package com.webank.wedatasphere.linkis.gateway.security;

import com.webank.wedatasphere.linkis.common.conf.Configuration$;
import com.webank.wedatasphere.linkis.common.utils.Utils$;
import com.webank.wedatasphere.linkis.gateway.config.GatewayConfiguration$;
import com.webank.wedatasphere.linkis.gateway.http.GatewayContext;
import com.webank.wedatasphere.linkis.gateway.http.GatewayHttpResponse;
import com.webank.wedatasphere.linkis.gateway.security.sso.SSOInterceptor$;
import com.webank.wedatasphere.linkis.gateway.security.token.TokenAuthentication$;
import com.webank.wedatasphere.linkis.server.Message;
import com.webank.wedatasphere.linkis.server.Message$;
import com.webank.wedatasphere.linkis.server.conf.ServerConfiguration$;
import com.webank.wedatasphere.linkis.server.package$;
import java.text.DateFormat;
import java.util.Date;
import java.util.Locale;
import org.apache.commons.lang.StringUtils;
import scala.Option;
import scala.Predef$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.NonLocalReturnControl;

/* compiled from: SecurityFilter.scala */
/* loaded from: input_file:com/webank/wedatasphere/linkis/gateway/security/SecurityFilter$.class */
public final class SecurityFilter$ {
    public static final SecurityFilter$ MODULE$ = null;
    private final boolean refererValidate;
    private final String localAddress;
    private final String testUser;
    private UserRestful com$webank$wedatasphere$linkis$gateway$security$SecurityFilter$$userRestful;

    static {
        new SecurityFilter$();
    }

    private boolean refererValidate() {
        return this.refererValidate;
    }

    private String localAddress() {
        return this.localAddress;
    }

    public String testUser() {
        return this.testUser;
    }

    public UserRestful com$webank$wedatasphere$linkis$gateway$security$SecurityFilter$$userRestful() {
        return this.com$webank$wedatasphere$linkis$gateway$security$SecurityFilter$$userRestful;
    }

    private void com$webank$wedatasphere$linkis$gateway$security$SecurityFilter$$userRestful_$eq(UserRestful userRestful) {
        this.com$webank$wedatasphere$linkis$gateway$security$SecurityFilter$$userRestful = userRestful;
    }

    public void setUserRestful(UserRestful userRestful) {
        com$webank$wedatasphere$linkis$gateway$security$SecurityFilter$$userRestful_$eq(userRestful);
    }

    public void filterResponse(GatewayContext gatewayContext, Message message) {
        gatewayContext.getResponse().setStatus(Message$.MODULE$.messageToHttpStatus(message));
        gatewayContext.getResponse().write(Message$.MODULE$.response(message));
        gatewayContext.getResponse().sendResponse();
    }

