package cn.easy4j.admin.modular.service;

import cn.easy4j.admin.core.constant.AdminConstant;
import cn.easy4j.admin.core.constant.SysConfigConstant;
import cn.easy4j.admin.core.security.JwtUtil;
import cn.easy4j.admin.core.security.LoginPrincipal;
import cn.easy4j.admin.core.security.NotBindWechatException;
import cn.easy4j.admin.modular.dto.GetTokenByAccountDTO;
import cn.easy4j.admin.modular.entity.LoginUser;
import cn.easy4j.admin.modular.vo.AccountConfigVO;
import cn.easy4j.common.enums.HttpStatusEnum;
import cn.easy4j.common.exception.BusinessException;
import cn.easy4j.common.response.FailedResult;
import cn.easy4j.common.response.Result;
import cn.easy4j.common.response.SuccessResult;
import cn.easy4j.framework.util.ApplicationUtil;
import cn.easy4j.framework.util.IpUtil;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.Cache;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.util.DigestUtils;

@Service
/* loaded from: input_file:cn/easy4j/admin/modular/service/SysLoginService.class */
public class SysLoginService {
    private static final Logger log = LoggerFactory.getLogger(SysLoginService.class);

    @Resource
    private AuthenticationManager authenticationManager;

    @Resource
    private SysWxOpenUserService sysWxOpenUserService;

    @Resource
    private SysConfigService sysConfigService;

    @Resource(name = "captchaCache")
    private Cache captchaCache;

    @Resource(name = "securityCache")
    private Cache securityCache;

    @Resource(name = "accountCache")
    private Cache accountCache;

    public Result<Object> loginByAccount(@NotNull GetTokenByAccountDTO getTokenByAccountDTO) {
        int lockAccountCount = getLockAccountCount();
        Integer num = (Integer) this.accountCache.get(getTokenByAccountDTO.getAccount(), Integer.class);
        if (Objects.nonNull(num) && num.intValue() >= lockAccountCount) {
            throw new BusinessException(String.format("密码错误%s次，锁定10分钟", Integer.valueOf(lockAccountCount)));
        }
        Integer num2 = (Integer) this.securityCache.get(getSecurityVerifyCacheKey(), Integer.class);
        AccountConfigVO accountLoginConfig = this.sysConfigService.getAccountLoginConfig();
        if (Objects.nonNull(num2) && num2.intValue() >= accountLoginConfig.getShowCaptchaCount().intValue()) {
            if (StringUtils.isBlank(getTokenByAccountDTO.getUuid()) || StringUtils.isBlank(getTokenByAccountDTO.getCaptcha())) {
                return new FailedResult(Integer.valueOf(HttpStatusEnum.BAD_CAPTCHA.code()), HttpStatusEnum.BAD_CAPTCHA.msg());
            }
            String str = (String) this.captchaCache.get(getTokenByAccountDTO.getUuid(), String.class);
            if (StringUtils.isBlank(str) || !StringUtils.equalsIgnoreCase(str, getTokenByAccountDTO.getCaptcha())) {
                return new FailedResult(Integer.valueOf(HttpStatusEnum.BAD_CAPTCHA.code()), HttpStatusEnum.BAD_CAPTCHA.msg());
            }
        }
        LoginUser loginUser = getLoginUser(new LoginPrincipal(SysConfigConstant.LoginType.ACCOUNT, getTokenByAccountDTO.getAccount()), getTokenByAccountDTO.getPassword());
        if (StringUtils.isNotBlank(getTokenByAccountDTO.getOpenId())) {
            this.sysWxOpenUserService.bindWechatByOpenId(loginUser.getId(), getTokenByAccountDTO.getOpenId());
        }
        return new SuccessResult(JwtUtil.createToken(loginUser.getId(), loginUser.getUsername()));
    }

    public Result<Object> loginByWechat(@NonNull String str) {
        try {
            LoginUser loginUser = getLoginUser(new LoginPrincipal(SysConfigConstant.LoginType.WECHAT, str), AdminConstant.DEFAULT_PASSWORD);
            return new SuccessResult(JwtUtil.createToken(loginUser.getId(), loginUser.getUsername()));
        } catch (NotBindWechatException e) {
            log.info("登录失败，class = [{}], msg = [{}], openId = [{}]", new Object[]{e.getClass().getSimpleName(), e.getMessage(), e.getUserInfo()});
            return new FailedResult(Integer.valueOf(HttpStatusEnum.NOT_BIND_ACCOUNT.code()), HttpStatusEnum.NOT_BIND_ACCOUNT.msg(), e.getUserInfo());
        }
    }

    public String getSecurityVerifyCacheKey() {
        HttpServletRequest request = ApplicationUtil.getRequest();
        return DigestUtils.md5DigestAsHex((IpUtil.getIp(request) + (Objects.isNull(request) ? "" : request.getHeader("User-Agent"))).getBytes(StandardCharsets.UTF_8));
    }

    private LoginUser getLoginUser(LoginPrincipal loginPrincipal, String str) throws NotBindWechatException {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(loginPrincipal, str);
        String securityVerifyCacheKey = getSecurityVerifyCacheKey();
        try {
            Authentication authenticate = this.authenticationManager.authenticate(usernamePasswordAuthenticationToken);
            this.securityCache.evict(securityVerifyCacheKey);
            this.accountCache.evict(loginPrincipal.getPrincipal());
            LoginUser loginUser = (LoginUser) authenticate.getPrincipal();
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            return loginUser;
        } catch (NotBindWechatException e) {
            throw e;
        } catch (BadCredentialsException e2) {
            addBadCredentialsCountBySecurity(securityVerifyCacheKey);
            throw new BusinessException(getPasswordErrorMsg(loginPrincipal));
        } catch (Exception e3) {
            addBadCredentialsCountBySecurity(securityVerifyCacheKey);
            log.info("登录失败，principal = [{}], msg = [{}]", loginPrincipal.getPrincipal(), e3.getMessage());
            throw new BusinessException(e3.getMessage());
        }
    }

    private String getPasswordErrorMsg(LoginPrincipal loginPrincipal) {
        Integer num = (Integer) this.accountCache.get(loginPrincipal.getPrincipal(), Integer.class);
        Integer valueOf = Integer.valueOf(Objects.isNull(num) ? 1 : num.intValue() + 1);
        this.accountCache.put(loginPrincipal.getPrincipal(), valueOf);
        int lockAccountCount = getLockAccountCount();
        int intValue = lockAccountCount - valueOf.intValue();
        return intValue > 0 ? String.format("密码错误，还剩%s次机会", Integer.valueOf(intValue)) : String.format("密码错误%s次，锁定10分钟", Integer.valueOf(lockAccountCount));
    }

    private void addBadCredentialsCountBySecurity(String str) {
        Integer num = (Integer) this.securityCache.get(str, Integer.class);
        this.securityCache.put(str, Integer.valueOf(Objects.isNull(num) ? 1 : num.intValue() + 1));
    }

    private int getLockAccountCount() {
        Integer lockAccountCount = this.sysConfigService.getAccountLoginConfig().getLockAccountCount();
        return (Objects.isNull(lockAccountCount) ? 5 : lockAccountCount).intValue();
    }
}
