package dev.flyfish.framework.user.config;

import com.anji.captcha.config.AjCaptchaServiceAutoConfiguration;
import com.anji.captcha.config.AjCaptchaStorageAutoConfiguration;
import com.anji.captcha.properties.AjCaptchaProperties;
import dev.flyfish.framework.configuration.jwt.JwtProperties;
import dev.flyfish.framework.configuration.jwt.JwtSecurityContextRepository;
import dev.flyfish.framework.configuration.jwt.TokenProvider;
import dev.flyfish.framework.domain.po.User;
import dev.flyfish.framework.enums.UserStatus;
import dev.flyfish.framework.enums.UserType;
import dev.flyfish.framework.handler.JsonAuthenticationFailureHandler;
import dev.flyfish.framework.handler.JsonAuthenticationSuccessHandler;
import dev.flyfish.framework.handler.JsonLogoutSuccessHandler;
import dev.flyfish.framework.service.AuthenticationAuditor;
import dev.flyfish.framework.service.AuthenticationLogger;
import dev.flyfish.framework.user.config.captcha.CaptchaValidator;
import dev.flyfish.framework.user.config.converter.EncryptedAuthenticationConverter;
import dev.flyfish.framework.user.config.properties.SecurityProperties;
import dev.flyfish.framework.user.domain.UserQo;
import dev.flyfish.framework.user.initializer.UserInitializer;
import dev.flyfish.framework.user.service.UserService;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import reactor.core.publisher.Mono;

@EnableConfigurationProperties({JwtProperties.class, SecurityProperties.class})
@EnableWebFluxSecurity
@EnableAutoConfiguration(exclude = {com.anji.captcha.config.AjCaptchaAutoConfiguration.class})
@Order(1)
@Import({AjCaptchaAutoConfiguration.class})
/* loaded from: input_file:dev/flyfish/framework/user/config/WebSecurityConfig.class */
public class WebSecurityConfig {

    @EnableConfigurationProperties({AjCaptchaProperties.class})
    @Configuration
    @ConditionalOnProperty(value = {"security.captcha.enable"}, havingValue = "true")
    @Import({AjCaptchaServiceAutoConfiguration.class, AjCaptchaStorageAutoConfiguration.class})
    /* loaded from: input_file:dev/flyfish/framework/user/config/WebSecurityConfig$AjCaptchaAutoConfiguration.class */
    static class AjCaptchaAutoConfiguration {
        AjCaptchaAutoConfiguration() {
        }
    }

    @Bean
    public static PasswordEncoder passwordEncoder() {
        DelegatingPasswordEncoder createDelegatingPasswordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
        createDelegatingPasswordEncoder.setDefaultPasswordEncoderForMatches(new BCryptPasswordEncoder());
        return createDelegatingPasswordEncoder;
    }

    @Bean
    public AuthenticationAuditor loginAuditor() {
        return new AuthenticationAuditorImpl();
    }

    @ConditionalOnMissingBean({AuthenticationLogger.class})
    @Bean
    public AuthenticationLogger authenticationLogger() {
        return new AuthenticationLogger() { // from class: dev.flyfish.framework.user.config.WebSecurityConfig.1
            public Mono<Void> success(UserDetails userDetails) {
                return Mono.empty();
            }

            public Mono<Void> failure(User user, AuthenticationException authenticationException) {
                return Mono.empty();
            }

            public Mono<Void> logout(UserDetails userDetails) {
                return Mono.empty();
            }
        };
    }

    @ConditionalOnProperty(value = {"jwt.enable"}, havingValue = "true")
    @Bean({"contextRepository"})
    public JwtSecurityContextRepository jwtSecurityContextRepository() {
        return new JwtSecurityContextRepository();
    }

    @ConditionalOnProperty(value = {"jwt.enable"}, havingValue = "false")
    @Bean
    public ServerSecurityContextRepository contextRepository() {
        return new WebSessionServerSecurityContextRepository();
    }

    @Bean
    public TokenProvider tokenProvider(JwtProperties jwtProperties) {
        return new TokenProvider(jwtProperties);
    }

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity, TokenProvider tokenProvider, SecurityProperties securityProperties, ReactiveUserDetailsService reactiveUserDetailsService, ServerAuthenticationConverter serverAuthenticationConverter, AuthenticationAuditor authenticationAuditor) {
        return serverHttpSecurity.securityContextRepository(contextRepository()).authorizeExchange(authorizeExchangeSpec -> {
            ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchangeSpec.pathMatchers((String[]) ArrayUtils.addAll(securityProperties.getAllowUris(), new String[]{"/api/logout", "/api/login"}))).permitAll().pathMatchers(new String[]{"/api/users/**"})).authenticated().anyExchange().authenticated();
        }).formLogin(formLoginSpec -> {
            formLoginSpec.disable();
        }).httpBasic(httpBasicSpec -> {
            httpBasicSpec.disable();
        }).logout(logoutSpec -> {
            logoutSpec.logoutUrl("/api/logout").logoutSuccessHandler(new JsonLogoutSuccessHandler(authenticationAuditor, tokenProvider));
        }).exceptionHandling(exceptionHandlingSpec -> {
            exceptionHandlingSpec.authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED)).accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.UNAUTHORIZED));
        }).csrf(csrfSpec -> {
            csrfSpec.disable();
        }).addFilterAt(configure(new UserDetailsRepositoryReactiveAuthenticationManager(reactiveUserDetailsService), authenticationAuditor, serverAuthenticationConverter), SecurityWebFiltersOrder.FORM_LOGIN).build();
    }

    @Bean
    public ServerAuthenticationConverter encryptedAuthenticateConverter(SecurityProperties securityProperties, ObjectProvider<CaptchaValidator> objectProvider) {
        return new EncryptedAuthenticationConverter(securityProperties, objectProvider);
    }

    @ConditionalOnMissingBean({UserInitializer.class})
    @Bean
    public UserInitializer userInitializer(UserService userService) {
        return () -> {
            UserQo userQo = new UserQo();
            userQo.setType(UserType.SUPER_ADMIN.name());
            userService.count(userQo).filter(l -> {
                return l.longValue() == 0;
            }).flatMap(l2 -> {
                User user = new User();
                user.setUsername("admin");
                user.setPassword("Sxu@Unicom#2021");
                user.setType(UserType.SUPER_ADMIN);
                user.setEnable(true);
                user.setApp(false);
                user.setStatus(UserStatus.NORMAL);
                user.setPhone("10000000000");
                user.setName("超级管理员");
                user.setCode("Administrator");
                return userService.createSelective(user);
            }).subscribe();
        };
    }

    private AuthenticationWebFilter configure(ReactiveAuthenticationManager reactiveAuthenticationManager, AuthenticationAuditor authenticationAuditor, ServerAuthenticationConverter serverAuthenticationConverter) {
        AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(reactiveAuthenticationManager);
        authenticationWebFilter.setRequiresAuthenticationMatcher(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, new String[]{"/login", "/api/login"}));
        authenticationWebFilter.setAuthenticationFailureHandler(new JsonAuthenticationFailureHandler(authenticationAuditor));
        authenticationWebFilter.setServerAuthenticationConverter(serverAuthenticationConverter);
        authenticationWebFilter.setAuthenticationSuccessHandler(new JsonAuthenticationSuccessHandler(authenticationAuditor));
        authenticationWebFilter.setSecurityContextRepository(contextRepository());
        return authenticationWebFilter;
    }
}
