package com.jeecms.cms.web;

import ch.qos.logback.classic.spi.CallerData;
import com.jeecms.cms.entity.main.CmsSite;
import com.jeecms.cms.entity.main.CmsUser;
import com.jeecms.cms.manager.main.CmsSiteMng;
import com.jeecms.cms.manager.main.CmsUserMng;
import com.jeecms.common.web.CookieUtils;
import com.jeecms.common.web.session.SessionProvider;
import com.jeecms.common.web.springmvc.MessageResolver;
import com.jeecms.core.action.front.LoginAct;
import com.jeecms.core.manager.AuthenticationMng;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.directwebremoting.dwrp.ProtocolConstants;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.view.UrlBasedViewResolver;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:WEB-INF/classes/com/jeecms/cms/web/AdminContextInterceptor.class */
public class AdminContextInterceptor extends HandlerInterceptorAdapter {
    private static final Logger log = Logger.getLogger(AdminContextInterceptor.class);
    public static final String SITE_PARAM = "_site_id_param";
    public static final String SITE_COOKIE = "_site_id_cookie";
    public static final String PERMISSION_MODEL = "_permission_key";
    private SessionProvider session;
    private AuthenticationMng authMng;
    private CmsSiteMng cmsSiteMng;
    private CmsUserMng cmsUserMng;
    private Integer adminId;
    private boolean auth = true;
    private String[] excludeUrls;
    private String loginUrl;
    private String processUrl;
    private String returnUrl;

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        CmsSite site = getSite(httpServletRequest, httpServletResponse);
        CmsUtils.setSite(httpServletRequest, site);
        CmsThreadVariable.setSite(site);
        CmsUser cmsUser = null;
        if (this.adminId != null) {
            cmsUser = this.cmsUserMng.findById(this.adminId);
            if (cmsUser == null) {
                throw new IllegalStateException("User ID=" + this.adminId + " not found!");
            }
        } else {
            Integer retrieveUserIdFromSession = this.authMng.retrieveUserIdFromSession(this.session, httpServletRequest);
            if (retrieveUserIdFromSession != null) {
                cmsUser = this.cmsUserMng.findById(retrieveUserIdFromSession);
            }
        }
        CmsUtils.setUser(httpServletRequest, cmsUser);
        CmsThreadVariable.setUser(cmsUser);
        String uri = getURI(httpServletRequest);
        if (exclude(uri)) {
            return true;
        }
        if (cmsUser == null) {
            httpServletResponse.sendRedirect(getLoginUrl(httpServletRequest));
            return false;
        }
        if (!cmsUser.getAdmin().booleanValue()) {
            httpServletRequest.setAttribute("message", MessageResolver.getMessage(httpServletRequest, "login.notAdmin", new Object[0]));
            httpServletResponse.sendError(403);
            return false;
        }
        if (!cmsUser.getSites().contains(site)) {
            httpServletRequest.setAttribute("message", MessageResolver.getMessage(httpServletRequest, "login.notInSite", new Object[0]));
            httpServletResponse.sendError(403);
            return false;
        }
        boolean booleanValue = cmsUser.getViewonlyAdmin().booleanValue();
        if (!this.auth || cmsUser.isSuper() || permistionPass(uri, cmsUser.getPerms(), booleanValue)) {
            return true;
        }
        httpServletRequest.setAttribute("message", MessageResolver.getMessage(httpServletRequest, "login.notPermission", new Object[0]));
        httpServletResponse.sendError(403);
        return false;
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        CmsUser user = CmsUtils.getUser(httpServletRequest);
        if (!this.auth || user == null || user.isSuper() || modelAndView == null || modelAndView.getModelMap() == null || modelAndView.getViewName() == null || modelAndView.getViewName().startsWith(UrlBasedViewResolver.REDIRECT_URL_PREFIX)) {
            return;
        }
        modelAndView.getModelMap().addAttribute(PERMISSION_MODEL, user.getPerms());
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        CmsThreadVariable.removeUser();
        CmsThreadVariable.removeSite();
    }

    private String getLoginUrl(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        if (this.loginUrl.startsWith("/")) {
            String contextPath = httpServletRequest.getContextPath();
            if (!StringUtils.isBlank(contextPath)) {
                sb.append(contextPath);
            }
        }
        sb.append(this.loginUrl).append(CallerData.NA);
        sb.append("returnUrl").append(ProtocolConstants.INBOUND_DECL_SEPARATOR).append(this.returnUrl);
        if (!StringUtils.isBlank(this.processUrl)) {
            sb.append(BeanFactory.FACTORY_BEAN_PREFIX).append(LoginAct.PROCESS_URL).append(ProtocolConstants.INBOUND_DECL_SEPARATOR).append(getProcessUrl(httpServletRequest));
        }
        return sb.toString();
    }

