package cn.hiauth.client.gateway;

import cn.hiauth.client.Authentication;
import cn.hiauth.client.Client;
import cn.hiauth.client.HiAuthToken;
import cn.hiauth.client.SecurityService;
import cn.hiauth.client.SessionContext;
import cn.hiauth.client.SessionContextHolder;
import cn.hiauth.client.UserinfoVo;
import cn.hutool.core.codec.Base64;
import cn.webestar.scms.commons.Assert;
import cn.webestar.scms.commons.R;
import cn.webestar.scms.commons.SysCode;
import java.time.LocalDateTime;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Controller;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.UriComponentsBuilder;
import reactor.core.publisher.Mono;

@RequestMapping({"/"})
@Controller
/* loaded from: input_file:cn/hiauth/client/gateway/HiAuthClientGatewayController.class */
public class HiAuthClientGatewayController {

    @Generated
    private static final Logger log;

    @Autowired
    private RestTemplate restTemplate;

    @Autowired(required = false)
    private SecurityService securityService;

    @Autowired
    private HiAuthClientGatewayProperties hiauthClientProperties;
    static final /* synthetic */ boolean $assertionsDisabled;

    @GetMapping({"/unpapi/{clientName}/oauth2/login"})
    public Mono<Void> login(@PathVariable("clientName") String str, ServerWebExchange serverWebExchange) {
        Client client = this.hiauthClientProperties.getClients().get(str);
        UriComponentsBuilder queryParam = UriComponentsBuilder.fromUriString(this.hiauthClientProperties.getAuthorizationUri()).queryParam("response_type", new Object[]{"code"}).queryParam("client_id", new Object[]{client.getClientId()}).queryParam("scope", new Object[]{String.join(" ", client.getScope())}).queryParam("redirect_uri", new Object[]{client.getRedirectUri()});
        serverWebExchange.getResponse().setStatusCode(HttpStatus.TEMPORARY_REDIRECT);
        serverWebExchange.getResponse().getHeaders().setLocation(queryParam.build().toUri());
        return serverWebExchange.getResponse().setComplete();
    }

    @GetMapping({"/unpapi/{clientName}/oauth2/token/redirect"})
    public Mono<Void> getTokenHtml(@PathVariable("clientName") String str, @RequestParam("code") String str2, ServerWebExchange serverWebExchange) {
        Client client = this.hiauthClientProperties.getClients().get(str);
        Assert.notNull(client.getAuthSuccessRedirectUri(), SysCode.biz(1), "请先配置参数:hiauth.client.authSuccessRedirectUri");
        String first = serverWebExchange.getRequest().getHeaders().getFirst("dev-auth-success-redirect-uri");
        String authSuccessRedirectUri = first != null ? first : client.getAuthSuccessRedirectUri();
        try {
            SessionContext auth = auth(str, client, str2);
            log.debug("REDIRECT-URI:{}?accessToken={}", authSuccessRedirectUri, auth.getAccessToken());
            UriComponentsBuilder queryParam = UriComponentsBuilder.fromUriString(authSuccessRedirectUri).queryParam("accessToken", new Object[]{auth.getAccessToken()});
            serverWebExchange.getResponse().setStatusCode(HttpStatus.TEMPORARY_REDIRECT);
            serverWebExchange.getResponse().getHeaders().setLocation(queryParam.build().toUri());
            return serverWebExchange.getResponse().setComplete();
        } catch (HttpClientErrorException e) {
            log.debug("权限不足，退出重新登陆。");
            return logout(str, serverWebExchange);
        }
    }

    @GetMapping({"/unpapi/{clientName}/oauth2/logout"})
    public Mono<Void> logout(@PathVariable("clientName") String str, ServerWebExchange serverWebExchange) {
        UriComponentsBuilder queryParam = UriComponentsBuilder.fromUriString(this.hiauthClientProperties.getIssuerUri() + "/logoutWithRedirect").queryParam("redirect_uri", new Object[]{this.hiauthClientProperties.getClients().get(str).getAuthSuccessRedirectUri()});
        serverWebExchange.getResponse().setStatusCode(HttpStatus.TEMPORARY_REDIRECT);
        serverWebExchange.getResponse().getHeaders().setLocation(queryParam.build().toUri());
        return serverWebExchange.getResponse().setComplete();
    }

    @GetMapping({"/api/common/userinfo"})
    @ResponseBody
    public R<UserinfoVo> userinfo() {
        return R.success(UserinfoVo.toVo(SessionContextHolder.getContext().getAuth()));
    }

