package com.asiainfo.aisquare.aisp.security.interceptor;

import com.asiainfo.aisquare.aisp.common.basic.utils.SqlTableUtil;
import com.asiainfo.aisquare.aisp.common.basic.utils.StringUtils;
import com.asiainfo.aisquare.aisp.entity.auth.AuthPermission;
import com.asiainfo.aisquare.aisp.entity.auth.AuthProfile;
import com.asiainfo.aisquare.aisp.security.holder.AuthPermissionHolder;
import com.asiainfo.aisquare.aisp.security.utils.AuthUtil;
import com.baomidou.mybatisplus.core.toolkit.CollectionUtils;
import java.lang.reflect.Field;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
import net.sf.jsqlparser.statement.select.PlainSelect;
import net.sf.jsqlparser.statement.select.Select;
import org.apache.ibatis.executor.Executor;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.mapping.SqlCommandType;
import org.apache.ibatis.plugin.Interceptor;
import org.apache.ibatis.plugin.Intercepts;
import org.apache.ibatis.plugin.Invocation;
import org.apache.ibatis.plugin.Plugin;
import org.apache.ibatis.plugin.Signature;
import org.apache.ibatis.session.ResultHandler;
import org.apache.ibatis.session.RowBounds;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Intercepts({@Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class})})
@Component
/* loaded from: input_file:com/asiainfo/aisquare/aisp/security/interceptor/AuthPermissionInterceptor.class */
public class AuthPermissionInterceptor implements Interceptor {
    private static final Logger log = LoggerFactory.getLogger(AuthPermissionInterceptor.class);

    public Object intercept(Invocation invocation) throws Throwable {
        MappedStatement mappedStatement = (MappedStatement) invocation.getArgs()[0];
        Object obj = invocation.getArgs()[1];
        SqlCommandType sqlCommandType = mappedStatement.getSqlCommandType();
        if (sqlCommandType == SqlCommandType.INSERT) {
            handleInsert(obj);
        } else if (sqlCommandType == SqlCommandType.UPDATE) {
            handleUpdate(obj);
        } else if (sqlCommandType == SqlCommandType.SELECT && AuthPermissionHolder.getAuthPermission() != null) {
            handleSelect(invocation, mappedStatement, obj);
        }
        try {
            Object proceed = invocation.proceed();
            AuthPermissionHolder.clear();
            return proceed;
        } catch (Throwable th) {
            AuthPermissionHolder.clear();
            throw th;
        }
    }

    private void handleInsert(Object obj) {
        if (obj instanceof Map) {
            AuthProfile authProfile = AuthUtil.getAuthProfile();
            Map map = (Map) obj;
            map.put("createUser", authProfile.getUserId());
            map.put("roleId", authProfile.getRoleId());
            map.put("projectId", authProfile.getProjectId());
            map.put("tenantId", authProfile.getTenantId());
        }
    }

    private void handleUpdate(Object obj) {
        if (obj instanceof Map) {
            Map map = (Map) obj;
            AuthProfile authProfile = AuthUtil.getAuthProfile();
            map.put("createUser", authProfile.getUserId());
            map.put("roleId", authProfile.getRoleId());
            map.put("projectId", authProfile.getProjectId());
            map.put("tenantId", authProfile.getTenantId());
        }
    }

    private void handleSelect(Invocation invocation, MappedStatement mappedStatement, Object obj) {
        BoundSql boundSql = mappedStatement.getBoundSql(obj);
        String sql = boundSql.getSql();
        String mainTable = SqlTableUtil.getMainTable(sql);
        log.debug("原始 SQL 为: {}", sql);
        log.debug("主表为: {}", mainTable);
        String addWhereCondition = addWhereCondition(sql, mainTable, AuthPermissionHolder.getAuthPermission());
        log.debug("修改后的 SQL 为: {}", addWhereCondition);
        try {
            BoundSql boundSql2 = new BoundSql(mappedStatement.getConfiguration(), addWhereCondition, boundSql.getParameterMappings(), boundSql.getParameterObject());
            Field declaredField = boundSql.getClass().getDeclaredField("additionalParameters");
            declaredField.setAccessible(true);
            for (String str : ((Map) declaredField.get(boundSql)).keySet()) {
                boundSql2.setAdditionalParameter(str, boundSql.getAdditionalParameter(str));
            }
            invocation.getArgs()[0] = copyMappedStatement(mappedStatement, boundSql2);
        } catch (Exception e) {
            log.error("反射设置additionalParameters失败,{}", boundSql.getSql(), e);
        }
    }

