package com.central.oauth2.common.service.impl;

import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.StrUtil;
import com.central.common.constant.CommonConstant;
import com.central.common.context.TenantContextHolder;
import com.central.common.model.SysMenu;
import com.central.oauth2.common.properties.SecurityProperties;
import com.central.oauth2.common.util.AuthUtils;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:BOOT-INF/lib/bm-auth-client-spring-boot-starter-3.6.0.jar:com/central/oauth2/common/service/impl/DefaultPermissionServiceImpl.class */
public abstract class DefaultPermissionServiceImpl {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultPermissionServiceImpl.class);

    @Autowired
    private SecurityProperties securityProperties;
    private AntPathMatcher antPathMatcher = new AntPathMatcher();

    public abstract List<SysMenu> findMenuByRoleCodes(String str);

    public boolean hasPermission(Authentication authentication, String str, String str2) {
        if (HttpMethod.OPTIONS.name().equalsIgnoreCase(str)) {
            return true;
        }
        if (authentication instanceof AnonymousAuthenticationToken) {
            return false;
        }
        if (!this.securityProperties.getAuth().getUrlPermission().getEnable().booleanValue() || CommonConstant.ADMIN_USER_NAME.equals(AuthUtils.getUsername(authentication))) {
            return true;
        }
        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
        if (!isNeedAuth(oAuth2Authentication.getOAuth2Request().getClientId())) {
            return true;
        }
        for (String str3 : this.securityProperties.getAuth().getUrlPermission().getIgnoreUrls()) {
            if (this.antPathMatcher.match(str3, str2)) {
                return true;
            }
        }
        List list = (List) authentication.getAuthorities();
        if (CollectionUtil.isEmpty((Collection<?>) list)) {
            log.warn("角色列表为空：{}", authentication.getPrincipal());
            return false;
        }
        TenantContextHolder.setTenant(oAuth2Authentication.getOAuth2Request().getClientId());
        for (SysMenu sysMenu : findMenuByRoleCodes((String) list.stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.joining(", ")))) {
            if (StringUtils.isNotEmpty(sysMenu.getModuleUrl()) && this.antPathMatcher.match(sysMenu.getModuleUrl(), str2)) {
                if (StrUtil.isNotEmpty(sysMenu.getPathMethod())) {
                    return str.equalsIgnoreCase(sysMenu.getPathMethod());
                }
                return true;
            }
        }
        return false;
    }

    private boolean isNeedAuth(String str) {
        boolean z = true;
        List<String> includeClientIds = this.securityProperties.getAuth().getUrlPermission().getIncludeClientIds();
        List<String> exclusiveClientIds = this.securityProperties.getAuth().getUrlPermission().getExclusiveClientIds();
        if (includeClientIds.size() > 0) {
            z = includeClientIds.contains(str);
        } else if (exclusiveClientIds.size() > 0) {
            z = !exclusiveClientIds.contains(str);
        }
        return z;
    }
}
