package org.msh.etbm.web.api.authentication;

import java.lang.reflect.Method;
import java.util.TimeZone;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.msh.etbm.services.admin.sysconfig.SysConfigService;
import org.msh.etbm.services.session.usersession.UserRequestService;
import org.msh.etbm.services.session.usersession.UserSession;
import org.msh.etbm.services.session.usersession.UserSessionService;
import org.msh.etbm.web.Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@Component
/* loaded from: input_file:org/msh/etbm/web/api/authentication/AuthenticatorInterceptor.class */
public class AuthenticatorInterceptor extends HandlerInterceptorAdapter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AuthenticatorInterceptor.class);

    @Autowired
    UserSessionService userSessionService;

    @Autowired
    UserRequestService userRequestService;

    @Autowired
    SysConfigService sysConfigService;

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        Method method = ((HandlerMethod) obj).getMethod();
        Authenticated authenticated = (Authenticated) method.getAnnotation(Authenticated.class);
        if (authenticated == null) {
            authenticated = (Authenticated) method.getDeclaringClass().getAnnotation(Authenticated.class);
        }
        if (authenticated == null) {
            return true;
        }
        UUID authenticationToken = getAuthenticationToken(httpServletRequest);
        UserSession checkAuthenticated = authenticationToken != null ? checkAuthenticated(authenticationToken) : null;
        if (checkAuthenticated == null) {
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), "Not authorized");
            return false;
        }
        if (!checkAuthorized(authenticated.permissions(), checkAuthenticated)) {
            httpServletResponse.sendError(HttpStatus.FORBIDDEN.value(), "Operation forbidden");
            return false;
        }
        if ((InstanceType.CLIENT_MODE.equals(authenticated.instanceType()) && !this.sysConfigService.loadConfig().isClientMode()) || (InstanceType.SERVER_MODE.equals(authenticated.instanceType()) && this.sysConfigService.loadConfig().isClientMode())) {
            httpServletResponse.sendError(HttpStatus.FORBIDDEN.value(), "Operation forbidden");
            return false;
        }
        this.userRequestService.setUserSession(checkAuthenticated);
        this.userRequestService.setAuthToken(authenticationToken);
        TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
        return true;
    }

    private UUID getAuthenticationToken(HttpServletRequest httpServletRequest) {
        UUID uuid;
        String header = httpServletRequest.getHeader(Constants.AUTH_TOKEN_HEADERNAME);
        if (header == null && httpServletRequest.getQueryString() != null && httpServletRequest.getQueryString().contains(Constants.AUTH_TOKEN_HEADERNAME)) {
            header = httpServletRequest.getParameter(Constants.AUTH_TOKEN_HEADERNAME);
        }
        if (header == null) {
            return null;
        }
        try {
            uuid = UUID.fromString(header);
        } catch (IllegalArgumentException e) {
            LOGGER.info("Invalid token format for UUID " + header);
            uuid = null;
        }
        return uuid;
    }

    private UserSession checkAuthenticated(UUID uuid) {
        UserSession recoverSession = this.userSessionService.recoverSession(uuid);
        if (recoverSession == null) {
            return null;
        }
        return recoverSession;
    }

    private boolean checkAuthorized(String[] strArr, UserSession userSession) {
        if (strArr == null || strArr.length == 0) {
            return true;
        }
        for (String str : strArr) {
            if (!userSession.isPermissionGranted(str)) {
                return false;
            }
        }
        return true;
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        if (this.userRequestService.isAuthenticated()) {
            this.userRequestService.updateLastAccess();
        }
    }
}
