package cn.hiauth.client;

import cn.hiauth.client.api.TokenVo;
import cn.hiauth.client.api.UserPwdUpdateDto;
import cn.hiauth.client.api.UserinfoVo;
import cn.hutool.core.codec.Base64;
import cn.webestar.scms.commons.Assert;
import cn.webestar.scms.commons.R;
import cn.webestar.scms.commons.SysCode;
import jakarta.servlet.http.HttpServletRequest;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;

@RequestMapping({"/"})
@Controller
/* loaded from: input_file:cn/hiauth/client/HiAuthClientController.class */
public class HiAuthClientController {
    private static final Logger log;

    @Autowired
    private HiAuthClientProviderProperties authClientProviderProperties;

    @Autowired
    private HiAuthClientRegistrationProperties authClientRegistrationProperties;

    @Autowired
    private HiAuthClientProperties authClientProperties;

    @Autowired
    private RestTemplate restTemplate;

    @Autowired(required = false)
    private SecurityService securityService;
    static final /* synthetic */ boolean $assertionsDisabled;

    @GetMapping({"/oauth2/login"})
    public String login(HttpServletRequest httpServletRequest) {
        return "redirect:" + (this.authClientProviderProperties.getAuthorizationUri() + "?response_type=code&client_id=" + this.authClientRegistrationProperties.getClientId() + "&scope=" + String.join(" ", this.authClientRegistrationProperties.getScope()) + "&redirect_uri=" + this.authClientRegistrationProperties.getRedirectUri());
    }

    @GetMapping({"/oauth2/logout"})
    public String logout(HttpServletRequest httpServletRequest) {
        String authSuccessRedirectUri = this.authClientProperties.getAuthSuccessRedirectUri();
        if (!StringUtils.hasText(authSuccessRedirectUri)) {
            authSuccessRedirectUri = this.authClientRegistrationProperties.getRedirectUri();
        }
        return "redirect:" + (this.authClientProviderProperties.getIssuerUri() + "/logoutWithRedirect?redirect_uri=" + authSuccessRedirectUri);
    }

    @GetMapping({"/oauth2/token"})
    @ResponseBody
    public R<TokenVo> getTokenJson(HttpServletRequest httpServletRequest, @RequestParam("code") String str) {
        SessionContext auth = auth(str);
        long between = ChronoUnit.SECONDS.between(LocalDateTime.now(), auth.getExpire());
        TokenVo tokenVo = new TokenVo();
        tokenVo.setAccessToken(auth.getAccessToken());
        tokenVo.setRefreshToken(auth.getRefreshToken());
        tokenVo.setExpireIn(Integer.valueOf((int) between));
        return R.success(tokenVo);
    }

    @GetMapping({"/oauth2/token/redirect"})
    public String getTokenHtml(HttpServletRequest httpServletRequest, @RequestParam("code") String str) {
        Assert.notNull(this.authClientProperties.getAuthSuccessRedirectUri(), SysCode.biz(1), "请先配置参数:hiauth.client.authSuccessRedirectUri");
        String header = httpServletRequest.getHeader("dev-auth-success-redirect-uri");
        String authSuccessRedirectUri = header != null ? header : this.authClientProperties.getAuthSuccessRedirectUri();
        try {
            SessionContext auth = auth(str);
            log.debug("REDIRECT-URI:{}?accessToken={}", authSuccessRedirectUri, auth.getAccessToken());
            return "redirect:" + authSuccessRedirectUri + "?accessToken=" + auth.getAccessToken();
        } catch (HttpClientErrorException e) {
            log.debug("REDIRECT-URI:{}?error={}", authSuccessRedirectUri, "access_denied");
            return "redirect:" + authSuccessRedirectUri + "?error=access_denied";
        }
    }

