package org.yx.http.handler;

import org.yx.annotation.Bean;
import org.yx.base.context.ActionContext;
import org.yx.conf.AppInfo;
import org.yx.exception.BizException;
import org.yx.http.HttpErrorCode;
import org.yx.http.WebUtil;
import org.yx.http.kit.HttpSettings;
import org.yx.http.user.SessionObject;
import org.yx.http.user.UserSession;
import org.yx.http.user.WebSessions;
import org.yx.log.Logs;
import org.yx.util.StringUtil;

@Bean
/* loaded from: input_file:org/yx/http/handler/ReqUserHandler.class */
public class ReqUserHandler implements HttpHandler {
    private boolean tokenMode = AppInfo.getBoolean("sumk.http.session.token", false);

    public int order() {
        return 1200;
    }

    @Override // org.yx.http.handler.HttpHandler
    public void handle(WebContext webContext) throws Exception {
        if (webContext.m5node().requireLogin()) {
            checkSession(WebUtil.getSessionId(), WebUtil.getUserFlag(webContext.httpRequest()));
        }
    }

    public void checkSession(String str, String str2) {
        if (!WebSessions.getSessionIdVerifier().test(str)) {
            Logs.http().warn("sessionId:{}, is not valid", str);
            throw BizException.create(HttpErrorCode.SESSION_ERROR, "token无效");
        }
        UserSession loadUserSession = WebSessions.loadUserSession();
        SessionObject userObject = this.tokenMode ? loadUserSession.getUserObject(str, SessionObject.class) : loadUserSession.loadAndRefresh(str, SessionObject.class);
        if (userObject == null) {
            if (HttpSettings.isSingleLogin() && StringUtil.isNotEmpty(str2) && loadUserSession.sessionId(str2) != null) {
                Logs.http().info("sessionId:{}, login by other place", str);
                throw BizException.create(HttpErrorCode.LOGIN_AGAIN, "您已在其他地方登录！");
            }
            Logs.http().info("sessionId:{}, 没找到对应的session", str);
            throw BizException.create(HttpErrorCode.SESSION_ERROR, "请重新登录");
        }
        ActionContext.current().userId(userObject.getUserId());
        Long expiredTime = userObject.getExpiredTime();
        if (expiredTime == null || expiredTime.longValue() >= System.currentTimeMillis()) {
            return;
        }
        Logs.http().warn("sessionId:{}, expiredTime:{}，使用时间太长", str, expiredTime);
        throw BizException.create(HttpErrorCode.SESSION_ERROR, "session使用时间太长");
    }
}
