package kd.bos.ha.http.service.api.external.base;

import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.util.HashMap;
import java.util.Map;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.db.DB;
import kd.bos.encrypt.Encrypters;
import kd.bos.eye.api.oplog.OpLogEntity;
import kd.bos.eye.api.oplog.OpLogManager;
import kd.bos.eye.api.oplog.OpLogUtil;
import kd.bos.eye.api.oplog.OpLogger;
import kd.bos.eye.api.oplog.OpType;
import kd.bos.eye.auth.EyeAuther;
import kd.bos.eye.auth.SessionStore;
import kd.bos.eye.proxy.EyeProxyHandler;
import kd.bos.eye.util.ExchangeVueUtils;
import kd.bos.ha.watch.action.spi.SpiUtil;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.util.JSONUtils;
import kd.bos.util.StringUtils;

/* loaded from: input_file:kd/bos/ha/http/service/api/external/base/AbstractExternalHttpHandler.class */
public abstract class AbstractExternalHttpHandler implements HttpHandler {
    private static final String EXTERNAL_USER = "monitor.external.account.user";
    private static final String EXTERNAL_PD = "monitor.external.account.pd";
    private static final String AUTH_KEY = "auth";
    private Map<String, Object> paramMap;
    private static final Log log = LogFactory.getLog(AbstractExternalHttpHandler.class);
    private static final String PROXY_HEADER_KEY = EyeProxyHandler.PROXY_HEADER_KEY;
    private static final String PROXY_HEADER_VALUE = EyeProxyHandler.PROXY_HEADER_VALUE;
    private static final OpLogger opLogger = OpLogManager.getLogger();

    protected abstract void handle0(HttpExchange httpExchange) throws IOException;

    public Map<String, Object> getParamMap() {
        return this.paramMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map getProxyHeaderMap() {
        HashMap hashMap = new HashMap(1);
        hashMap.put(PROXY_HEADER_KEY, PROXY_HEADER_VALUE);
        return hashMap;
    }

    public void handle(HttpExchange httpExchange) throws IOException {
        try {
            this.paramMap = (Map) ExchangeVueUtils.parseJsonFromPost(httpExchange, HashMap.class);
            if (!this.paramMap.containsKey(AUTH_KEY)) {
                writeJson(ExternalApiResult.error(422, "The server is unable to process the request due to missing or invalid required parameters"), httpExchange);
                return;
            }
            Map map = (Map) this.paramMap.get(AUTH_KEY);
            String str = (String) map.get("username");
            String str2 = (String) map.get("password");
            if (StringUtils.isEmpty(str) || StringUtils.isEmpty(str2)) {
                log.error("auth message is null, access denied");
                writeJson(ExternalApiResult.error(403, "auth message is null, access denied"), httpExchange);
                return;
            }
            if (Boolean.getBoolean("monitor.external.auth.bymc") && checkAuthByMC(str, str2)) {
                writeJson(ExternalApiResult.error(403, "The username or password is incorrect, access denied"), httpExchange);
                return;
            }
            if (!EyeAuther.checkUser(str, Encrypters.decode(str2)) || EyeAuther.isLocked(str)) {
                int errorTimes = getErrorTimes(str);
                if (EyeAuther.isForbidden(str)) {
                    writeJson(ExternalApiResult.error(403, String.format("User: %s login errors have reached %s times, and the account is locked. Please try again in 30 minutes", str, Integer.valueOf(errorTimes))), httpExchange);
                    return;
                } else {
                    writeJson(ExternalApiResult.error(403, "The username or password is incorrect, access denied"), httpExchange);
                    return;
                }
            }
            if (!System.getProperty("monitor.user").equals(str) && EyeAuther.isExpirePassword(str)) {
                writeJson(ExternalApiResult.error(403, "User password has expired"), httpExchange);
                return;
            }
            if (!EyeAuther.checkPermission(str, httpExchange.getRequestURI().getPath())) {
                writeJson(ExternalApiResult.error(403, ResManager.loadKDString("当前用户没有此操作的权限，请联系管理员在Monitor平台上为当前用户分配操作权限", "AbstractExternalHttpHandler_0", SpiUtil.BOS_HA, new Object[0])), httpExchange);
                return;
            }
            try {
                handle0(httpExchange);
            } catch (Exception e) {
                log.error("Monitor对外接口异常: " + httpExchange.getRequestURI().getPath(), e);
                String message = e.getMessage();
                writeJson(ExternalApiResult.error(500, StringUtils.isNotEmpty(message) ? message : "An unknown exception occurred"), httpExchange);
            }
        } catch (IOException e2) {
            writeJson(ExternalApiResult.error(400, "Parameter parsing error"), httpExchange);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void opLog(HttpExchange httpExchange, OpType opType, String str, String str2) {
        OpLogEntity opLogEntity = new OpLogEntity();
        opLogEntity.setId(DB.genLongId("T_MONITOR_OPLOG"));
        opLogEntity.setUserName((String) ((Map) this.paramMap.get(AUTH_KEY)).get("username"));
        opLogEntity.setOpTime(LocalDateTime.now());
        opLogEntity.setClientIp(OpLogUtil.getRemoteHost(httpExchange));
        opLogEntity.setOpType(opType.getTypeDescription());
        opLogEntity.setOpObject(str);
        opLogEntity.setDescription(str2);
        opLogger.opLog(opLogEntity);
    }

    private boolean checkAuthByMC(String str, String str2) {
        String property = System.getProperty(EXTERNAL_USER);
        String property2 = System.getProperty(EXTERNAL_PD);
        if (StringUtils.isEmpty(property) || StringUtils.isEmpty(property2)) {
            return false;
        }
        return property.equals(str) && Encrypters.decode(property2).equals(str2);
    }

    private int getErrorTimes(String str) {
        String str2 = (String) SessionStore.get().getCache().get("monitor-forbidden-account-" + str, str);
        if (StringUtils.isEmpty(str2)) {
            return 0;
        }
        return Integer.parseInt(str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeJson(ExternalApiResult externalApiResult, HttpExchange httpExchange) throws IOException {
        byte[] bytes = JSONUtils.toString(externalApiResult).getBytes(StandardCharsets.UTF_8);
        httpExchange.getResponseHeaders().set("Content-Type", "application/json; charset=UTF-8");
        httpExchange.sendResponseHeaders(202, bytes.length);
        httpExchange.getResponseBody().write(bytes);
        httpExchange.close();
    }
}
