package com.we.base.sso.service;

import com.alibaba.dubbo.common.Constants;
import com.we.base.common.enums.RoleTypeEnum;
import com.we.base.common.enums.TopicTypeEnum;
import com.we.base.message.dto.MessageDto;
import com.we.base.message.service.IMessageSender;
import com.we.base.oauth2.dto.OauthTokenDto;
import com.we.base.oauth2.param.LoginParam;
import com.we.base.oauth2.param.Oauth2LoginForm;
import com.we.base.oauth2.param.Oauth3LoginForm;
import com.we.base.oauth2.param.OauthTokenAddParam;
import com.we.base.oauth2.service.IOauthTokenBaseService;
import com.we.base.oauth2.service.IOauthTokenDubboService;
import com.we.base.oauth2.service.IRegisterService;
import com.we.base.sso.config.CasConfig;
import com.we.base.sso.dto.OauthApp;
import com.we.base.sso.dto.OauthToken;
import com.we.base.sso.form.UserLoginLogForm;
import com.we.base.sso.util.DES3;
import com.we.base.sso.util.UUIDUtil;
import com.we.base.user.dto.UserDto;
import com.we.base.user.param.UserGetParam;
import com.we.base.user.service.IUserBaseService;
import com.we.base.utils.bean.BeanTransferUtil;
import com.we.base.utils.security.EasyAES;
import com.we.biz.user.service.IUserRoleService;
import com.we.core.common.exception.impl.TimeoutException;
import com.we.core.common.util.DateTimeUtil;
import com.we.core.common.util.ExceptionUtil;
import com.we.core.common.util.JsonUtil;
import com.we.core.common.util.MapUtil;
import com.we.core.common.util.Util;
import com.we.core.db.ds.DataSource;
import com.we.core.db.idgen.IIdGen;
import com.we.core.redis.IRedisDao;
import com.we.core.redis.util.RedisUniUtil;
import com.we.core.web.util.JsonResultUtil;
import com.we.sso.util.MvcUtil;
import java.util.List;
import java.util.Map;
import org.nutz.ioc.meta.IocValue;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional(readOnly = true)
@DataSource("ssoDataSource")
@Service
/* loaded from: input_file:WEB-INF/classes/com/we/base/sso/service/Oauth2LoginService.class */
public class Oauth2LoginService implements IOauthTokenDubboService {

    @Autowired
    private IUserBaseService userBaseService;

    @Autowired
    private IUserRoleService userRoleService;

    @Autowired
    private IRegisterService registerService;

    @Autowired
    private IOauthTokenBaseService oauthTokenBaseService;

    @Autowired
    private IRedisDao redisDao;

    @Autowired
    private CasConfig casConfig;

    @Autowired
    private IMessageSender messageSender;

    @Autowired
    private IIdGen idGen;
    private static String KEY = "ab42d70a3fb44132b01a4cb3";
    public static final String SSO_KEY_USER = "sso:user";
    public static final String SSO_KEY_TOKEN = "sso:token";
    public static final String SSO_KEY_APP = "sso:app";

    @Override // com.we.base.oauth2.service.IOauthTokenDubboService
    public Map<String, Object> login(Oauth2LoginForm oauth2LoginForm) {
        return createLoginObject(this.registerService.isAllowLogin((LoginParam) BeanTransferUtil.toObject(oauth2LoginForm, LoginParam.class)), oauth2LoginForm.getAppId(), oauth2LoginForm.getTerminalType(), null);
    }

    @Override // com.we.base.oauth2.service.IOauthTokenDubboService
    public Map<String, Object> doLogin(Oauth2LoginForm oauth2LoginForm) {
        oauth2LoginForm.setPassword(EasyAES.decryptString(oauth2LoginForm.getPassword()));
        return createLoginObject(this.registerService.isAllowLogin((LoginParam) BeanTransferUtil.toObject(oauth2LoginForm, LoginParam.class)), oauth2LoginForm.getAppId(), oauth2LoginForm.getTerminalType(), null);
    }

    @Override // com.we.base.oauth2.service.IOauthTokenDubboService
    public Map<String, Object> loginNoPass(Oauth2LoginForm oauth2LoginForm) {
        String str = "";
        try {
            str = DES3.decryptDES3(oauth2LoginForm.getName(), KEY);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return createLoginObject(oauth2LoginForm.getAppId() == 5 ? this.registerService.isAllowLogin(str) : this.registerService.isAllowLogin(oauth2LoginForm.getName()), oauth2LoginForm.getAppId(), oauth2LoginForm.getTerminalType(), null);
    }

