Subversion Repositories SmartDukaan

package com.spice.profitmandi.web.interceptor;

import java.util.HashSet;

import java.util.Set;

import java.util.function.Predicate;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.apache.logging.log4j.Logger;

import org.apache.logging.log4j.LogManager;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.http.HttpStatus;

import org.springframework.http.MediaType;

import org.springframework.stereotype.Component;

import org.springframework.web.servlet.HandlerInterceptor;

import org.springframework.web.servlet.ModelAndView;

import com.spice.profitmandi.common.exception.ProfitMandiBusinessException;

import com.spice.profitmandi.dao.enumuration.dtr.RoleType;

import com.spice.profitmandi.web.model.LoginDetails;

import com.spice.profitmandi.web.util.CookiesProcessor;

import com.spice.profitmandi.web.util.MVCResponseSender;

@Component

public class RoleInterceptor implements HandlerInterceptor {

	private static final Logger LOGGER = LogManager.getLogger(RoleInterceptor.class);

	private static final Set<String> REQUESTED_URI_PATTERNS = new HashSet<>();

	static{

		REQUESTED_URI_PATTERNS.add("/fofo");

		REQUESTED_URI_PATTERNS.add("/fofo/");

		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit");

		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit/");

		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/file-display");

		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/file-display/");

	}

	@Autowired

	private MVCResponseSender mvcResponseSender;

	@Autowired

	private CookiesProcessor cookiesProcessor;

	@Override

	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3)

			throws Exception {

	}

	@Override

	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object arg2, ModelAndView arg3)

			throws Exception {

		LOGGER.info("request is received after : "+request.getRequestURL().toString());

	}

	@Override

	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {

		LOGGER.info("request is received before uri : "+request.getRequestURI());

		LOGGER.info("Request method {}",request.getMethod());

		try {

			LoginDetails fofoDetails = cookiesProcessor.getCookiesObject(request);

			LOGGER.info(fofoDetails.toString());

			if(

				// condition start

				// first condition start

				(REQUESTED_URI_PATTERNS.stream().anyMatch(new Predicate<String>() {

					@Override

					public boolean test(String regexUriPattern) {

						LOGGER.info("requestedUri {} == predefinedPattern {} => {}", request.getRequestURI(), request.getContextPath() + regexUriPattern, request.getRequestURI().matches(request.getContextPath() + regexUriPattern));

						return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);

					};

				})

				// first condition end

				&&

				// second condition start

				fofoDetails.getRoleTypes().contains(RoleType.FOFO_ADMIN)

				) 

				|| 

				(REQUESTED_URI_PATTERNS.stream().noneMatch((new Predicate<String>() {

					@Override

					public boolean test(String regexUriPattern) {

						return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);

					};

				}))

				&&

				fofoDetails.getRoleTypes().contains(RoleType.FOFO)

				)

			) {

				return true;

			} else {

				LOGGER.error("Accessed Uri {} is forbidden", request.getRequestURI());

				response.setStatus(HttpStatus.FORBIDDEN.value());

				response.setContentType(MediaType.APPLICATION_JSON_VALUE);

				response.setCharacterEncoding("UTF-8");

				response.getWriter().write(mvcResponseSender.createResponseString("GE_1004", false, "/error"));

				response.getWriter().flush();

				return false;

			}

		} catch (ProfitMandiBusinessException e) {

			LOGGER.error("Requested session is expired", e);

			return false;

		}

	}

}