package io.gitee.mingbaobaba.security.oauth2.starter.endpoint;

import io.gitee.mingbaobaba.security.core.annotion.SecurityIgnore;
import io.gitee.mingbaobaba.security.core.domain.SecurityUserDetails;
import io.gitee.mingbaobaba.security.core.exception.SecurityBaseException;
import io.gitee.mingbaobaba.security.core.exception.SecurityBusinessException;
import io.gitee.mingbaobaba.security.core.factory.SecurityFactory;
import io.gitee.mingbaobaba.security.core.properties.SecurityProperties;
import io.gitee.mingbaobaba.security.core.repository.SecurityCaptchaRepository;
import io.gitee.mingbaobaba.security.core.request.SecurityRequest;
import io.gitee.mingbaobaba.security.core.response.SecurityResponseWrapper;
import io.gitee.mingbaobaba.security.core.service.SecurityService;
import io.gitee.mingbaobaba.security.core.service.SecurityUserDetailsService;
import io.gitee.mingbaobaba.security.core.utils.SecurityUtil;
import io.gitee.mingbaobaba.security.oauth2.SecurityOauth2Manager;
import io.gitee.mingbaobaba.security.oauth2.domain.SecurityOauth2Client;
import io.gitee.mingbaobaba.security.oauth2.domain.SecurityOauth2Details;
import io.gitee.mingbaobaba.security.oauth2.enums.GrantType;
import io.gitee.mingbaobaba.security.oauth2.exception.SecurityOauth2Exception;
import io.gitee.mingbaobaba.security.oauth2.service.SecurityOauth2Service;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;

@SecurityIgnore
@RestController
/* loaded from: input_file:io/gitee/mingbaobaba/security/oauth2/starter/endpoint/SecurityOauth2Endpoint.class */
public class SecurityOauth2Endpoint {
    private static final Logger log = LoggerFactory.getLogger(SecurityOauth2Endpoint.class);

    @GetMapping({"/oauth2/authorize"})
    public ModelAndView authorize(ModelAndView modelAndView) {
        SecurityOauth2Service securityOauth2Service = SecurityOauth2Manager.getSecurityOauth2Service();
        SecurityOauth2Client buildLoginModel = securityOauth2Service.buildLoginModel(GrantType.AUTHORIZATION_CODE);
        if (Boolean.TRUE.equals(SecurityUtil.isLogin())) {
            modelAndView.setViewName(buildRedirectUrl(buildLoginModel.getRedirectUri() + (buildLoginModel.getRedirectUri().contains("?") ? "&" : "?") + "code=" + securityOauth2Service.generateAuthorizationCode(SecurityUtil.getCurrentTokenValue()) + "&state=" + (StringUtils.isNoneBlank(new CharSequence[]{buildLoginModel.getState()}) ? buildLoginModel.getState() : "")));
        } else {
            buildRedirectView(modelAndView, buildLoginModel);
        }
        return modelAndView;
    }

    @PostMapping({"/oauth2/login"})
    public ModelAndView login(ModelAndView modelAndView) {
        SecurityOauth2Service securityOauth2Service = SecurityOauth2Manager.getSecurityOauth2Service();
        SecurityRequest securityRequest = (SecurityRequest) SecurityFactory.getSecurityRequest.get();
        try {
        } catch (SecurityBaseException e) {
            modelAndView.getModel().put("errorMsg", e.getMessage());
            buildRedirectView(modelAndView, SecurityOauth2Client.builder().clientId(securityRequest.getParameter("client_id")).clientSecret(securityRequest.getParameter("client_secret")).scope(securityRequest.getParameter("scope")).responseType(securityRequest.getParameter("response_type")).redirectUri(securityRequest.getParameter("redirect_uri")).state(securityRequest.getParameter("state")).build());
        }
        if (((SecurityProperties) SecurityFactory.getConfig.get()).getLoginConfig().isDisabled()) {
            throw new SecurityOauth2Exception("1022", "登录操作被禁用");
        }
        if (Boolean.TRUE.equals(Boolean.valueOf(((SecurityProperties) SecurityFactory.getConfig.get()).getLoginConfig().isCaptchaEnabled()))) {
            if (Boolean.FALSE.equals(((SecurityCaptchaRepository) SecurityFactory.getSecurityCaptchaRepository.get()).validCaptcha(securityRequest.getParameterNonNull("captchaSeqId"), securityRequest.getParameterNonNull("code")))) {
                throw new SecurityBusinessException("1023", "验证码错误");
            }
        }
        String parameterNonNull = securityRequest.getParameterNonNull("response_type");
        if ("code".equals(parameterNonNull)) {
            authorizationCodeGrant(securityOauth2Service, modelAndView);
        } else {
            if (!"token".equals(parameterNonNull)) {
                throw new SecurityOauth2Exception("2008", "未识别的responseType");
            }
            implicitGrant(securityOauth2Service, modelAndView);
        }
        return modelAndView;
    }