    private SessionContext auth(String str) throws HttpClientErrorException {
        Assert.notEmpty(str, 300001, "code不能为空。");
        Map<?, ?> tokenByOauthServer = getTokenByOauthServer(str);
        if (!$assertionsDisabled && tokenByOauthServer == null) {
            throw new AssertionError();
        }
        Assert.isTrue(tokenByOauthServer.containsKey("access_token"), 300002, "无法获取accessToken。");
        String str2 = (String) tokenByOauthServer.get("access_token");
        String str3 = (String) tokenByOauthServer.get("refresh_token");
        String str4 = (String) tokenByOauthServer.get("scope");
        Integer num = (Integer) tokenByOauthServer.get("expires_in");
        Map<?, ?> userInfoByOauthServer = getUserInfoByOauthServer(str2);
        Long valueOf = Long.valueOf(Long.parseLong(userInfoByOauthServer.get("appId").toString()));
        Long valueOf2 = Long.valueOf(Long.parseLong(userInfoByOauthServer.get("cid").toString()));
        Long valueOf3 = Long.valueOf(Long.parseLong(userInfoByOauthServer.get("userId").toString()));
        Long valueOf4 = Long.valueOf(Long.parseLong(userInfoByOauthServer.get("empId").toString()));
        String str5 = (String) userInfoByOauthServer.get("username");
        String str6 = (String) userInfoByOauthServer.get("phoneNum");
        String str7 = (String) userInfoByOauthServer.get("avatarUrl");
        String str8 = (String) userInfoByOauthServer.get("name");
        List<Map<String, String>> list = (List) userInfoByOauthServer.get("authorities");
        HiAuthToken hiAuthToken = new HiAuthToken();
        hiAuthToken.setAccessToken(str2);
        hiAuthToken.setRefreshToken(str3);
        hiAuthToken.setScope(str4);
        hiAuthToken.setExpire(LocalDateTime.now().plusSeconds(num.intValue()));
        new HashMap();
        Authentication authentication = new Authentication();
        authentication.setAppId(valueOf);
        authentication.setCid(valueOf2);
        authentication.setUserId(valueOf3);
        authentication.setUsername(str5);
        authentication.setPhoneNum(str6);
        authentication.setAvatarUrl(str7);
        authentication.setEmpId(valueOf4);
        authentication.setName(str8);
        authentication.setAuthorities(list);
        if (this.securityService != null) {
            authentication.setPrincipal(this.securityService.loadSecurityUser(authentication));
        }
        return SessionContextHolder.auth(authentication);
    }

    @GetMapping({"/api/common/userinfo"})
    @ResponseBody
    public R<UserinfoVo> userinfo(HttpServletRequest httpServletRequest) {
        return R.success(UserinfoVo.toVo(SessionContextHolder.getContext().getAuth()));
    }

    @PostMapping({"/api/common/updatePwd"})
    @ResponseBody
    public Map<?, ?> updatePwd(@RequestBody UserPwdUpdateDto userPwdUpdateDto) {
        return updatePwdByOauthServer(SessionContextHolder.getContext().getToken().getAccessToken(), userPwdUpdateDto.getRawPwd(), userPwdUpdateDto.getNewPwd());
    }

    @PostMapping({"/api/common/myCorps"})
    @ResponseBody
    public R<List<SecurityCorp>> myCorps() {
        return R.success(this.securityService.loadUserCorps(SessionContextHolder.getContext().getAuth().getUserId()));
    }

    @PostMapping({"/api/common/switchCorp"})
    @ResponseBody
    public R<Boolean> switchCorp(@RequestParam("id") Long l) {
        return R.success(this.securityService.switchCorp(l));
    }

    private Map<?, ?> getTokenByOauthServer(String str) {
        String str2 = this.authClientRegistrationProperties.getClientId() + ":" + this.authClientRegistrationProperties.getClientSecret();
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.add(Constant.TOKEN_HEADER, "Basic " + Base64.encode(str2.getBytes()));
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", "authorization_code");
        linkedMultiValueMap.add("code", str);
        linkedMultiValueMap.add("redirect_uri", this.authClientRegistrationProperties.getRedirectUri());
        return (Map) this.restTemplate.postForObject(this.authClientProviderProperties.getTokenUri(), new HttpEntity(linkedMultiValueMap, httpHeaders), Map.class, new Object[0]);
    }

    private Map<?, ?> getUserInfoByOauthServer(String str) throws HttpClientErrorException {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.add(Constant.TOKEN_HEADER, "Bearer " + str);
        return (Map) this.restTemplate.postForObject(this.authClientProviderProperties.getUserInfoUri(), new HttpEntity(new LinkedMultiValueMap(), httpHeaders), Map.class, new Object[0]);
    }

    private Map<?, ?> updatePwdByOauthServer(String str, String str2, String str3) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        httpHeaders.add(Constant.TOKEN_HEADER, "Bearer " + str);
        HashMap hashMap = new HashMap(2);
        hashMap.put("rawPwd", str2);
        hashMap.put("pwd", str3);
        return (Map) this.restTemplate.postForObject(this.authClientProviderProperties.getIssuerUri() + "/oauth2/user/updatePwd", new HttpEntity(hashMap, httpHeaders), Map.class, new Object[0]);
    }

    static {
        $assertionsDisabled = !HiAuthClientController.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(HiAuthClientController.class);
    }
}
