package cn.stylefeng.roses.kernel.auth.auth;

import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.StrUtil;
import cn.hutool.extra.spring.SpringUtil;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpResponse;
import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
import cn.stylefeng.roses.kernel.auth.api.TempSecretApi;
import cn.stylefeng.roses.kernel.auth.api.TenantCodeGetApi;
import cn.stylefeng.roses.kernel.auth.api.context.AuthJwtContext;
import cn.stylefeng.roses.kernel.auth.api.exception.AuthException;
import cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum;
import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
import cn.stylefeng.roses.kernel.auth.api.expander.LoginConfigExpander;
import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
import cn.stylefeng.roses.kernel.auth.api.password.PasswordTransferEncryptApi;
import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginRequest;
import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginResponse;
import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
import cn.stylefeng.roses.kernel.auth.api.pojo.payload.DefaultJwtPayload;
import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
import cn.stylefeng.roses.kernel.demo.expander.DemoConfigExpander;
import cn.stylefeng.roses.kernel.log.api.LoginLogServiceApi;
import cn.stylefeng.roses.kernel.rule.util.HttpServletUtil;
import cn.stylefeng.roses.kernel.scanner.api.exception.ScannerException;
import cn.stylefeng.roses.kernel.scanner.api.exception.enums.ScannerExceptionEnum;
import cn.stylefeng.roses.kernel.scanner.api.holder.InitScanFlagHolder;
import cn.stylefeng.roses.kernel.security.api.DragCaptchaApi;
import cn.stylefeng.roses.kernel.security.api.ImageCaptchaApi;
import cn.stylefeng.roses.kernel.security.api.expander.SecurityConfigExpander;
import cn.stylefeng.roses.kernel.sys.api.SysUserServiceApi;
import cn.stylefeng.roses.kernel.sys.api.enums.user.UserStatusEnum;
import cn.stylefeng.roses.kernel.sys.api.pojo.user.UserValidateDTO;
import cn.stylefeng.roses.kernel.validator.api.exception.enums.ValidatorExceptionEnum;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import java.util.Date;
import javax.annotation.Resource;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cn/stylefeng/roses/kernel/auth/auth/LoginService.class */
public class LoginService {

    @Resource
    private SysUserServiceApi sysUserServiceApi;

    @Resource
    private SessionManagerApi sessionManagerApi;

    @Resource
    private PasswordTransferEncryptApi passwordTransferEncryptApi;

    @Resource
    private ImageCaptchaApi captchaApi;

    @Resource
    private DragCaptchaApi dragCaptchaApi;

    @Resource
    private LoginLogServiceApi loginLogServiceApi;

    @Resource(name = "loginErrorCountCacheApi")
    private CacheOperatorApi<Integer> loginErrorCountCacheApi;

    @Resource
    private PasswordStoredEncryptApi passwordStoredEncryptApi;

    @Resource
    private TenantCodeGetApi tenantCodeGetApi;

    public LoginResponse loginAction(LoginRequest loginRequest, Boolean bool, String str) {
        if (!InitScanFlagHolder.getFlag().booleanValue()) {
            throw new ScannerException(ScannerExceptionEnum.SYSTEM_RESOURCE_URL_NOT_INIT);
        }
        validateEmptyParams(loginRequest, bool);
        Integer validatePasswordRetryTimes = validatePasswordRetryTimes(loginRequest);
        validateCaptcha(loginRequest);
        decryptRequestPassword(loginRequest);
        Long tenantIdByCode = this.tenantCodeGetApi.getTenantIdByCode(loginRequest.getTenantCode());
        UserValidateDTO userLoginValidateDTO = this.sysUserServiceApi.getUserLoginValidateDTO(tenantIdByCode, loginRequest.getAccount());
        validateUserPassword(bool, validatePasswordRetryTimes, loginRequest, userLoginValidateDTO);
        if (!UserStatusEnum.ENABLE.getCode().equals(userLoginValidateDTO.getUserStatus())) {
            throw new AuthException(AuthExceptionEnum.USER_STATUS_ERROR, new Object[]{UserStatusEnum.getCodeMessage(userLoginValidateDTO.getUserStatus())});
        }
        String generateTokenDefaultPayload = AuthJwtContext.me().generateTokenDefaultPayload(new DefaultJwtPayload(userLoginValidateDTO.getUserId(), loginRequest.getAccount(), loginRequest.getRememberMe().booleanValue(), str));
        LoginUser loginUser = new LoginUser(userLoginValidateDTO.getUserId(), loginRequest.getAccount(), generateTokenDefaultPayload, tenantIdByCode);
        String requestClientIp = HttpServletUtil.getRequestClientIp(HttpServletUtil.getRequest());
        loginUser.setLoginIp(requestClientIp);
        loginUser.setLoginTime(new Date());
        synchronized (loginRequest.getAccount().intern()) {
            this.sessionManagerApi.createSession(generateTokenDefaultPayload, loginUser);
            if (LoginConfigExpander.getSingleAccountLoginFlag()) {
                this.sessionManagerApi.removeSessionExcludeToken(generateTokenDefaultPayload);
            }
        }
        if (!DemoConfigExpander.getDemoEnvFlag().booleanValue()) {
            this.sysUserServiceApi.updateUserLoginInfo(loginUser.getUserId(), requestClientIp);
            this.loginLogServiceApi.loginSuccess(loginUser.getUserId());
        }
        this.loginErrorCountCacheApi.remove(new String[]{loginRequest.getAccount()});
        return new LoginResponse(loginUser.getUserId(), generateTokenDefaultPayload);
    }

