package com.lc.ibps.cloud.oauth.server.provider;

import cn.hutool.captcha.AbstractCaptcha;
import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.api.org.constant.LockMode;
import com.lc.ibps.base.core.exception.BaseException;
import com.lc.ibps.base.core.util.AppUtil;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.cloud.entity.APIResult;
import com.lc.ibps.cloud.oauth.exception.DisabledAccountException;
import com.lc.ibps.cloud.oauth.exception.ExcessiveAttemptsException;
import com.lc.ibps.cloud.oauth.exception.ExpiredAccountException;
import com.lc.ibps.cloud.oauth.exception.ExpiredCredentialsException;
import com.lc.ibps.cloud.oauth.exception.InactiveException;
import com.lc.ibps.cloud.oauth.exception.IncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.LockedAccountException;
import com.lc.ibps.cloud.oauth.exception.ManyIncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.UnknownAccountException;
import com.lc.ibps.cloud.redis.utils.RedisUtil;
import com.lc.ibps.cloud.utils.RequestUtil;
import com.lc.ibps.org.party.domain.PartyUserLimit;
import com.lc.ibps.org.party.persistence.entity.PartyEmployeePo;
import com.lc.ibps.org.party.persistence.entity.PartyOrgPo;
import com.lc.ibps.org.party.persistence.entity.PartyPositionPo;
import com.lc.ibps.org.party.persistence.entity.PartyUserLimitPo;
import com.lc.ibps.org.party.persistence.entity.PartyUserPo;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@Api(tags = {"用户中心"}, value = "用户")
@RequestMapping({"/user"})
@RestController
/* loaded from: input_file:com/lc/ibps/cloud/oauth/server/provider/UserProvider.class */
public class UserProvider extends BaseProvider {
    @RequestMapping(value = {"login"}, method = {RequestMethod.POST})
    @ApiOperation(value = "登录", notes = "传入用户名密码")
    public APIResult<String> login(@RequestParam(name = "username", required = true) @ApiParam(name = "username", value = "账号", required = true) String str, @RequestParam(name = "password", required = true) @ApiParam(name = "password", value = "密码", required = true) String str2, @RequestParam(name = "requestId", required = false) @ApiParam(name = "requestId", value = "请求ID", required = false) String str3, @RequestParam(name = "captcha", required = false) @ApiParam(name = "captcha", value = "验证码", required = false) String str4) {
        this.logger.debug("starting login.");
        APIResult<String> aPIResult = new APIResult<>();
        try {
            captcha(str3, str, str4);
            login(str, str2);
            String uuid = uuid();
            aPIResult.setData(uuid);
            RedisUtil.redisTemplateString.opsForValue().set(this.appConfig.getRedisKey(new String[]{"login.state", uuid}), str, this.tokenConfig.getAcexpires().intValue(), TimeUnit.SECONDS);
        } catch (ExcessiveAttemptsException e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_LOCKED.getCode());
            }
            aPIResult.setCause(e.getMessage());
            this.logger.error("login failed:", e);
        } catch (ExpiredAccountException e2) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_EXPIRED.getCode());
            }
            aPIResult.setCause(e2.getMessage());
            this.logger.error("login failed:", e2);
        } catch (InactiveException e3) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_INACTIVE.getCode());
            }
            aPIResult.setCause(e3.getMessage());
            this.logger.error("login failed:", e3);
        } catch (ExpiredCredentialsException e4) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_EXPIRED_CREDENTIALS.getCode());
            }
            aPIResult.setCause(e4.getMessage());
            this.logger.error("login failed:", e4);
        } catch (ManyIncorrectCredentialsException e5) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
            }
            aPIResult.setCause(e5.getMessage());
            this.logger.error("login failed:", e5);
        } catch (LockedAccountException e6) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_LOCKED.getCode());
            }
            aPIResult.setCause(e6.getMessage());
            this.logger.error("login failed:", e6);
        } catch (Exception e7) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_LOGIN.getCode());
            }
            aPIResult.setCause(e7.getMessage());
            this.logger.error("login failed:", e7);
        } catch (IncorrectCredentialsException e8) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
            }
            aPIResult.setCause(e8.getMessage());
            this.logger.error("login failed:", e8);
        } catch (DisabledAccountException e9) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_DISABLED.getCode());
            }
            aPIResult.setCause(e9.getMessage());
            this.logger.error("login failed:", e9);
        } catch (UnknownAccountException e10) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
            }
            aPIResult.setCause(e10.getMessage());
            this.logger.error("login failed:", e10);
        }
        return aPIResult;
    }

    private void captcha(String str, String str2, String str3) {
        String str4 = (String) RedisUtil.redisTemplateString.opsForValue().get(this.appConfig.getRedisKey(new String[]{"login.captcha", RequestUtil.getIpAddr(this.request)}));
        if (this.userConfig.getCaptcha().isEnabled() || StringUtil.isNotBlank(str4)) {
            if (StringUtil.isBlank(str)) {
                throw new BaseException("请求ID为空，请传入请求验证码响应数据中requestId变量值！");
            }
            if (StringUtil.isBlank(str3)) {
                throw new BaseException("验证码为空，请填写验证码！");
            }
            String str5 = (String) RedisUtil.redisTemplateString.opsForValue().get(this.appConfig.getRedisKey(new String[]{"login.captcha", str}));
            if (StringUtil.isBlank(str5)) {
                throw new BaseException("验证码过期，请刷新验证码！");
            }
            if (!str5.equals(str3)) {
                throw new BaseException("验证码不正确！");
            }
        }
    }