    @Override // com.we.base.oauth2.service.IOauthTokenDubboService
    public Map<String, Object> loginNoPassById(Oauth3LoginForm oauth3LoginForm) {
        UserDto userDto = this.userBaseService.get(new UserGetParam(oauth3LoginForm.getUserId()));
        if (Util.isEmpty(userDto)) {
            throw ExceptionUtil.bEx("该用户名不存在", new Object[0]);
        }
        return createLoginObject(userDto, oauth3LoginForm.getAppId(), oauth3LoginForm.getTerminalType(), null);
    }

    private int mergeMobileLogin(int i) {
        String mobileTerminal = this.casConfig.getMobileTerminal();
        if (Util.isEmpty(mobileTerminal) || mobileTerminal.split("#").length <= 0) {
            return i;
        }
        String[] split = mobileTerminal.split("#");
        int length = split.length;
        int i2 = 0;
        while (true) {
            if (i2 >= length) {
                break;
            }
            if (String.valueOf(i).contains(split[i2])) {
                i = 2;
                break;
            }
            i2++;
        }
        return i;
    }

    private Map<String, Object> createLoginObject(UserDto userDto, long j, int i, OauthTokenDto oauthTokenDto) {
        int mergeMobileLogin = mergeMobileLogin(i);
        Map<String, Object> map = MapUtil.map();
        map.put("user", userDto);
        OauthToken createToken = createToken(userDto, j, mergeMobileLogin, oauthTokenDto);
        map.put(Constants.TOKEN_KEY, createToken);
        OauthApp oauthApp = new OauthApp(j);
        map.put(IocValue.TYPE_APP, oauthApp);
        RedisUniUtil.setWithExpire(this.redisDao, "sso:user", createToken.getAccessToken(), JsonUtil.toJson(userDto), this.casConfig.getExpires());
        RedisUniUtil.setWithExpire(this.redisDao, "sso:token", createToken.getAccessToken(), JsonUtil.toJson(createToken), this.casConfig.getExpires());
        RedisUniUtil.setWithExpire(this.redisDao, "sso:app", createToken.getAccessToken(), JsonUtil.toJson(oauthApp), this.casConfig.getExpires());
        sendMessageBatch(new UserLoginLogForm(userDto, oauthApp, mergeMobileLogin));
        return map;
    }

    private OauthToken createToken(UserDto userDto, long j, int i, OauthTokenDto oauthTokenDto) {
        String randomUUID = UUIDUtil.randomUUID();
        String randomUUID2 = Util.isEmpty(oauthTokenDto) ? UUIDUtil.randomUUID() : oauthTokenDto.getRefreshToken();
        long currentTimeMillis = System.currentTimeMillis() + (this.casConfig.getExpires() * 1000);
        long currentTimeMillis2 = Util.isEmpty(oauthTokenDto) ? System.currentTimeMillis() + (this.casConfig.getRefreshExpires() * 1000) : oauthTokenDto.getRefreshExpires();
        long id = userDto.getId();
        List<OauthTokenDto> list = this.oauthTokenBaseService.get(id, j, i);
        if (!Util.isEmpty(list) && this.casConfig.getKick().booleanValue() && getNokick(i)) {
            delToken(j, id, list, i);
        }
        return (OauthToken) BeanTransferUtil.toObject(this.oauthTokenBaseService.addOne(new OauthTokenAddParam(randomUUID, randomUUID2, currentTimeMillis, currentTimeMillis2, "", 1, j, id, i)), OauthToken.class);
    }

    private boolean getNokick(int i) {
        String noKick = this.casConfig.getNoKick();
        if (Util.isEmpty(noKick)) {
            return true;
        }
        for (String str : noKick.trim().split(",")) {
            if (str.trim().equals(String.valueOf(i))) {
                return false;
            }
        }
        return true;
    }

    private void delToken(long j, long j2, List<OauthTokenDto> list, int i) {
        if (Util.isEmpty(list)) {
            return;
        }
        this.oauthTokenBaseService.delete(j2, j, i);
        for (OauthTokenDto oauthTokenDto : list) {
            RedisUniUtil.del(this.redisDao, "sso:token", oauthTokenDto.getAccessToken());
            RedisUniUtil.del(this.redisDao, "sso:user", oauthTokenDto.getAccessToken());
            RedisUniUtil.del(this.redisDao, "sso:app", oauthTokenDto.getAccessToken());
        }
    }

