package io.datarouter.web.user.authenticate.authenticator.impl;

import io.datarouter.auth.authenticate.authenticator.DatarouterAuthenticator;
import io.datarouter.auth.config.DatarouterAuthenticationConfig;
import io.datarouter.auth.session.DatarouterSessionManager;
import io.datarouter.auth.storage.user.session.BaseDatarouterSessionDao;
import io.datarouter.auth.storage.user.session.DatarouterSession;
import io.datarouter.auth.storage.user.session.DatarouterSessionKey;
import io.datarouter.types.MilliTime;
import io.datarouter.util.lang.ObjectTool;
import io.datarouter.util.string.StringTool;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/datarouter/web/user/authenticate/authenticator/impl/DatarouterSessionAuthenticator.class */
public class DatarouterSessionAuthenticator implements DatarouterAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterSessionAuthenticator.class);

    @Inject
    private BaseDatarouterSessionDao datarouterSessionDao;

    @Inject
    private DatarouterSessionManager sessionManager;

    @Inject
    private DatarouterAuthenticationConfig datarouterAuthenticationConfig;

    public DatarouterAuthenticator.DatarouterSessionAndPersist getSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String sessionTokenFromCookie = this.sessionManager.getSessionTokenFromCookie(httpServletRequest);
        if (StringTool.isEmptyOrWhitespace(sessionTokenFromCookie)) {
            return new DatarouterAuthenticator.DatarouterSessionAndPersist((DatarouterSession) null, false);
        }
        DatarouterSession datarouterSession = this.datarouterSessionDao.get(new DatarouterSessionKey(sessionTokenFromCookie));
        if (datarouterSession == null || this.datarouterAuthenticationConfig.isSessionExpired(datarouterSession)) {
            return new DatarouterAuthenticator.DatarouterSessionAndPersist((DatarouterSession) null, false);
        }
        String userTokenFromCookie = this.sessionManager.getUserTokenFromCookie(httpServletRequest);
        if (!ObjectTool.notEquals(userTokenFromCookie, datarouterSession.getUserToken())) {
            datarouterSession.setUpdated(MilliTime.now());
            return new DatarouterAuthenticator.DatarouterSessionAndPersist(datarouterSession, true);
        }
        logger.warn("session userToken {} != cookie userToken {}, deleting session", datarouterSession.getUserToken(), userTokenFromCookie);
        this.datarouterSessionDao.delete(datarouterSession.getKey());
        this.sessionManager.clearSessionTokenCookie(httpServletResponse);
        this.sessionManager.clearUserTokenCookie(httpServletResponse);
        return new DatarouterAuthenticator.DatarouterSessionAndPersist((DatarouterSession) null, false);
    }
}
