package com.kcloud.ms.authentication.controller;

import com.goldgov.kduck.service.ValueMap;
import com.goldgov.kduck.web.json.JsonObject;
import com.kcloud.ms.authentication.baseaccount.service.AccountConfigService;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredential;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredentialService;
import com.kcloud.ms.authentication.baseaccount.service.AccountService;
import com.kcloud.ms.authentication.baseaccount.service.config.AccountConfig;
import com.kcloud.ms.authentication.baseaccount.service.credential.impl.RandomCredentialGeneratorImpl;
import com.kcloud.ms.authentication.baseapp.service.BaseAppServiceImpl;
import com.kcloud.ms.authentication.cache.CacheHolder;
import com.kcloud.ms.authentication.security.CustomUserDatails;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiOperationSupport;
import io.swagger.annotations.DynamicParameter;
import io.swagger.annotations.DynamicResponseParameters;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.stereotype.Controller;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import springfox.documentation.annotations.ApiIgnore;

@Controller
/* loaded from: input_file:com/kcloud/ms/authentication/controller/LoginController.class */
public class LoginController {

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    AuthorizationServerEndpointsConfiguration endpoints;

    @Autowired
    BaseAppServiceImpl baseappService;

    @Autowired
    AccountService accountService;

    @Autowired
    AccountCredentialService accountCredentialService;

    @Autowired
    AccountConfigService accountConfigService;

    @Autowired
    RandomCredentialGeneratorImpl generator;

    @PostMapping({"/sso/token"})
    @ApiImplicitParams({@ApiImplicitParam(name = "username", required = true, value = "登录名", paramType = "form"), @ApiImplicitParam(name = "password", required = true, value = "登录密码", paramType = "form")})
    @ApiOperation(value = "登录获取用户访问令牌", tags = {"登录登出"}, notes = "基于oauth2密码模式登录,返回access_token,用于内部平台登录使用")
    @ResponseBody
    public JsonObject getLoginToken(@RequestParam("username") String str, @RequestParam("password") String str2, @RequestParam("appId") String str3, @ApiIgnore HttpServletResponse httpServletResponse) {
        ValueMap valueMap = this.baseappService.get("BASE_APP", str3);
        JsonObject jsonObject = new JsonObject();
        if (ObjectUtils.isEmpty(valueMap) || 1 == valueMap.getValueAsInt("status")) {
            jsonObject.setCode(JsonObject.FAIL.getCode());
            jsonObject.setMessage("该应用已处于离线状态。");
        } else {
            try {
                OAuth2AccessToken token = getToken(str, str2, valueMap);
                jsonObject.setCode(JsonObject.SUCCESS.getCode());
                jsonObject.setData(token);
            } catch (Exception e) {
                httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                jsonObject.setCode(JsonObject.FAIL.getCode());
                jsonObject.setMessage(e.getMessage());
                return jsonObject;
            }
        }
        return jsonObject;
    }

    @PostMapping({"/sso/user"})
    @ApiImplicitParams({@ApiImplicitParam(name = "appId", required = true, value = "应用ID")})
    @ApiOperation(value = "登录获取用户访问令牌", tags = {"登录登出"}, notes = "基于oauth2密码模式登录,返回access_token。接口需要设置header头")
    @ApiOperationSupport(responses = @DynamicResponseParameters(properties = {@DynamicParameter(value = "状态码 0为成功，1为失败", name = "code", dataTypeClass = Integer.class), @DynamicParameter(value = "数据集", name = "data"), @DynamicParameter(value = "失败信息", name = "message")}))
    @ResponseBody
    public JsonObject getLoginToken(@ApiIgnore Principal principal, @RequestParam("appId") String str) {
        ValueMap valueMap = this.baseappService.get("BASE_APP", str);
        JsonObject jsonObject = new JsonObject();
        if (ObjectUtils.isEmpty(valueMap) || 1 == valueMap.getValueAsInt("status")) {
            jsonObject.setCode(JsonObject.FAIL.getCode());
            jsonObject.setMessage("该应用已处于离线状态。");
        } else {
            try {
                CustomUserDatails customUserDatails = (CustomUserDatails) ((UsernamePasswordAuthenticationToken) principal).getPrincipal();
                OAuth2AccessToken token = getToken(principal.getName(), customUserDatails.getOrgPassword(), valueMap);
                jsonObject.setCode(JsonObject.SUCCESS.getCode());
                jsonObject.setData(token);
                customUserDatails.setOrgPassword(null);
            } catch (Exception e) {
                jsonObject.setCode(JsonObject.FAIL.getCode());
                jsonObject.setMessage(e.getMessage());
            }
        }
        return jsonObject;
    }

