package io.github.toquery.framework.security.jwt.rest;

import com.alibaba.fastjson.JSONObject;
import com.google.common.base.Strings;
import io.github.toquery.framework.security.jwt.JwtTokenUtil;
import io.github.toquery.framework.security.jwt.JwtUser;
import io.github.toquery.framework.security.jwt.exception.AppJwtException;
import io.github.toquery.framework.security.jwt.properties.AppJwtProperties;
import io.github.toquery.framework.security.jwt.service.JwtAuthenticationResponse;
import io.github.toquery.framework.web.domain.ResponseParam;
import java.util.Objects;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
/* loaded from: input_file:io/github/toquery/framework/security/jwt/rest/AuthenticationRestController.class */
public class AuthenticationRestController {

    @Resource
    private AppJwtProperties appJwtProperties;

    @Resource
    private AuthenticationManager authenticationManager;

    @Resource
    private JwtTokenUtil jwtTokenUtil;

    @Resource
    private UserDetailsService userDetailsService;

    @PostMapping({"${app.jwt.path.token:/user/token}"})
    public ResponseEntity<?> createAuthenticationToken(HttpServletRequest httpServletRequest, @RequestBody JSONObject jSONObject) throws AppJwtException {
        String string = jSONObject.getString(this.appJwtProperties.getParam().getUserName());
        String string2 = jSONObject.getString(this.appJwtProperties.getParam().getPassword());
        if (Strings.isNullOrEmpty(string)) {
            String[] parameterValues = httpServletRequest.getParameterValues(this.appJwtProperties.getParam().getUserName());
            if (parameterValues == null || parameterValues.length <= 0) {
                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(ResponseParam.fail().message("未配置登录用户名"));
            }
            string = parameterValues[0];
        }
        if (Strings.isNullOrEmpty(string2)) {
            String[] parameterValues2 = httpServletRequest.getParameterValues(this.appJwtProperties.getParam().getPassword());
            if (parameterValues2 == null || parameterValues2.length <= 0) {
                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(ResponseParam.fail().message("未配置登录密码"));
            }
            string2 = parameterValues2[0];
        }
        authenticate(string, string2);
        return ResponseEntity.ok(ResponseParam.success().content(new JwtAuthenticationResponse(this.jwtTokenUtil.generateToken(this.userDetailsService.loadUserByUsername(string)))));
    }

    @GetMapping({"${app.jwt.path.refresh:/user/refresh}"})
    public ResponseEntity<?> refreshAndGetAuthenticationToken(HttpServletRequest httpServletRequest) {
        String substring = httpServletRequest.getHeader(this.appJwtProperties.getHeader()).substring(7);
        return this.jwtTokenUtil.canTokenBeRefreshed(substring, ((JwtUser) this.userDetailsService.loadUserByUsername(this.jwtTokenUtil.getUsernameFromToken(substring))).getLastPasswordResetDate()).booleanValue() ? ResponseEntity.ok(new JwtAuthenticationResponse(this.jwtTokenUtil.refreshToken(substring))) : ResponseEntity.badRequest().body((Object) null);
    }

    private void authenticate(String str, String str2) throws AppJwtException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        try {
            this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(str, str2));
        } catch (BadCredentialsException e) {
            throw new AppJwtException("Bad credentials!", e);
        } catch (DisabledException e2) {
            throw new AppJwtException("User is disabled!", e2);
        }
    }
}