    @RequestMapping(value = {"logout"}, method = {RequestMethod.POST})
    @ApiOperation(value = "登出", notes = "传入令牌")
    public APIResult<String> logout(@RequestParam(name = "access_token", required = true) @ApiParam(name = "access_token", value = "令牌", required = true) String str) {
        String redisKey;
        this.logger.debug("logout");
        APIResult<String> aPIResult = new APIResult<>();
        try {
            redisKey = this.appConfig.getRedisKey(new String[]{"access.token", str});
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(e.getMessage());
            this.logger.error("logout failed:", e);
        }
        if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue()) {
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            throw new RuntimeException("非法token");
        }
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "grant.type");
        Object obj2 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "refresh.token");
        Object obj3 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.id");
        Object obj4 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "user.name");
        if (BeanUtils.isEmpty(obj)) {
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            throw new RuntimeException("非法token");
        }
        String str2 = null;
        String obj5 = obj.toString();
        this.logger.debug("grant type {}.", obj5);
        if ("authorization_code".equalsIgnoreCase(obj5)) {
            if (this.tokenConfig.getAuthorizationCode().isSingle()) {
                str2 = this.appConfig.getRedisKey(new String[]{"key", obj4.toString()});
            }
        } else if ("password_credentials".equalsIgnoreCase(obj5)) {
            if (this.tokenConfig.getPassword().isSingle()) {
                str2 = this.appConfig.getRedisKey(new String[]{"key", obj4.toString()});
            }
        } else {
            if (!"client_credentials".equalsIgnoreCase(obj5)) {
                aPIResult.setState(StateEnum.ILLEGAL_REQUEST.getCode());
                throw new RuntimeException("请求类型不支持！");
            }
            if (this.tokenConfig.getClient().isSingle()) {
                str2 = this.appConfig.getRedisKey(new String[]{"key", obj3.toString()});
            }
        }
        if (StringUtil.isEmpty(str2)) {
            RedisUtil.redisTemplate.delete(redisKey);
            RedisUtil.redisTemplate.delete(this.appConfig.getRedisKey(new String[]{"refresh.token", obj2.toString()}));
        } else {
            cleanCacheKeys(str2);
        }
        return aPIResult;
    }

    @RequestMapping(value = {"captcha"}, method = {RequestMethod.GET})
    @ApiOperation(value = "获取验证码", notes = "生成验证码，Base64图片是png格式")
    public APIResult<String> captcha(@RequestParam(name = "requestId", required = false) @ApiParam(name = "requestId", value = "请求ID", required = false) String str) {
        this.logger.debug("captcha ...");
        APIResult<String> aPIResult = new APIResult<>();
        try {
            if (StringUtil.isBlank(str)) {
                str = uuid();
            }
            String str2 = (String) RedisUtil.redisTemplateString.opsForValue().get(this.appConfig.getRedisKey(new String[]{"login.captcha", RequestUtil.getIpAddr(this.request)}));
            if (this.userConfig.getCaptcha().isEnabled() || StringUtil.isNotBlank(str2)) {
                AbstractCaptcha captcha = this.userConfig.getCaptcha().getCaptcha();
                String code = captcha.getCode();
                this.logger.debug("requestId {}, captcha {}.", str, code);
                aPIResult.setData("data:image/png;base64," + captcha.getImageBase64());
                aPIResult.addVariable("requestId", str);
                RedisUtil.redisTemplateString.opsForValue().set(this.appConfig.getRedisKey(new String[]{"login.captcha", str}), code, this.userConfig.getCaptcha().getTimeout(), TimeUnit.SECONDS);
            } else {
                aPIResult.setState(StateEnum.NOT_IMPLEMENTED_REQUEST.getCode());
                aPIResult.setMessage(StateEnum.NOT_IMPLEMENTED_REQUEST.getText());
            }
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_VALID_CODE.getCode());
            }
            aPIResult.setCause(e.getMessage());
            this.logger.error("logout failed:", e);
        }
        return aPIResult;
    }

