package io.datarouter.web.user.authenticate.authenticator.impl;

import io.datarouter.storage.config.Config;
import io.datarouter.util.lang.ObjectTool;
import io.datarouter.util.string.StringTool;
import io.datarouter.web.user.DatarouterUserNodes;
import io.datarouter.web.user.authenticate.authenticator.DatarouterAuthenticator;
import io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig;
import io.datarouter.web.user.session.DatarouterSession;
import io.datarouter.web.user.session.DatarouterSessionKey;
import io.datarouter.web.user.session.DatarouterSessionManager;
import java.util.Date;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/datarouter/web/user/authenticate/authenticator/impl/DatarouterSessionAuthenticator.class */
public class DatarouterSessionAuthenticator implements DatarouterAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(DatarouterSessionAuthenticator.class);

    @Inject
    private DatarouterUserNodes userNodes;

    @Inject
    private DatarouterSessionManager sessionManager;

    @Inject
    private DatarouterAuthenticationConfig datarouterAuthenticationConfig;

    @Override // io.datarouter.web.user.authenticate.authenticator.DatarouterAuthenticator
    public DatarouterSession getSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        DatarouterSession datarouterSession;
        String sessionTokenFromCookie = this.sessionManager.getSessionTokenFromCookie(httpServletRequest);
        if (StringTool.isEmptyOrWhitespace(sessionTokenFromCookie) || (datarouterSession = this.userNodes.getSessionNode().get(new DatarouterSessionKey(sessionTokenFromCookie), (Config) null)) == null || this.datarouterAuthenticationConfig.isSessionExpired(datarouterSession)) {
            return null;
        }
        String userTokenFromCookie = this.sessionManager.getUserTokenFromCookie(httpServletRequest);
        if (!ObjectTool.notEquals(userTokenFromCookie, datarouterSession.getUserToken())) {
            datarouterSession.setUpdated(new Date());
            return datarouterSession;
        }
        logger.warn("session userToken " + datarouterSession.getUserToken() + " != cookie userToken " + userTokenFromCookie + ", deleting session");
        this.userNodes.getSessionNode().delete(datarouterSession.m70getKey(), (Config) null);
        this.sessionManager.clearSessionTokenCookie(httpServletResponse);
        this.sessionManager.clearUserTokenCookie(httpServletResponse);
        return null;
    }
}