    @PostMapping({"/oauth2/confirm"})
    public ModelAndView confirm(ModelAndView modelAndView) {
        try {
            SecurityOauth2Service securityOauth2Service = SecurityOauth2Manager.getSecurityOauth2Service();
            SecurityRequest securityRequest = (SecurityRequest) SecurityFactory.getSecurityRequest.get();
            String parameterNonNull = securityRequest.getParameterNonNull("confirm_type");
            String parameterNonNull2 = securityRequest.getParameterNonNull("code");
            if ("approve".equals(parameterNonNull)) {
                modelAndView.setViewName(buildRedirectUrl(securityOauth2Service.buildAuthorizationCodeUri(parameterNonNull2)));
            } else {
                if (!"deny".equals(parameterNonNull)) {
                    throw new SecurityOauth2Exception("无法识别的确认类型");
                }
                modelAndView.setViewName(buildRedirectUrl("/oauth2/revoke?code=" + parameterNonNull2));
            }
        } catch (SecurityBaseException e) {
            log.error("授权确认异常：{}", e.getMessage());
            modelAndView.getModel().put("errorMsg", e.getMessage());
            modelAndView.setViewName("error.html");
        }
        return modelAndView;
    }

    @GetMapping({"/oauth2/revoke"})
    public ModelAndView revoke(ModelAndView modelAndView) {
        SecurityOauth2Service securityOauth2Service = SecurityOauth2Manager.getSecurityOauth2Service();
        String parameter = ((SecurityRequest) SecurityFactory.getSecurityRequest.get()).getParameter("code");
        if (StringUtils.isNoneBlank(new CharSequence[]{parameter})) {
            securityOauth2Service.revokeAuthorization(parameter);
        }
        if (StringUtils.isBlank(SecurityOauth2Manager.getConfig().getRevokePage())) {
            modelAndView.setViewName("athena-security-oauth2/revoke.html");
        } else {
            modelAndView.setViewName(buildRedirectUrl(SecurityOauth2Manager.getConfig().getRevokePage()));
        }
        return modelAndView;
    }

    @PostMapping({"/oauth2/token"})
    public Object token() {
        SecurityResponseWrapper securityResponseWrapper = (SecurityResponseWrapper) SecurityFactory.getSecurityResponseWrapper.get();
        try {
            SecurityOauth2Service securityOauth2Service = SecurityOauth2Manager.getSecurityOauth2Service();
            SecurityRequest securityRequest = (SecurityRequest) SecurityFactory.getSecurityRequest.get();
            String parameterNonNull = securityRequest.getParameterNonNull("grant_type");
            if (GrantType.AUTHORIZATION_CODE.getCode().equals(parameterNonNull)) {
                return securityResponseWrapper.wrapper(securityOauth2Service.getAccessTokenByAuthorizationCode(securityRequest.getParameterNonNull("code")), false, (SecurityBaseException) null);
            }
            if (GrantType.PASSWORD.getCode().equals(parameterNonNull)) {
                securityRequest.setAttribute("response_type", "token");
                return securityResponseWrapper.wrapper(securityOauth2Service.grantAuthorizationLogin(securityOauth2Service.buildLoginModel(GrantType.PASSWORD), GrantType.PASSWORD), false, (SecurityBaseException) null);
            }
            if (!GrantType.CLIENT_CREDENTIALS.getCode().equals(parameterNonNull)) {
                throw new SecurityOauth2Exception("2011", "无效的授权类型");
            }
            securityRequest.setAttribute("response_type", "token");
            return securityResponseWrapper.wrapper(securityOauth2Service.grantAuthorizationLogin(securityOauth2Service.buildLoginModel(GrantType.CLIENT_CREDENTIALS), GrantType.CLIENT_CREDENTIALS), false, (SecurityBaseException) null);
        } catch (SecurityBaseException e) {
            log.error("token认证错误,异常原因：{}，错误码：{}", e.getMessage(), e.getCode());
            return securityResponseWrapper.wrapper(e.getMessage(), true, e);
        }
    }

