PermissionManager.isAdmin(permission.intValue())) {
            return ApiResult.SUCCESS;
        }
        AuthoritySession createSession = this.sessionManager.createSession(getJSeesionId(httpServletRequest));
        if (createSession.getId() == null || !createSession.isValid()) {
            return new ApiResult(Errors.ACCOUNT_UNAUTHORIZED_ERROR);
        }
        createSession.access();
        httpServletRequest.setAttribute("account-name", createSession.getAttr("cloudUserName"));
        httpServletRequest.setAttribute("account-session", createSession);
        httpServletRequest.setAttribute("api-permission", permission);
        return ApiResult.SUCCESS;
    }

    private ApiResult processTokenMode(HttpServletRequest httpServletRequest) {
        return this.authorityEntrance.checkToken(getToken(httpServletRequest));
    }

    private void response(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ApiResult apiResult) {
        if (!apiResult.isSuccess()) {
            httpServletRequest.setAttribute("error-result", apiResult);
        }
        httpServletResponse.getWriter().write(JsonUtils.bean2Json(apiResult));
        httpServletResponse.getWriter().flush();
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        if (!this.authorityProperties.isApiUrlPrefix(httpServletRequest.getRequestURI())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        ApiResult processSessionMode = EnableAuthority.AuthMode.SESSION.equals(this.authorityProperties.getAuthMode()) ? processSessionMode(httpServletRequest) : processTokenMode(httpServletRequest);
        if (processSessionMode.isSuccess()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            response(httpServletRequest, httpServletResponse, processSessionMode);
        }
    }
}
