package io.github.toquery.framework.security.jwt.rest;

import com.alibaba.fastjson.JSONObject;
import com.google.common.base.Strings;
import io.github.toquery.framework.core.constant.AppLogType;
import io.github.toquery.framework.core.exception.AppException;
import io.github.toquery.framework.security.domain.ChangePassword;
import io.github.toquery.framework.security.jwt.JwtTokenUtil;
import io.github.toquery.framework.security.jwt.domain.JwtResponse;
import io.github.toquery.framework.security.jwt.exception.AppSecurityJwtException;
import io.github.toquery.framework.security.jwt.properties.AppSecurityJwtProperties;
import io.github.toquery.framework.system.entity.SysUser;
import io.github.toquery.framework.system.service.ISysLogService;
import io.github.toquery.framework.system.service.ISysUserService;
import io.github.toquery.framework.webmvc.controller.AppBaseWebMvcController;
import io.github.toquery.framework.webmvc.domain.ResponseParam;
import java.util.Objects;
import javax.annotation.Resource;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:io/github/toquery/framework/security/jwt/rest/AuthenticationRestController.class */
public class AuthenticationRestController extends AppBaseWebMvcController {

    @Resource
    private AppSecurityJwtProperties appSecurityJwtProperties;

    @Resource
    private AuthenticationManager authenticationManager;

    @Resource
    private JwtTokenUtil jwtTokenUtil;

    @Resource
    private UserDetailsService userDetailsService;

    @Resource
    private ISysUserService sysUserService;

    @Resource
    private ISysLogService sysLogService;

    @Resource
    private AppSecurityJwtProperties appJwtProperties;

    @Resource
    private PasswordEncoder passwordEncoder;

    @PostMapping({"${app.jwt.path.token:/user/token}"})
    public ResponseEntity<?> createAuthenticationToken(@RequestBody JSONObject jSONObject) throws AppException {
        String requestValue = getRequestValue(jSONObject, this.appSecurityJwtProperties.getParam().getUsername(), "未获取到登录用户名");
        Authentication authenticate = authenticate(requestValue, getRequestValue(jSONObject, this.appSecurityJwtProperties.getParam().getPassword(), "未获取到登录密码"));
        String generateToken = this.jwtTokenUtil.generateToken((UserDetails) authenticate.getPrincipal());
        this.sysLogService.insertSysLog(((SysUser) authenticate.getPrincipal()).getId(), "系统", "登录成功", (AppLogType) null, requestValue, (String) null);
        return ResponseEntity.ok(ResponseParam.builder().build().content(new JwtResponse(generateToken)));
    }

    private Authentication authenticate(String str, String str2) throws AppSecurityJwtException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        try {
            return this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(str, str2));
        } catch (DisabledException e) {
            this.sysLogService.insertSysLog((Long) null, "系统", "登录失败", (AppLogType) null, str, (String) null);
            throw new AppSecurityJwtException("User is disabled!", e);
        } catch (BadCredentialsException e2) {
            this.sysLogService.insertSysLog((Long) null, "系统", "登录失败", (AppLogType) null, str + "密码错误", (String) null);
            throw new AppSecurityJwtException("用户名或密码错误！", e2, HttpStatus.BAD_REQUEST);
        }
    }

    private String getRequestValue(JSONObject jSONObject, String str, String str2) throws AppException {
        String str3 = null;
        if (jSONObject == null || Strings.isNullOrEmpty(jSONObject.getString(str))) {
            String[] parameterValues = this.request.getParameterValues(str);
            if (parameterValues != null && parameterValues.length >= 1) {
                str3 = parameterValues[0];
            }
        } else {
            str3 = jSONObject.getString(str);
        }
        if (Strings.isNullOrEmpty(str2) || !Strings.isNullOrEmpty(str3)) {
            return str3;
        }
        throw new AppException(str2);
    }

    @GetMapping({"${app.jwt.path.refresh:/user/refresh}"})
    public ResponseEntity<?> refreshAndGetAuthenticationToken() {
        String substring = this.request.getHeader(this.appSecurityJwtProperties.getHeader()).substring(7);
        return this.jwtTokenUtil.canTokenBeRefreshed(substring, this.userDetailsService.loadUserByUsername(this.jwtTokenUtil.getUsernameFromToken(substring)).getLastPasswordResetDate()).booleanValue() ? ResponseEntity.ok(new JwtResponse(this.jwtTokenUtil.refreshToken(substring))) : ResponseEntity.badRequest().body((Object) null);
    }

    @RequestMapping({"${app.jwt.path.info:/user/info}"})
    public ResponseEntity getAuthenticatedUser() throws AppSecurityJwtException {
        SysUser loadUserByUsername = this.userDetailsService.loadUserByUsername(getUserName());
        loadUserByUsername.authorities2Roles();
        return ResponseEntity.ok(ResponseParam.builder().build().content(loadUserByUsername));
    }

    @RequestMapping({"${app.jwt.path.password:/user/password}"})
    public ResponseEntity changePassword(@Validated @RequestBody ChangePassword changePassword) throws AppException {
        if (!changePassword.getRawPassword().equals(changePassword.getRawPasswordConfirm())) {
            return ResponseEntity.badRequest().body(ResponseParam.builder().build().message("两次密码输入不一致"));
        }
        return ResponseEntity.ok(ResponseParam.builder().build().content(this.sysUserService.changePassword(getUserName(), changePassword.getSourcePassword(), changePassword.getRawPassword())));
    }

    private String getUserName() throws AppSecurityJwtException {
        String header = this.request.getHeader(this.appJwtProperties.getHeader());
        if (Strings.isNullOrEmpty(header)) {
            throw new AppSecurityJwtException("未检测到提交的用户信息");
        }
        if (header.contains("Bearer ")) {
            header = header.substring(7);
        }
        return this.jwtTokenUtil.getUsernameFromToken(header);
    }

    @PostMapping({"${app.jwt.path.register:/user/register}"})
    public ResponseEntity register(@RequestBody SysUser sysUser) throws AppException {
        sysUser.setPassword(this.passwordEncoder.encode(sysUser.getPassword()));
        return ResponseEntity.ok(ResponseParam.builder().build().content(this.sysUserService.saveSysUserCheck(sysUser)));
    }

    @RequestMapping({"${app.jwt.path.logout:/user/logout}"})
    public ResponseEntity userLogout() {
        return ResponseEntity.ok(ResponseParam.builder().build().content("user logout"));
    }
}
