package cn.sliew.carp.module.security.spring.service.impl;

import cn.sliew.carp.framework.common.enums.ResponseCodeEnum;
import cn.sliew.carp.framework.common.security.CarpSecurityContext;
import cn.sliew.carp.framework.common.util.UUIDUtil;
import cn.sliew.carp.framework.exception.SliewException;
import cn.sliew.carp.framework.redis.RedissonUtil;
import cn.sliew.carp.framework.web.util.I18nUtil;
import cn.sliew.carp.module.security.core.service.SecAuthenticationService;
import cn.sliew.carp.module.security.core.service.SecAuthorizationService;
import cn.sliew.carp.module.security.core.service.SecCaptchaService;
import cn.sliew.carp.module.security.core.service.SecUserService;
import cn.sliew.carp.module.security.core.service.dto.OnlineUserVO;
import cn.sliew.carp.module.security.core.service.dto.SecRoleDTO;
import cn.sliew.carp.module.security.core.service.dto.SecUserDTO;
import cn.sliew.carp.module.security.core.service.param.authenticate.LoginParam;
import cn.sliew.carp.module.security.core.service.param.authorize.SecResourceWebListByRoleParam;
import cn.sliew.carp.module.security.core.service.param.authorize.SecRoleListByUserParam;
import cn.sliew.carp.module.security.spring.authentication.CarpPasswordEncoder;
import cn.sliew.carp.module.security.spring.authentication.CarpUserDetail;
import cn.sliew.carp.module.security.spring.util.CookieUtil;
import cn.sliew.carp.module.security.spring.util.SecurityUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.time.Duration;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cn/sliew/carp/module/security/spring/service/impl/SecAuthenticationServiceImpl.class */
public class SecAuthenticationServiceImpl implements SecAuthenticationService {

    @Autowired
    private RedissonUtil redisUtil;

    @Autowired
    private SecUserService secUserService;

    @Autowired
    private SecAuthorizationService secAuthorizationService;

    @Autowired
    private SecCaptchaService secCaptchaService;

    @Autowired
    private AuthenticationManagerBuilder authenticationManagerBuilder;

    public OnlineUserVO login(LoginParam loginParam, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.secCaptchaService.verityCaptcha(loginParam.getUuid(), loginParam.getAuthCode())) {
            throw new SliewException(ResponseCodeEnum.ERROR_CUSTOM.getCode(), I18nUtil.get("response.error.authCode"));
        }
        try {
            authenticateForm(loginParam);
            OnlineUserVO onlineUserVO = new OnlineUserVO();
            onlineUserVO.setToken(UUIDUtil.randomUUId());
            CarpUserDetail currentUser = SecurityUtil.getCurrentUser();
            SecUserDTO user = currentUser.getUser();
            onlineUserVO.setUserId(user.getId());
            onlineUserVO.setUserName(user.getUserName());
            onlineUserVO.setNickName(user.getNickName());
            onlineUserVO.setType(user.getType().getValue());
            onlineUserVO.setStatus(user.getStatus().getValue());
            onlineUserVO.setRoles(currentUser.getRoles());
            onlineUserVO.setResourceWebs(currentUser.getResourceWebs());
            this.redisUtil.set("online-token:" + onlineUserVO.getToken(), onlineUserVO.getUserId(), Duration.ofHours(12L));
            CookieUtil.addCookie(httpServletResponse, onlineUserVO.getToken());
            return onlineUserVO;
        } catch (BadCredentialsException | InternalAuthenticationServiceException e) {
            throw new SliewException(ResponseCodeEnum.ERROR_CUSTOM.getCode(), I18nUtil.get("response.error.login.password"));
        }
    }

    private void authenticateForm(LoginParam loginParam) {
        Optional byUserName = this.secUserService.getByUserName(loginParam.getUserName());
        if (byUserName.isEmpty()) {
            throw new UsernameNotFoundException(I18nUtil.get("response.error.login.password"));
        }
        SecurityContextHolder.getContext().setAuthentication(((AuthenticationManager) this.authenticationManagerBuilder.getObject()).authenticate(new UsernamePasswordAuthenticationToken(loginParam.getUserName(), loginParam.getPassword() + CarpPasswordEncoder.SPLIT + ((SecUserDTO) byUserName.get()).getSalt())));
    }

    public boolean logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        CookieUtil.clearCookieByName(httpServletRequest, httpServletResponse);
        this.redisUtil.remove("online-token:" + SecurityUtil.resolveToken(httpServletRequest));
        return true;
    }

    public OnlineUserVO getOnlineUser() {
        return getOnlineUser(this.secUserService.get(CarpSecurityContext.get().getUserId()));
    }

    public OnlineUserVO getOnlineUser(SecUserDTO secUserDTO) {
        OnlineUserVO onlineUserVO = new OnlineUserVO();
        onlineUserVO.setUserId(secUserDTO.getId());
        onlineUserVO.setUserName(secUserDTO.getUserName());
        onlineUserVO.setNickName(secUserDTO.getNickName());
        onlineUserVO.setType(secUserDTO.getType().getValue());
        onlineUserVO.setStatus(secUserDTO.getStatus().getValue());
        SecRoleListByUserParam secRoleListByUserParam = new SecRoleListByUserParam();
        secRoleListByUserParam.setUserId(secUserDTO.getId());
        onlineUserVO.setRoles(this.secAuthorizationService.listAllAuthorizedRolesByUserId(secRoleListByUserParam));
        HashSet hashSet = new HashSet();
        for (SecRoleDTO secRoleDTO : onlineUserVO.getRoles()) {
            SecResourceWebListByRoleParam secResourceWebListByRoleParam = new SecResourceWebListByRoleParam();
            secResourceWebListByRoleParam.setRoleId(secRoleDTO.getId());
            hashSet.addAll(this.secAuthorizationService.listAuthorizedResourceWebsByRoleId(secResourceWebListByRoleParam));
        }
        onlineUserVO.setResourceWebs(new ArrayList(hashSet));
        return onlineUserVO;
    }
}