    public boolean doFilter(GatewayContext gatewayContext) {
        Object obj = new Object();
        try {
            addAccessHeaders(gatewayContext);
            if (refererValidate()) {
                String[] strArr = gatewayContext.getRequest().getHeaders().get("Referer");
                if (strArr != null && Predef$.MODULE$.refArrayOps(strArr).nonEmpty() && StringUtils.isNotEmpty((String) Predef$.MODULE$.refArrayOps(strArr).head()) && !((String) Predef$.MODULE$.refArrayOps(strArr).head()).trim().contains(localAddress())) {
                    filterResponse(gatewayContext, package$.MODULE$.validateFailed("Unallowed cross-site request(不允许的跨站请求)！"));
                    return false;
                }
                String upperCase = gatewayContext.getRequest().getMethod().toUpperCase();
                if (!("GET".equals(upperCase) ? true : "POST".equals(upperCase) ? true : "PUT".equals(upperCase) ? true : "DELETE".equals(upperCase) ? true : "HEAD".equals(upperCase) ? true : "TRACE".equals(upperCase) ? true : "CONNECT".equals(upperCase) ? true : "OPTIONS".equals(upperCase))) {
                    filterResponse(gatewayContext, package$.MODULE$.validateFailed("Do not use HTTP verbs to tamper with(不可使用HTTP动词篡改)！"));
                    return false;
                }
                BoxedUnit boxedUnit = BoxedUnit.UNIT;
            }
            boolean exists = Predef$.MODULE$.refArrayOps(GatewayConfiguration$.MODULE$.PASS_AUTH_REQUEST_URI()).exists(new SecurityFilter$$anonfun$1(gatewayContext.getRequest().getRequestURI()));
            if (gatewayContext.getRequest().getRequestURI().startsWith((String) ServerConfiguration$.MODULE$.BDP_SERVER_USER_URI().getValue())) {
                Utils$.MODULE$.tryCatch(new SecurityFilter$$anonfun$doFilter$1(gatewayContext), new SecurityFilter$$anonfun$doFilter$2(gatewayContext));
                return false;
            }
            if (exists && !BoxesRunTime.unboxToBoolean(GatewayConfiguration$.MODULE$.ENABLE_SSO_LOGIN().getValue())) {
                GatewaySSOUtils$.MODULE$.info(new SecurityFilter$$anonfun$doFilter$3(gatewayContext));
                return true;
            }
            if (TokenAuthentication$.MODULE$.isTokenRequest(gatewayContext)) {
                return TokenAuthentication$.MODULE$.tokenAuth(gatewayContext);
            }
            if (((Option) Utils$.MODULE$.tryCatch(new SecurityFilter$$anonfun$2(gatewayContext), new SecurityFilter$$anonfun$3(gatewayContext, obj))).isDefined()) {
                return true;
            }
            if (BoxesRunTime.unboxToBoolean(Configuration$.MODULE$.IS_TEST_MODE().getValue())) {
                GatewaySSOUtils$.MODULE$.info(new SecurityFilter$$anonfun$doFilter$4(gatewayContext));
                GatewaySSOUtils$.MODULE$.setLoginUser(gatewayContext, testUser());
                return true;
            }
            if (!BoxesRunTime.unboxToBoolean(GatewayConfiguration$.MODULE$.ENABLE_SSO_LOGIN().getValue())) {
                filterResponse(gatewayContext, Message$.MODULE$.noLogin("You are not logged in, please login first(您尚未登录，请先登录)!").$less$less(gatewayContext.getRequest().getRequestURI()));
                return false;
            }
            String user = SSOInterceptor$.MODULE$.getSSOInterceptor().getUser(gatewayContext);
            if (StringUtils.isNotBlank(user)) {
                GatewaySSOUtils$.MODULE$.setLoginUser(gatewayContext.getRequest(), user);
                return true;
            }
            if (!exists) {
                filterResponse(gatewayContext, Message$.MODULE$.noLogin("You are not logged in, please login first(您尚未登录，请先登录)!").data("enableSSO", BoxesRunTime.boxToBoolean(true)).data("SSOURL", SSOInterceptor$.MODULE$.getSSOInterceptor().redirectTo(gatewayContext.getRequest().getURI())).$less$less(gatewayContext.getRequest().getRequestURI()));
                return false;
            }
            gatewayContext.getResponse().redirectTo(SSOInterceptor$.MODULE$.getSSOInterceptor().redirectTo(gatewayContext.getRequest().getURI()));
            gatewayContext.getResponse().sendResponse();
            return false;
        } catch (NonLocalReturnControl e) {
            if (e.key() == obj) {
                return e.value$mcZ$sp();
            }
            throw e;
        }
    }

    public void addAccessHeaders(GatewayContext gatewayContext) {
        GatewayHttpResponse response = gatewayContext.getResponse();
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");
        response.setHeader("Access-Control-Allow-Headers", "authorization,Content-Type");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, HEAD, DELETE");
        response.setHeader("Date", DateFormat.getDateTimeInstance(0, 0, new Locale("EN", "en")).format(new Date()));
    }

    private SecurityFilter$() {
        MODULE$ = this;
        this.refererValidate = BoxesRunTime.unboxToBoolean(ServerConfiguration$.MODULE$.BDP_SERVER_SECURITY_REFERER_VALIDATE().getValue());
        this.localAddress = (String) ServerConfiguration$.MODULE$.BDP_SERVER_ADDRESS().getValue();
        this.testUser = (String) ServerConfiguration$.MODULE$.BDP_TEST_USER().getValue();
    }
}
