package com.mz.jarboot.controller;

import com.mz.jarboot.auth.annotation.Permission;
import com.mz.jarboot.common.ResponseForList;
import com.mz.jarboot.common.ResponseForObject;
import com.mz.jarboot.common.ResponseSimple;
import com.mz.jarboot.common.ResultCodeConst;
import com.mz.jarboot.constant.AuthConst;
import com.mz.jarboot.entity.User;
import com.mz.jarboot.security.JwtTokenManager;
import com.mz.jarboot.service.UserService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.derby.impl.sql.execute.xplain.XPLAINUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.support.WebContentGenerator;

@Api(tags = {"用户管理"})
@RequestMapping({"/api/jarboot-user"})
@Permission
@Controller
/* loaded from: input_file:BOOT-INF/classes/com/mz/jarboot/controller/UserController.class */
public class UserController {

    @Autowired
    private UserService userService;

    @Autowired
    private JwtTokenManager jwtTokenManager;

    @PostMapping
    @Permission
    @ApiOperation(value = "创建用户", httpMethod = WebContentGenerator.METHOD_POST)
    @ResponseBody
    public ResponseSimple createUser(String str, String str2) {
        this.userService.createUser(str, str2);
        return new ResponseSimple();
    }

    @Permission
    @ApiOperation(value = "删除用户", httpMethod = XPLAINUtil.OP_DELETE)
    @DeleteMapping
    @ResponseBody
    public ResponseSimple deleteUser(Long l) {
        this.userService.deleteUser(l);
        return new ResponseSimple();
    }

    @Permission
    @PutMapping
    @ApiOperation(value = "修改密码", httpMethod = "PUT")
    @ResponseBody
    public ResponseSimple updateUserPassword(String str, String str2, HttpServletRequest httpServletRequest) {
        String currentLoginName = getCurrentLoginName(httpServletRequest);
        ResponseSimple responseSimple = new ResponseSimple();
        if (AuthConst.JARBOOT_USER.equals(currentLoginName) || StringUtils.equals(str, currentLoginName)) {
            this.userService.updateUserPassword(str, str2);
        } else {
            responseSimple.setResultCode(ResultCodeConst.VALIDATE_FAILED);
            responseSimple.setResultMsg("Only ROLE_ADMIN or self can modify the password!");
        }
        return responseSimple;
    }

    @Permission
    @ApiOperation(value = "根据用户名获取用户信息", httpMethod = "GET")
    @GetMapping
    @ResponseBody
    public ResponseForObject<User> findUserByUsername(String str) {
        return new ResponseForObject<>(this.userService.findUserByUsername(str));
    }

    @GetMapping({"/getUsers"})
    @ApiOperation(value = "获取用户列表", httpMethod = "GET")
    @ResponseBody
    public ResponseForList<User> getUsers(int i, int i2) {
        return this.userService.getUsers(i, i2);
    }

    private String getCurrentLoginName(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isNotBlank(header) && header.startsWith(AuthConst.TOKEN_PREFIX)) {
            header = header.substring(7);
        }
        Authentication authentication = this.jwtTokenManager.getAuthentication(header);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        return authentication.getName();
    }
}