    private String getProcessUrl(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        if (this.loginUrl.startsWith("/")) {
            String contextPath = httpServletRequest.getContextPath();
            if (!StringUtils.isBlank(contextPath)) {
                sb.append(contextPath);
            }
        }
        sb.append(this.processUrl);
        return sb.toString();
    }

    private CmsSite getSite(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        CmsSite byParams = getByParams(httpServletRequest, httpServletResponse);
        if (byParams == null) {
            byParams = getByCookie(httpServletRequest);
        }
        if (byParams == null) {
            byParams = getByDomain(httpServletRequest);
        }
        if (byParams == null) {
            byParams = getByDefault();
        }
        if (byParams == null) {
            throw new RuntimeException("cannot get site!");
        }
        return byParams;
    }

    private CmsSite getByParams(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter(SITE_PARAM);
        if (StringUtils.isBlank(parameter)) {
            return null;
        }
        try {
            CmsSite findById = this.cmsSiteMng.findById(Integer.valueOf(Integer.parseInt(parameter)));
            if (findById == null) {
                return null;
            }
            CookieUtils.addCookie(httpServletRequest, httpServletResponse, SITE_COOKIE, findById.getId().toString(), null, null);
            return findById;
        } catch (NumberFormatException e) {
            log.warn("param site id format exception", e);
            return null;
        }
    }

    private CmsSite getByCookie(HttpServletRequest httpServletRequest) {
        Cookie cookie = CookieUtils.getCookie(httpServletRequest, SITE_COOKIE);
        if (cookie == null) {
            return null;
        }
        String value = cookie.getValue();
        if (StringUtils.isBlank(value)) {
            return null;
        }
        try {
            return this.cmsSiteMng.findById(Integer.valueOf(Integer.parseInt(value)));
        } catch (NumberFormatException e) {
            log.warn("cookie site id format exception", e);
            return null;
        }
    }

    private CmsSite getByDomain(HttpServletRequest httpServletRequest) {
        String serverName = httpServletRequest.getServerName();
        if (StringUtils.isBlank(serverName)) {
            return null;
        }
        return this.cmsSiteMng.findByDomain(serverName, true);
    }

    private CmsSite getByDefault() {
        List<CmsSite> listFromCache = this.cmsSiteMng.getListFromCache();
        if (listFromCache.size() > 0) {
            return listFromCache.get(0);
        }
        return null;
    }

    private boolean exclude(String str) {
        if (this.excludeUrls == null) {
            return false;
        }
        for (String str2 : this.excludeUrls) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    private boolean permistionPass(String str, Set<String> set, boolean z) {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                if (!z) {
                    return true;
                }
                int lastIndexOf = str.lastIndexOf("/");
                if (lastIndexOf == -1) {
                    throw new RuntimeException("uri must start width '/':" + str);
                }
                return !str.substring(lastIndexOf + 1).startsWith("o_");
            }
        }
        return false;
    }

    private static String getURI(HttpServletRequest httpServletRequest) throws IllegalStateException {
        UrlPathHelper urlPathHelper = new UrlPathHelper();
        String originatingRequestUri = urlPathHelper.getOriginatingRequestUri(httpServletRequest);
        int i = 0;
        int i2 = StringUtils.isBlank(urlPathHelper.getOriginatingContextPath(httpServletRequest)) ? 2 : 2 + 1;
        for (int i3 = 0; i3 < i2 && i != -1; i3++) {
            i = originatingRequestUri.indexOf(47, i + 1);
        }
        if (i <= 0) {
            throw new IllegalStateException("admin access path not like '/jeeadmin/jspgou/...' pattern: " + originatingRequestUri);
        }
        return originatingRequestUri.substring(i);
    }

    @Autowired
    public void setSession(SessionProvider sessionProvider) {
        this.session = sessionProvider;
    }

    @Autowired
    public void setCmsSiteMng(CmsSiteMng cmsSiteMng) {
        this.cmsSiteMng = cmsSiteMng;
    }

    @Autowired
    public void setCmsUserMng(CmsUserMng cmsUserMng) {
        this.cmsUserMng = cmsUserMng;
    }

    @Autowired
    public void setAuthMng(AuthenticationMng authenticationMng) {
        this.authMng = authenticationMng;
    }

    public void setAuth(boolean z) {
        this.auth = z;
    }

    public void setExcludeUrls(String[] strArr) {
        this.excludeUrls = strArr;
    }

    public void setAdminId(Integer num) {
        this.adminId = num;
    }

    public void setLoginUrl(String str) {
        this.loginUrl = str;
    }

    public void setProcessUrl(String str) {
        this.processUrl = str;
    }

    public void setReturnUrl(String str) {
        this.returnUrl = str;
    }
}