    private void decryptRequestPassword(LoginRequest loginRequest) {
        if (loginRequest.getPassword() == null || !LoginConfigExpander.getPasswordRsaValidateFlag().booleanValue()) {
            return;
        }
        loginRequest.setPassword(this.passwordTransferEncryptApi.decrypt(loginRequest.getPassword()));
    }

    private void validateCaptcha(LoginRequest loginRequest) {
        if (SecurityConfigExpander.getCaptchaOpen().booleanValue()) {
            String verKey = loginRequest.getVerKey();
            String verCode = loginRequest.getVerCode();
            if (StrUtil.isEmpty(verKey) || StrUtil.isEmpty(verCode)) {
                throw new AuthException(ValidatorExceptionEnum.CAPTCHA_EMPTY);
            }
            if (!this.captchaApi.validateCaptcha(verKey, verCode)) {
                throw new AuthException(ValidatorExceptionEnum.CAPTCHA_ERROR);
            }
        }
        if (SecurityConfigExpander.getDragCaptchaOpen().booleanValue()) {
            String verKey2 = loginRequest.getVerKey();
            String verCode2 = loginRequest.getVerCode();
            if (StrUtil.isEmpty(verKey2) || StrUtil.isEmpty(verCode2)) {
                throw new AuthException(ValidatorExceptionEnum.CAPTCHA_EMPTY);
            }
            if (!this.dragCaptchaApi.validateCaptcha(verKey2, Convert.toInt(verCode2))) {
                throw new AuthException(ValidatorExceptionEnum.DRAG_CAPTCHA_ERROR);
            }
        }
    }

    private Integer validatePasswordRetryTimes(LoginRequest loginRequest) {
        Integer num = (Integer) this.loginErrorCountCacheApi.get(loginRequest.getAccount());
        if (num == null || num.intValue() < LoginConfigExpander.getMaxErrorLoginCount().intValue()) {
            return num;
        }
        this.sysUserServiceApi.lockUserStatus(loginRequest.getTenantCode(), loginRequest.getAccount());
        throw new AuthException(AuthExceptionEnum.LOGIN_LOCKED);
    }

    private static void validateEmptyParams(LoginRequest loginRequest, Boolean bool) {
        if (bool.booleanValue()) {
            if (loginRequest == null || StrUtil.hasBlank(new CharSequence[]{loginRequest.getAccount(), loginRequest.getPassword()})) {
                throw new AuthException(AuthExceptionEnum.PARAM_EMPTY);
            }
        } else if (loginRequest == null || StrUtil.hasBlank(new CharSequence[]{loginRequest.getAccount()})) {
            throw new AuthException(AuthExceptionEnum.ACCOUNT_IS_BLANK);
        }
    }

    private String getRemoteLoginCode(LoginRequest loginRequest) {
        HttpRequest post = HttpRequest.post(AuthConfigExpander.getSsoUrl() + "/sso/getLoginCode");
        post.body(JSON.toJSONString(loginRequest));
        HttpResponse execute = post.execute();
        String body = execute.body();
        JSONObject jSONObject = new JSONObject();
        if (StrUtil.isNotBlank(body)) {
            jSONObject = JSON.parseObject(body);
        }
        if (execute.getStatus() != 200) {
            throw new AuthException(AuthExceptionEnum.SSO_LOGIN_CODE_GET_ERROR, new Object[]{jSONObject.getString("message")});
        }
        String string = jSONObject.getString("data");
        if (string == null) {
            throw new AuthException(AuthExceptionEnum.SSO_LOGIN_CODE_GET_ERROR, new Object[]{"loginCode为空"});
        }
        return string;
    }

    private void validateUserPassword(Boolean bool, Integer num, LoginRequest loginRequest, UserValidateDTO userValidateDTO) {
        if (bool.booleanValue() && !this.passwordStoredEncryptApi.checkPasswordWithSalt(loginRequest.getPassword(), userValidateDTO.getUserPasswordSalt(), userValidateDTO.getUserPasswordHexed()).booleanValue()) {
            try {
                TempSecretApi tempSecretApi = (TempSecretApi) SpringUtil.getBean(TempSecretApi.class);
                if (tempSecretApi != null) {
                    if (tempSecretApi.validateUserTempSecretKey(userValidateDTO.getUserId(), loginRequest.getPassword())) {
                        return;
                    }
                }
            } catch (Exception e) {
            }
            if (num == null) {
                num = 0;
            }
            if (!DemoConfigExpander.getDemoEnvFlag().booleanValue()) {
                this.loginErrorCountCacheApi.put(loginRequest.getAccount(), Integer.valueOf(num.intValue() + 1));
            }
            throw new AuthException(AuthExceptionEnum.USERNAME_PASSWORD_ERROR);
        }
    }
}