    @PostMapping({"/sso/logout"})
    @ApiImplicitParams({@ApiImplicitParam(name = "refreshToken", required = true, value = "刷新令牌", paramType = "form")})
    @ApiOperation(value = "退出并移除令牌", tags = {"登录登出"}, notes = "退出并移除令牌,令牌将失效")
    @ResponseBody
    public JsonObject removeToken(@RequestParam String str) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.setCode(0);
        try {
            this.tokenStore.removeRefreshToken(this.tokenStore.readRefreshToken(str));
        } catch (Exception e) {
            jsonObject.setCode(1);
            jsonObject.setMessage(e.getMessage());
        }
        return jsonObject;
    }

    public OAuth2AccessToken getToken(String str, String str2, ValueMap valueMap) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("username", str);
        hashMap.put("password", str2);
        hashMap.put("client_id", valueMap.getValueAsString("appKey"));
        hashMap.put("client_secret", valueMap.getValueAsString("appSecret"));
        hashMap.put("grant_type", "password");
        Assert.notNull(hashMap.get("client_id"), "client_id not null");
        Assert.notNull(hashMap.get("client_secret"), "client_secret not null");
        return (OAuth2AccessToken) this.endpoints.tokenEndpoint().postAccessToken(new UsernamePasswordAuthenticationToken(hashMap.get("client_id"), hashMap.get("client_secret"), Collections.emptyList()), hashMap).getBody();
    }

    @PostMapping({"/sso/refreshToken"})
    @ApiImplicitParams({@ApiImplicitParam(name = "appId", required = true, value = "应用ID", paramType = "form"), @ApiImplicitParam(name = "refreshToken", required = true, value = "刷新令牌", paramType = "form")})
    @ApiOperation(value = "刷新令牌", tags = {"登录登出"}, notes = "access_token过期后使用refreshToken进行刷新。")
    @ResponseBody
    public OAuth2AccessToken refreshTokenRefreshToken(@RequestParam("appId") String str, @RequestParam("refreshToken") String str2) throws Exception {
        ValueMap valueMap = this.baseappService.get("BASE_APP", str);
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", valueMap.getValueAsString("appKey"));
        hashMap.put("client_secret", valueMap.getValueAsString("appSecret"));
        hashMap.put("grant_type", "refresh_token");
        hashMap.put("refresh_token", str2);
        return (OAuth2AccessToken) this.endpoints.tokenEndpoint().postAccessToken(new UsernamePasswordAuthenticationToken(hashMap.get("client_id"), hashMap.get("client_secret"), Collections.emptyList()), hashMap).getBody();
    }

    @GetMapping({"/index"})
    public String login(HttpServletRequest httpServletRequest) {
        return "login";
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "userName", required = true, value = "账号名")})
    @ApiOperation(value = "获取登录方式及验证码有无", tags = {"登录登出"}, notes = "获取登录方式及验证码有无。")
    @GetMapping({"/sso/code/check"})
    @ResponseBody
    public JsonObject getVerificationCode(String str) {
        List list = (List) CacheHolder.get(str);
        AccountConfig loadConfig = this.accountConfigService.loadConfig();
        JsonObject jsonObject = new JsonObject();
        if (list == null || list.isEmpty() || list.size() < loadConfig.getSecurity().getValidCodeTryNum().intValue() - 1) {
            jsonObject.setData(false);
            return jsonObject;
        }
        jsonObject.setData(true);
        return jsonObject;
    }

    @ApiImplicitParams({@ApiImplicitParam(name = "phone", required = true, value = "手机号")})
    @ApiOperation(value = "手机号登陆获得验证码", tags = {"登录登出"}, notes = "手机号登陆获得验证码")
    @GetMapping({"/sso/phoneLogin"})
    @ResponseBody
    public JsonObject phoneLogin(String str) {
        AccountCredential credentialByName = this.accountCredentialService.getCredentialByName(str);
        if (credentialByName == null || credentialByName.equals("")) {
            return new JsonObject("没有找到该用户");
        }
        AccountConfig accountConfig = new AccountConfig();
        AccountConfig.RandomCredentialConfig randomCredentialConfig = new AccountConfig.RandomCredentialConfig();
        randomCredentialConfig.setMinLength(6);
        randomCredentialConfig.setRules(new String[]{"Number"});
        accountConfig.setCredential(randomCredentialConfig);
        String generate = this.generator.generate(accountConfig);
        CacheHolder.put(str + "_verification", generate, 90L);
        return new JsonObject(generate);
    }
}