    private void delToken(OauthTokenDto oauthTokenDto) {
        if (Util.isEmpty(oauthTokenDto)) {
            return;
        }
        this.oauthTokenBaseService.delete(oauthTokenDto.getId());
        RedisUniUtil.del(this.redisDao, "sso:token", oauthTokenDto.getAccessToken());
        RedisUniUtil.del(this.redisDao, "sso:user", oauthTokenDto.getAccessToken());
        RedisUniUtil.del(this.redisDao, "sso:app", oauthTokenDto.getAccessToken());
    }

    public void logout() {
        String accessToken = getAccessToken();
        if (Util.isEmpty(accessToken)) {
            return;
        }
        OauthTokenDto byAccessToken = this.oauthTokenBaseService.getByAccessToken(accessToken);
        if (Util.isEmpty(byAccessToken)) {
            return;
        }
        delToken(byAccessToken);
    }

    public Map<String, Object> user() {
        UserDto userDto;
        OauthApp oauthApp;
        String accessToken = getAccessToken();
        ExceptionUtil.checkEmpty(accessToken, "token不能为空！", new Object[0]);
        String str = RedisUniUtil.get(this.redisDao, "sso:user", accessToken);
        Map<String, Object> map = MapUtil.map();
        if (Util.isEmpty(str)) {
            OauthTokenDto byAccessToken = this.oauthTokenBaseService.getByAccessToken(accessToken);
            ExceptionUtil.checkEmptyBEx(byAccessToken, "没有登录信息，请登录！", new Object[0]);
            if (byAccessToken.getExpires() - System.currentTimeMillis() <= 0) {
                return tokenTimeoutException();
            }
            userDto = this.userBaseService.get(byAccessToken.getCreaterId());
            oauthApp = new OauthApp(byAccessToken.getAppId());
        } else {
            userDto = (UserDto) JsonUtil.fromJson(str, UserDto.class);
            oauthApp = (OauthApp) JsonUtil.fromJson(RedisUniUtil.get(this.redisDao, "sso:app", accessToken), OauthApp.class);
            if (Util.isEmpty(oauthApp)) {
                oauthApp = new OauthApp(this.oauthTokenBaseService.getByAccessToken(accessToken).getAppId());
            }
        }
        map.put("user", userDto);
        map.put(IocValue.TYPE_APP, oauthApp);
        return map;
    }

    @Override // com.we.base.oauth2.service.IOauthTokenDubboService
    public UserDto getByAccessToken(String str) {
        UserDto userDto;
        String str2 = RedisUniUtil.get(this.redisDao, "sso:user", str);
        if (Util.isEmpty(str2)) {
            OauthTokenDto byAccessToken = this.oauthTokenBaseService.getByAccessToken(str);
            ExceptionUtil.checkEmptyBEx(byAccessToken, "没有登录信息，请登录！", new Object[0]);
            userDto = this.userBaseService.get(byAccessToken.getCreaterId());
        } else {
            userDto = (UserDto) JsonUtil.fromJson(str2, UserDto.class);
        }
        return userDto;
    }

    @Override // com.we.base.oauth2.service.IOauthTokenDubboService
    public Map<String, Object> loginPreciseQuestionBank(Oauth2LoginForm oauth2LoginForm) {
        UserDto isAllowLogin = this.registerService.isAllowLogin((LoginParam) BeanTransferUtil.toObject(oauth2LoginForm, LoginParam.class));
        if (this.userRoleService.list4RoleByUserId(isAllowLogin.getId()).stream().filter(roleDto -> {
            return roleDto.getId() == ((long) RoleTypeEnum.PRECISEQUESTIONBANKMANAGER.intKey());
        }).count() == 0) {
            throw ExceptionUtil.bEx("该用户名没权限", new Object[0]);
        }
        return createLoginObject(isAllowLogin, oauth2LoginForm.getAppId(), oauth2LoginForm.getTerminalType(), null);
    }

    private Map<String, Object> tokenTimeoutException() {
        MvcUtil.getResponse().setStatus(Integer.parseInt(JsonResultUtil.StatusCode.TIMEOUT.key()));
        throw new TimeoutException("登录超时，请登录！");
    }

