package io.datarouter.web.user.authenticate.authenticator.impl;

import io.datarouter.auth.authenticate.authenticator.DatarouterAuthenticator;
import io.datarouter.auth.session.Session;
import io.datarouter.auth.storage.user.session.BaseDatarouterSessionDao;
import io.datarouter.auth.storage.user.session.DatarouterSession;
import io.datarouter.auth.storage.user.session.DatarouterSessionKey;
import io.datarouter.util.lang.ObjectTool;
import io.datarouter.util.string.StringTool;
import io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig;
import io.datarouter.web.user.session.DatarouterSessionManager;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/datarouter/web/user/authenticate/authenticator/impl/DatarouterSessionAuthenticator.class */
public class DatarouterSessionAuthenticator implements DatarouterAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterSessionAuthenticator.class);

    @Inject
    private BaseDatarouterSessionDao datarouterSessionDao;

    @Inject
    private DatarouterSessionManager sessionManager;

    @Inject
    private DatarouterAuthenticationConfig datarouterAuthenticationConfig;

    public DatarouterSession getSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Session session;
        String sessionTokenFromCookie = this.sessionManager.getSessionTokenFromCookie(httpServletRequest);
        if (StringTool.isEmptyOrWhitespace(sessionTokenFromCookie) || (session = this.datarouterSessionDao.get(new DatarouterSessionKey(sessionTokenFromCookie))) == null || this.datarouterAuthenticationConfig.isSessionExpired(session)) {
            return null;
        }
        String userTokenFromCookie = this.sessionManager.getUserTokenFromCookie(httpServletRequest);
        if (!ObjectTool.notEquals(userTokenFromCookie, session.getUserToken())) {
            session.setUpdated(new Date());
            return session;
        }
        logger.warn("session userToken " + session.getUserToken() + " != cookie userToken " + userTokenFromCookie + ", deleting session");
        this.datarouterSessionDao.delete(session.getKey());
        this.sessionManager.clearSessionTokenCookie(httpServletResponse);
        this.sessionManager.clearUserTokenCookie(httpServletResponse);
        return null;
    }
}
