package cn.stylefeng.roses.kernel.auth.auth;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpResponse;
import cn.stylefeng.roses.kernel.auth.api.AuthServiceApi;
import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
import cn.stylefeng.roses.kernel.auth.api.exception.AuthException;
import cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum;
import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
import cn.stylefeng.roses.kernel.auth.api.password.PasswordTransferEncryptApi;
import cn.stylefeng.roses.kernel.auth.api.pojo.SsoProperties;
import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginRequest;
import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginResponse;
import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginWithTokenRequest;
import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
import cn.stylefeng.roses.kernel.demo.expander.DemoConfigExpander;
import cn.stylefeng.roses.kernel.jwt.JwtTokenOperator;
import cn.stylefeng.roses.kernel.jwt.api.context.JwtContext;
import cn.stylefeng.roses.kernel.jwt.api.exception.enums.JwtExceptionEnum;
import cn.stylefeng.roses.kernel.jwt.api.pojo.config.JwtConfig;
import cn.stylefeng.roses.kernel.jwt.api.pojo.payload.DefaultJwtPayload;
import cn.stylefeng.roses.kernel.log.api.LoginLogServiceApi;
import cn.stylefeng.roses.kernel.message.api.expander.WebSocketConfigExpander;
import cn.stylefeng.roses.kernel.rule.util.HttpServletUtil;
import cn.stylefeng.roses.kernel.security.api.DragCaptchaApi;
import cn.stylefeng.roses.kernel.security.api.ImageCaptchaApi;
import cn.stylefeng.roses.kernel.security.api.expander.SecurityConfigExpander;
import cn.stylefeng.roses.kernel.system.api.UserServiceApi;
import cn.stylefeng.roses.kernel.system.api.enums.UserStatusEnum;
import cn.stylefeng.roses.kernel.system.api.pojo.user.UserLoginInfoDTO;
import cn.stylefeng.roses.kernel.validator.api.exception.enums.ValidatorExceptionEnum;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import io.jsonwebtoken.JwtException;
import java.util.Date;
import javax.annotation.Resource;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.class */
public class AuthServiceImpl implements AuthServiceApi {
    private static final Object SESSION_OPERATE_LOCK = new Object();

    @Resource
    private UserServiceApi userServiceApi;

    @Resource
    private SessionManagerApi sessionManagerApi;

    @Resource
    private PasswordStoredEncryptApi passwordStoredEncryptApi;

    @Resource
    private PasswordTransferEncryptApi passwordTransferEncryptApi;

    @Resource
    private LoginLogServiceApi loginLogServiceApi;

    @Resource
    private ImageCaptchaApi captchaApi;

    @Resource
    private DragCaptchaApi dragCaptchaApi;

    @Resource
    private SsoProperties ssoProperties;

    public LoginResponse login(LoginRequest loginRequest) {
        return loginAction(loginRequest, true, null);
    }

    public LoginResponse loginWithUserName(String str) {
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setAccount(str);
        return loginAction(loginRequest, false, null);
    }

    public LoginResponse loginWithUserNameAndCaToken(String str, String str2) {
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setAccount(str);
        return loginAction(loginRequest, false, str2);
    }

    public LoginResponse LoginWithToken(LoginWithTokenRequest loginWithTokenRequest) {
        JwtConfig jwtConfig = new JwtConfig();
        jwtConfig.setJwtSecret(AuthConfigExpander.getSsoJwtSecret());
        jwtConfig.setExpiredSeconds(0L);
        try {
            Object obj = new JwtTokenOperator(jwtConfig).getJwtPayloadClaims(loginWithTokenRequest.getToken()).get("userInfo");
            if (ObjectUtil.isEmpty(obj)) {
                throw new AuthException(AuthExceptionEnum.SSO_TOKEN_GET_USER_ERROR);
            }
            try {
                JSONObject parseObject = JSON.parseObject(SecureUtil.aes(Base64.decode(AuthConfigExpander.getSsoDataDecryptSecret())).decryptStr(obj.toString(), CharsetUtil.CHARSET_UTF_8));
                String string = parseObject.getString("account");
                String string2 = parseObject.getString("caToken");
                if (string == null) {
                    throw new AuthException(AuthExceptionEnum.SSO_TOKEN_DECRYPT_USER_ERROR);
                }
                return loginWithUserNameAndCaToken(string, string2);
            } catch (Exception e) {
                throw new AuthException(AuthExceptionEnum.SSO_TOKEN_DECRYPT_USER_ERROR, new Object[]{e.getMessage()});
            }
        } catch (Exception e2) {
            throw new AuthException(AuthExceptionEnum.SSO_TOKEN_PARSE_ERROR, new Object[]{e2.getMessage()});
        }
    }

    public void logout() {
        String token = LoginContext.me().getToken();
        if (!DemoConfigExpander.getDemoEnvFlag().booleanValue() && StrUtil.isNotEmpty(token)) {
            this.loginLogServiceApi.loginOutSuccess(LoginContext.me().getLoginUser().getUserId());
        }
        logoutWithToken(token);
        this.sessionManagerApi.destroySessionCookie();
    }

    public void logoutWithToken(String str) {
        this.sessionManagerApi.removeSession(str);
    }