    public Map<String, Object> refresh() {
        String refreshToken = getRefreshToken();
        ExceptionUtil.checkEmpty(refreshToken, "token不能为空！", new Object[0]);
        OauthTokenDto byRefreshToken = this.oauthTokenBaseService.getByRefreshToken(refreshToken);
        ExceptionUtil.checkEmptyBEx(byRefreshToken, "没有登录信息，请登录！", new Object[0]);
        if (byRefreshToken.getRefreshExpires() - System.currentTimeMillis() <= 0) {
            tokenTimeoutException();
        }
        return createLoginObject(this.userBaseService.get(byRefreshToken.getCreaterId()), byRefreshToken.getAppId(), byRefreshToken.getTerminalType(), byRefreshToken);
    }

    public String getAccessToken4RefreshToken() {
        String refreshToken = getRefreshToken();
        ExceptionUtil.checkEmpty(refreshToken, "token不能为空！", new Object[0]);
        OauthTokenDto byRefreshToken = this.oauthTokenBaseService.getByRefreshToken(refreshToken);
        ExceptionUtil.checkEmptyBEx(byRefreshToken, "没有登录信息，请登录！", new Object[0]);
        return byRefreshToken.getAccessToken();
    }

    public void check() {
        long expires;
        String accessToken = getAccessToken();
        ExceptionUtil.checkEmpty(accessToken, "token不能为空！", new Object[0]);
        String str = RedisUniUtil.get(this.redisDao, "sso:token", accessToken);
        if (Util.isEmpty(str)) {
            OauthTokenDto byAccessToken = this.oauthTokenBaseService.getByAccessToken(accessToken);
            ExceptionUtil.checkEmptyBEx(byAccessToken, "没有登录信息，请登录！", new Object[0]);
            expires = byAccessToken.getExpires();
        } else {
            expires = ((OauthToken) JsonUtil.fromJson(str, OauthToken.class)).getExpires();
        }
        if (expires - System.currentTimeMillis() <= 0) {
            throw ExceptionUtil.pEx("登录超时，请登录！", new Object[0]);
        }
    }

    public UserDto isAllowLogin(Oauth2LoginForm oauth2LoginForm) {
        return this.registerService.isAllowLogin(new LoginParam(oauth2LoginForm.getName(), oauth2LoginForm.getPassword()));
    }

    private String getAccessToken() {
        String parameter = MvcUtil.getRequest().getParameter("accessToken");
        if (!Util.isEmpty(MvcUtil.getRequest().getHeader("accessToken"))) {
            parameter = MvcUtil.getRequest().getHeader("accessToken");
        }
        return parameter;
    }

    private String getRefreshToken() {
        String parameter = MvcUtil.getRequest().getParameter("refreshToken");
        if (!Util.isEmpty(MvcUtil.getRequest().getHeader("refreshToken"))) {
            parameter = MvcUtil.getRequest().getHeader("refreshToken");
        }
        return parameter;
    }

    @Override // com.we.base.oauth2.service.IOauthTokenDubboService
    public OauthTokenDto createOauthToken4Login(long j, long j2, int i) {
        return (OauthTokenDto) BeanTransferUtil.toObject((OauthToken) createLoginObject(this.userBaseService.get(j), j2, i, null).get(Constants.TOKEN_KEY), OauthTokenDto.class);
    }

    @Override // com.we.base.oauth2.service.IOauthTokenDubboService
    public void logout(String str) {
        OauthTokenDto byAccessToken = this.oauthTokenBaseService.getByAccessToken(str);
        if (Util.isEmpty(byAccessToken)) {
            return;
        }
        delToken(byAccessToken);
    }

    public OauthTokenDto getToken(long j, long j2, int i) {
        List<OauthTokenDto> list = this.oauthTokenBaseService.get(j, j2, i);
        return !Util.isEmpty(list) ? list.get(list.size() - 1) : createOauthToken4Login(j, j2, i);
    }

    public void sendMessageBatch(UserLoginLogForm userLoginLogForm) {
        String value = TopicTypeEnum.USER_LOGIN_LOG_TOPIC.value();
        if (Util.isEmpty(userLoginLogForm)) {
            return;
        }
        long id = this.idGen.getId();
        this.messageSender.send(value, new MessageDto(Long.valueOf(id), value, Long.valueOf(DateTimeUtil.nowDateTime().getTime()), value, userLoginLogForm));
    }
}
