package mo.com.widebox.jchr.pages.app;

import java.io.InputStream;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import mo.com.widebox.jchr.base.ApiPage;
import mo.com.widebox.jchr.entities.Leave;
import mo.com.widebox.jchr.entities.LeaveFile;
import mo.com.widebox.jchr.entities.StaffSecret;
import mo.com.widebox.jchr.internal.ApplicationConstants;
import mo.com.widebox.jchr.internal.HashHelpler;
import mo.com.widebox.jchr.internal.TimeStampHelper;
import mo.com.widebox.jchr.services.AppService;
import one.widebox.foggyland.tapestry5.OctetStreamResponse;
import one.widebox.foggyland.tapestry5.PdfStreamResponse;
import one.widebox.foggyland.tapestry5.hibernate.services.Dao;
import one.widebox.foggyland.tapestry5.services.oss.OssService;
import one.widebox.smartime.api.services.StaffValidator;
import org.apache.commons.lang.StringUtils;
import org.apache.tapestry5.EventContext;
import org.apache.tapestry5.ioc.annotations.Inject;
import org.hibernate.criterion.Restrictions;
import org.hibernate.hql.internal.classic.ParserHelper;

/* loaded from: input_file:WEB-INF/classes/mo/com/widebox/jchr/pages/app/AppFiles.class */
public class AppFiles extends ApiPage {

    @Inject
    private StaffValidator staffValidator;

    @Inject
    private OssService ossService;

    @Inject
    private AppService appService;

    @Inject
    private Dao dao;

    @Override // mo.com.widebox.jchr.base.ApiPage
    public Object onActivate(EventContext eventContext) {
        super.onActivate(eventContext);
        if (eventContext.getCount() != 4) {
            return ApplicationConstants.HTTP_ERROR_404;
        }
        Long l = (Long) eventContext.get(Long.class, 0);
        Long l2 = (Long) eventContext.get(Long.class, 1);
        Long l3 = (Long) eventContext.get(Long.class, 2);
        String str = (String) eventContext.get(String.class, 3);
        if (!TimeStampHelper.diffLessThanFifteenMinutes(l3.longValue())) {
            return ApplicationConstants.HTTP_ERROR_404;
        }
        if (!(str != null && str.equals(HashHelpler.sha256(l.toString(), l2.toString(), l3.toString(), getBase32Secret(l2))))) {
            return ApplicationConstants.HTTP_ERROR_404;
        }
        LeaveFile leaveFile = (LeaveFile) this.dao.findById(LeaveFile.class, l);
        if (leaveFile.getId() != null && hasRight(l2, leaveFile.getLeave())) {
            InputStream loadAsStream = this.ossService.loadAsStream(leaveFile.getFilePath());
            String fileName = leaveFile.getFileName();
            return "pdf".equals(StringUtils.substringAfterLast(fileName, ParserHelper.PATH_SEPARATORS)) ? new PdfStreamResponse(loadAsStream) : new OctetStreamResponse(loadAsStream, fileName);
        }
        return ApplicationConstants.HTTP_ERROR_404;
    }

    private String getBase32Secret(Long l) {
        return ((StaffSecret) this.dao.findOne(StaffSecret.class, Arrays.asList(Restrictions.eq("staff.id", l)))).getBase32Secret();
    }

    private boolean hasRight(Long l, Leave leave) {
        Iterator<List<Long>> it = this.appService.findDepIdsAndSupervisorIds(l).iterator();
        List<Long> next = it.next();
        List<Long> next2 = it.next();
        if (next.isEmpty() || !next.contains(leave.getStaff().getDepartmentId())) {
            return false;
        }
        return next2.isEmpty() || !next2.contains(leave.getStaff().getId());
    }
}
