package com.jeecms.core.web;

import com.jeecms.core.entity.Admin;
import com.jeecms.core.entity.User;
import com.jeecms.core.manager.AdminMng;
import java.io.IOException;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:com/jeecms/core/web/AccessControlFilter.class */
public class AccessControlFilter implements Filter {
    private static Logger log = LoggerFactory.getLogger(AccessControlFilter.class);
    private boolean isControl;
    private static final String BEAN_NAME = "adminMngImpl";
    private AdminMng adminMng;

    public void init(FilterConfig filterConfig) throws ServletException {
        if ("false".equals(filterConfig.getInitParameter("isControl"))) {
            this.isControl = false;
        } else {
            this.isControl = true;
        }
        this.adminMng = (AdminMng) WebApplicationContextUtils.getRequiredWebApplicationContext(filterConfig.getServletContext()).getBean(BEAN_NAME, AdminMng.class);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        if (!this.isControl) {
            if (session == null) {
                session = httpServletRequest.getSession(true);
            }
            session.setAttribute(Admin.ADMIN_KEY, 1L);
            session.setAttribute(User.USER_KEY, 1L);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (session == null) {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/no_login.html");
            return;
        }
        String serverName = httpServletRequest.getServerName();
        Long l = (Long) session.getAttribute(User.USER_KEY);
        if (this.adminMng.getLoginAdmin(serverName, (Long) session.getAttribute(Admin.ADMIN_KEY), l, session) == null) {
            httpServletResponse.sendError(403);
            return;
        }
        if (l.equals(1L)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String url = getUrl(httpServletRequest);
        Set set = (Set) session.getAttribute(Admin.RIGHTS_KEY);
        if (set == null || !set.contains(url)) {
            httpServletResponse.sendError(403);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private String getUrl(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        String contextPath = httpServletRequest.getContextPath();
        return requestURI.indexOf(".") != -1 ? requestURI.substring(contextPath.length(), requestURI.indexOf(".")) : requestURI.indexOf("?") != -1 ? requestURI.substring(contextPath.length(), requestURI.indexOf("?")) : requestURI.substring(contextPath.length());
    }

    public void destroy() {
    }
}