    @PostMapping({"/api/common/updatePwd"})
    @ResponseBody
    public Map<?, ?> updatePwd(@RequestBody UserPwdUpdateDto userPwdUpdateDto) {
        return updatePwdByOauthServer(SessionContextHolder.getContext().getToken().getAccessToken(), userPwdUpdateDto.getRawPwd(), userPwdUpdateDto.getNewPwd());
    }

    private SessionContext auth(String str, Client client, String str2) throws HttpClientErrorException {
        Assert.notEmpty(str2, 300001, "code不能为空。");
        Map<?, ?> tokenByOauthServer = getTokenByOauthServer(client, str2);
        if (!$assertionsDisabled && tokenByOauthServer == null) {
            throw new AssertionError();
        }
        Assert.isTrue(tokenByOauthServer.containsKey("access_token"), 300002, "无法获取accessToken。");
        String str3 = (String) tokenByOauthServer.get("access_token");
        String str4 = (String) tokenByOauthServer.get("refresh_token");
        String str5 = (String) tokenByOauthServer.get("scope");
        Integer num = (Integer) tokenByOauthServer.get("expires_in");
        Map<?, ?> userInfoByOauthServer = getUserInfoByOauthServer(str3);
        Long valueOf = Long.valueOf(Long.parseLong(userInfoByOauthServer.get("appId").toString()));
        Long valueOf2 = Long.valueOf(Long.parseLong(userInfoByOauthServer.get("cid").toString()));
        Long valueOf3 = Long.valueOf(Long.parseLong(userInfoByOauthServer.get("userId").toString()));
        Long valueOf4 = Long.valueOf(Long.parseLong(userInfoByOauthServer.get("empId").toString()));
        String str6 = (String) userInfoByOauthServer.get("username");
        String str7 = (String) userInfoByOauthServer.get("phoneNum");
        String str8 = (String) userInfoByOauthServer.get("avatarUrl");
        String str9 = (String) userInfoByOauthServer.get("name");
        List list = (List) userInfoByOauthServer.get("authorities");
        HiAuthToken hiAuthToken = new HiAuthToken();
        hiAuthToken.setAccessToken(str3);
        hiAuthToken.setRefreshToken(str4);
        hiAuthToken.setScope(str5);
        hiAuthToken.setExpire(LocalDateTime.now().plusSeconds(num.intValue()));
        Authentication authentication = new Authentication();
        authentication.setAppId(valueOf);
        authentication.setCid(valueOf2);
        authentication.setUserId(valueOf3);
        authentication.setUsername(str6);
        authentication.setPhoneNum(str7);
        authentication.setAvatarUrl(str8);
        authentication.setEmpId(valueOf4);
        authentication.setName(str9);
        authentication.setAuthorities(list);
        if (this.securityService != null) {
            authentication.setPrincipal(this.securityService.loadSecurityUser(authentication));
        }
        SessionContext sessionContext = new SessionContext(str, client.getCachePrefix(), client.getCacheExpire());
        sessionContext.setToken(hiAuthToken);
        sessionContext.setAuth(authentication);
        return SessionContextHolder.auth(sessionContext);
    }

    private Map<?, ?> getTokenByOauthServer(Client client, String str) {
        String str2 = client.getClientId() + ":" + client.getClientSecret();
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.add("Authorization", "Basic " + Base64.encode(str2.getBytes()));
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", "authorization_code");
        linkedMultiValueMap.add("code", str);
        linkedMultiValueMap.add("redirect_uri", client.getRedirectUri());
        return (Map) this.restTemplate.postForObject(this.hiauthClientProperties.getTokenUri(), new HttpEntity(linkedMultiValueMap, httpHeaders), Map.class, new Object[0]);
    }

    private Map<?, ?> getUserInfoByOauthServer(String str) throws HttpClientErrorException {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.add("Authorization", "Bearer " + str);
        return (Map) this.restTemplate.postForObject(this.hiauthClientProperties.getUserInfoUri(), new HttpEntity(new LinkedMultiValueMap(), httpHeaders), Map.class, new Object[0]);
    }

    private Map<?, ?> updatePwdByOauthServer(String str, String str2, String str3) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        httpHeaders.add("Authorization", "Bearer " + str);
        HashMap hashMap = new HashMap(2);
        hashMap.put("rawPwd", str2);
        hashMap.put("pwd", str3);
        return (Map) this.restTemplate.postForObject(this.hiauthClientProperties.getIssuerUri() + "/oauth2/user/updatePwd", new HttpEntity(hashMap, httpHeaders), Map.class, new Object[0]);
    }

    static {
        $assertionsDisabled = !HiAuthClientGatewayController.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(HiAuthClientGatewayController.class);
    }
}