    public void validateToken(String str) throws AuthException {
        try {
            JwtContext.me().validateTokenWithException(str);
            if (this.sessionManagerApi.getSession(str) == null) {
                throw new AuthException(AuthExceptionEnum.AUTH_EXPIRED_ERROR);
            }
        } catch (JwtException e) {
            throw new AuthException(AuthExceptionEnum.TOKEN_PARSE_ERROR);
        } catch (cn.stylefeng.roses.kernel.jwt.api.exception.JwtException e2) {
            if (!JwtExceptionEnum.JWT_EXPIRED_ERROR.getErrorCode().equals(e2.getErrorCode())) {
                throw new AuthException(AuthExceptionEnum.TOKEN_PARSE_ERROR);
            }
            throw new AuthException(AuthExceptionEnum.AUTH_EXPIRED_ERROR);
        }
    }

    public void checkAuth(String str, String str2) {
        if (StrUtil.isEmpty(str)) {
            throw new AuthException(AuthExceptionEnum.TOKEN_GET_ERROR);
        }
        validateToken(str);
    }

    private LoginResponse loginAction(LoginRequest loginRequest, Boolean bool, String str) {
        if (bool.booleanValue()) {
            if (loginRequest == null || StrUtil.hasBlank(new CharSequence[]{loginRequest.getAccount(), loginRequest.getPassword()})) {
                throw new AuthException(AuthExceptionEnum.PARAM_EMPTY);
            }
        } else if (loginRequest == null || StrUtil.hasBlank(new CharSequence[]{loginRequest.getAccount()})) {
            throw new AuthException(AuthExceptionEnum.ACCOUNT_IS_BLANK);
        }
        if (SecurityConfigExpander.getCaptchaOpen().booleanValue()) {
            String verKey = loginRequest.getVerKey();
            String verCode = loginRequest.getVerCode();
            if (StrUtil.isEmpty(verKey) || StrUtil.isEmpty(verCode)) {
                throw new AuthException(ValidatorExceptionEnum.CAPTCHA_EMPTY);
            }
            if (!this.captchaApi.validateCaptcha(verKey, verCode)) {
                throw new AuthException(ValidatorExceptionEnum.CAPTCHA_ERROR);
            }
        }
        if (SecurityConfigExpander.getDragCaptchaOpen().booleanValue()) {
            String verKey2 = loginRequest.getVerKey();
            String verCode2 = loginRequest.getVerCode();
            if (StrUtil.isEmpty(verKey2) || StrUtil.isEmpty(verCode2)) {
                throw new AuthException(ValidatorExceptionEnum.CAPTCHA_EMPTY);
            }
            if (!this.dragCaptchaApi.validateCaptcha(verKey2, Convert.toInt(verCode2))) {
                throw new AuthException(ValidatorExceptionEnum.DRAG_CAPTCHA_ERROR);
            }
        }
        if (this.ssoProperties.getOpenFlag().booleanValue() && StrUtil.isEmpty(str)) {
            return new LoginResponse(getRemoteLoginCode(loginRequest));
        }
        UserLoginInfoDTO userLoginInfo = this.userServiceApi.getUserLoginInfo(loginRequest.getAccount());
        if (bool.booleanValue() && !this.passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userLoginInfo.getUserPasswordHexed()).booleanValue()) {
            throw new AuthException(AuthExceptionEnum.USERNAME_PASSWORD_ERROR);
        }
        if (!UserStatusEnum.ENABLE.getCode().equals(userLoginInfo.getUserStatus())) {
            throw new AuthException(AuthExceptionEnum.USER_STATUS_ERROR, new Object[]{UserStatusEnum.getCodeMessage(userLoginInfo.getUserStatus())});
        }
        LoginUser loginUser = userLoginInfo.getLoginUser();
        DefaultJwtPayload defaultJwtPayload = new DefaultJwtPayload(loginUser.getUserId(), loginUser.getAccount(), loginRequest.getRememberMe().booleanValue(), str);
        String generateTokenDefaultPayload = JwtContext.me().generateTokenDefaultPayload(defaultJwtPayload);
        loginUser.setToken(generateTokenDefaultPayload);
        loginUser.setTenantCode(loginRequest.getTenantCode());
        synchronized (SESSION_OPERATE_LOCK) {
            loginUser.setWsUrl(WebSocketConfigExpander.getWebSocketWsUrl());
            this.sessionManagerApi.createSession(generateTokenDefaultPayload, loginUser, loginRequest.getCreateCookie());
            if (AuthConfigExpander.getSingleAccountLoginFlag()) {
                this.sessionManagerApi.removeSessionExcludeToken(generateTokenDefaultPayload);
            }
        }
        if (!DemoConfigExpander.getDemoEnvFlag().booleanValue()) {
            this.userServiceApi.updateUserLoginInfo(loginUser.getUserId(), new Date(), HttpServletUtil.getRequestClientIp(HttpServletUtil.getRequest()));
            this.loginLogServiceApi.loginSuccess(loginUser.getUserId());
        }
        return new LoginResponse(loginUser, generateTokenDefaultPayload, defaultJwtPayload.getExpirationDate());
    }

    private String getRemoteLoginCode(LoginRequest loginRequest) {
        HttpRequest post = HttpRequest.post(AuthConfigExpander.getSsoUrl() + "/sso/getLoginCode");
        post.body(JSON.toJSONString(loginRequest));
        HttpResponse execute = post.execute();
        String body = execute.body();
        JSONObject jSONObject = new JSONObject();
        if (StrUtil.isNotBlank(body)) {
            jSONObject = JSON.parseObject(body);
        }
        if (execute.getStatus() != 200) {
            throw new AuthException(AuthExceptionEnum.SSO_LOGIN_CODE_GET_ERROR, new Object[]{jSONObject.getString("message")});
        }
        String string = jSONObject.getString("data");
        if (string == null) {
            throw new AuthException(AuthExceptionEnum.SSO_LOGIN_CODE_GET_ERROR, new Object[]{"loginCode为空"});
        }
        return string;
    }
}