    @RequestMapping(value = {"/unlock"}, method = {RequestMethod.POST})
    @ApiOperation(value = "用户解锁", notes = "用户解锁")
    public APIResult<Void> unlock() {
        this.logger.debug("unlock user.");
        APIResult<Void> aPIResult = new APIResult<>();
        try {
            List<PartyUserLimitPo> findByUnlockTime = this.partyUserLimitRepository.findByUnlockTime(LockMode.get(this.userLimitConfig.getMode()), new Date());
            if (BeanUtils.isNotEmpty(findByUnlockTime)) {
                PartyUserLimit newInstance = this.partyUserLimitRepository.newInstance();
                for (PartyUserLimitPo partyUserLimitPo : findByUnlockTime) {
                    unlockByAccount(partyUserLimitPo.getAccount());
                    newInstance.deleteByAccount(partyUserLimitPo.getAccount());
                    RedisUtil.redisTemplateInteger.delete(this.appConfig.getRedisKey(new String[]{"login.retry", partyUserLimitPo.getAccount()}));
                }
            }
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ERROR_ORG.getCode());
            }
            aPIResult.setCause(e.getMessage());
            this.logger.error("unlock user failed:", e);
        }
        return aPIResult;
    }

    @RequestMapping(value = {"/context"}, method = {RequestMethod.POST})
    @ApiOperation(value = "用户上下文信息", notes = "根据用户名查询用户上下文数据")
    public APIResult<Map<String, Object>> context(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @RequestParam(name = "username", required = true) @ApiParam(name = "username", value = "用户账号", required = true) String str2) {
        this.logger.debug("starting get context info.");
        APIResult<Map<String, Object>> aPIResult = new APIResult<>();
        try {
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(e.getMessage());
            this.logger.error("get context info failed:", e);
        }
        if (!RedisUtil.redisTemplate.hasKey(this.appConfig.getRedisKey(new String[]{"access.token", str})).booleanValue()) {
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            throw new BaseException("非法token");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("tenantId", getTenantId(str2));
        hashMap.put("tenantIds", getTenantIds(str2));
        hashMap.put("user", getUser(str2));
        hashMap.put("employee", getEmploye(str2));
        hashMap.put("org", getOrg(str2));
        hashMap.put("position", getPosition(str2));
        aPIResult.setData(hashMap);
        this.logger.debug("context is {}.", aPIResult);
        return aPIResult;
    }

    private boolean isTenant() {
        return Boolean.valueOf(AppUtil.getProperty("auth.tenant", "false")).booleanValue();
    }

    private PartyPositionPo getPosition(String str) {
        PartyEmployeePo partyEmployeePo = this.partyEmployeeRepository.get(getUser(str).getId());
        if (BeanUtils.isEmpty(partyEmployeePo)) {
            throw new RuntimeException("用户数据不存在");
        }
        PartyPositionPo partyPositionPo = null;
        if (StringUtil.isNotBlank(partyEmployeePo.getPositions())) {
            partyPositionPo = this.partyPositionRepository.findMainPostByUserId(partyEmployeePo.getId());
        }
        return partyPositionPo;
    }

    private PartyOrgPo getOrg(String str) {
        PartyEmployeePo partyEmployeePo = this.partyEmployeeRepository.get(getUser(str).getId());
        if (BeanUtils.isEmpty(partyEmployeePo)) {
            throw new RuntimeException("用户数据不存在");
        }
        PartyOrgPo partyOrgPo = null;
        if (StringUtil.isNotBlank(partyEmployeePo.getGroupID())) {
            partyOrgPo = (PartyOrgPo) this.partyOrgRepository.get(partyEmployeePo.getGroupID());
        }
        return partyOrgPo;
    }

    private PartyUserPo getUser(String str) {
        PartyUserPo byAccount = this.partyUserRepository.getByAccount(str);
        if (BeanUtils.isEmpty(byAccount)) {
            throw new RuntimeException("用户数据不存在");
        }
        byAccount.setPassword((String) null);
        byAccount.setDataCheck((String) null);
        return byAccount;
    }

    private PartyEmployeePo getEmploye(String str) {
        PartyUserPo byAccount = this.partyUserRepository.getByAccount(str);
        if (BeanUtils.isEmpty(byAccount)) {
            throw new RuntimeException("用户数据不存在");
        }
        PartyEmployeePo partyEmployeePo = this.partyEmployeeRepository.get(byAccount.getId());
        if (BeanUtils.isEmpty(partyEmployeePo)) {
            throw new RuntimeException("用户数据不存在");
        }
        return partyEmployeePo;
    }

    private String getTenantIds(String str) {
        String tenantIdsByAccount = this.tenantQueryService.getTenantIdsByAccount(str);
        if (StringUtil.isEmpty(tenantIdsByAccount) && isTenant()) {
            throw new RuntimeException("租户数据不存在");
        }
        return tenantIdsByAccount;
    }

    private String getTenantId(String str) {
        String tenantIdByAccount = this.tenantQueryService.getTenantIdByAccount(str);
        if (StringUtil.isEmpty(tenantIdByAccount) && isTenant()) {
            throw new RuntimeException("租户数据不存在");
        }
        return tenantIdByAccount;
    }
}