    private String addWhereCondition(String str, String str2, AuthPermission authPermission) {
        String extractAlias = extractAlias(str2);
        StringBuilder sb = new StringBuilder(" ( ");
        if (extractAlias != null) {
            sb.append(extractAlias).append(".");
        }
        if (StringUtils.isNotEmpty(authPermission.getUserId())) {
            sb.append("create_user = ").append(authPermission.getUserId());
        } else if (StringUtils.isNotEmpty(authPermission.getRoleId())) {
            sb.append("role_id = ").append(authPermission.getRoleId());
        } else if (StringUtils.isNotEmpty(authPermission.getProjectId())) {
            sb.append("project_id = ").append(authPermission.getProjectId());
        } else {
            if (!StringUtils.isNotEmpty(authPermission.getTenantId())) {
                return str;
            }
            sb.append("tenant_id = ").append(authPermission.getTenantId());
        }
        if (CollectionUtils.isNotEmpty(authPermission.getResIds())) {
            String join = String.join(",", authPermission.getResIds());
            sb.append(" or ");
            if (extractAlias != null) {
                sb.append(extractAlias).append(".");
            }
            sb.append("id in (").append(join).append(")");
        }
        sb.append(" ) ");
        return addConditionToWhereClause(str, sb.toString());
    }

    public String addConditionToWhereClause(String str, String str2) {
        try {
            Select parse = CCJSqlParserUtil.parse(str);
            PlainSelect selectBody = parse.getSelectBody();
            Expression where = selectBody.getWhere();
            Expression parseCondExpression = CCJSqlParserUtil.parseCondExpression(str2);
            if (where == null) {
                selectBody.setWhere(parseCondExpression);
            } else {
                selectBody.setWhere(CCJSqlParserUtil.parseCondExpression(where + " AND " + str2));
            }
            return parse.toString();
        } catch (Exception e) {
            log.error("解析sql发生错误：{}", str);
            return str;
        }
    }

    private String extractAlias(String str) {
        Matcher matcher = Pattern.compile("(?i)(\\S+)\\s+(?:AS\\s+)?(\\S+)").matcher(str);
        if (matcher.find()) {
            return matcher.group(2);
        }
        return null;
    }

    private MappedStatement copyMappedStatement(MappedStatement mappedStatement, BoundSql boundSql) {
        return new MappedStatement.Builder(mappedStatement.getConfiguration(), mappedStatement.getId(), obj -> {
            return boundSql;
        }, mappedStatement.getSqlCommandType()).resource(mappedStatement.getResource()).fetchSize(mappedStatement.getFetchSize()).timeout(mappedStatement.getTimeout()).statementType(mappedStatement.getStatementType()).keyGenerator(mappedStatement.getKeyGenerator()).keyProperty(String.join(",", mappedStatement.getKeyProperties() != null ? mappedStatement.getKeyProperties() : new String[0])).keyColumn(String.join(",", mappedStatement.getKeyColumns() != null ? mappedStatement.getKeyColumns() : new String[0])).databaseId(mappedStatement.getDatabaseId()).lang(mappedStatement.getLang()).resultOrdered(mappedStatement.isResultOrdered()).resulSets(String.join(",", mappedStatement.getResulSets() != null ? mappedStatement.getResulSets() : new String[0])).resultMaps(mappedStatement.getResultMaps()).resultSetType(mappedStatement.getResultSetType()).cache(mappedStatement.getCache()).flushCacheRequired(mappedStatement.isFlushCacheRequired()).useCache(mappedStatement.isUseCache()).build();
    }

    public Object plugin(Object obj) {
        return Plugin.wrap(obj, this);
    }
}