    @PostMapping({"/oauth2/userinfo"})
    public Object userInfo() {
        return ((SecurityResponseWrapper) SecurityFactory.getSecurityResponseWrapper.get()).wrapper(getUserInfoMap(((SecurityRequest) SecurityFactory.getSecurityRequest.get()).getParameterNonNull("access_token")), false, (SecurityBaseException) null);
    }

    @PostMapping({"/oauth2/refresh"})
    public Object refresh() {
        SecurityResponseWrapper securityResponseWrapper = (SecurityResponseWrapper) SecurityFactory.getSecurityResponseWrapper.get();
        try {
            return securityResponseWrapper.wrapper(SecurityOauth2Manager.getSecurityOauth2Service().refreshToken(), false, (SecurityBaseException) null);
        } catch (SecurityBaseException e) {
            log.error("刷新token错误,异常原因：{}，错误码：{}", e.getMessage(), e.getCode());
            return securityResponseWrapper.wrapper(e.getMessage(), true, e);
        }
    }

    private Map<String, String> getUserInfoMap(String str) {
        SecurityOauth2Details userInfo = SecurityOauth2Manager.getSecurityOauth2Service().getUserInfo(str);
        if (Objects.isNull(userInfo)) {
            throw new SecurityOauth2Exception("2010", "无效的访问token");
        }
        ((SecurityService) SecurityUtil.securityService.get()).checkToken(str);
        SecurityUserDetails findSecurityUserDetailsByLoginId = ((SecurityUserDetailsService) SecurityFactory.getSecurityUserDetailsService.get()).findSecurityUserDetailsByLoginId(userInfo.getLoginId());
        HashMap hashMap = new HashMap();
        hashMap.put("loginId", userInfo.getLoginId());
        hashMap.put("username", findSecurityUserDetailsByLoginId.getUsername());
        hashMap.put("name", findSecurityUserDetailsByLoginId.getName());
        return hashMap;
    }

    private void implicitGrant(SecurityOauth2Service securityOauth2Service, ModelAndView modelAndView) {
        modelAndView.setViewName(buildRedirectUrl(securityOauth2Service.buildImplicitGrantUri()));
    }

    private void authorizationCodeGrant(SecurityOauth2Service securityOauth2Service, ModelAndView modelAndView) {
        String generateAuthorizationCode = securityOauth2Service.generateAuthorizationCode();
        if (Boolean.TRUE.equals(SecurityOauth2Manager.getConfig().getAutoAgreeAuthorization())) {
            modelAndView.setViewName(buildRedirectUrl(securityOauth2Service.buildAuthorizationCodeUri(generateAuthorizationCode)));
            return;
        }
        SecurityOauth2Client buildLoginModel = securityOauth2Service.buildLoginModel(GrantType.AUTHORIZATION_CODE);
        String confirmPage = SecurityOauth2Manager.getConfig().getConfirmPage();
        if (!StringUtils.isBlank(confirmPage)) {
            modelAndView.setViewName(buildRedirectUrl(confirmPage.contains("?") ? "&" : "?client_name=" + buildLoginModel.getClientName() + "&scope=" + buildLoginModel.getScope() + "&code=" + generateAuthorizationCode));
            return;
        }
        modelAndView.getModel().put("securityClientModel", buildLoginModel);
        modelAndView.getModel().put("code", generateAuthorizationCode);
        modelAndView.setViewName("athena-security-oauth2/confirm.html");
    }

    private void buildRedirectView(ModelAndView modelAndView, SecurityOauth2Client securityOauth2Client) {
        if (!StringUtils.isBlank(SecurityOauth2Manager.getConfig().getLoginPage())) {
            String str = (SecurityOauth2Manager.getConfig().getLoginPage().contains("?") ? "&" : "?") + "client_id=" + securityOauth2Client.getClientId() + "&client_secret=" + securityOauth2Client.getClientSecret() + "&response_type=" + securityOauth2Client.getResponseType() + "&scope=" + securityOauth2Client.getScope() + "&redirect_uri=" + securityOauth2Client.getRedirectUri() + "&state=" + securityOauth2Client.getState();
            String str2 = (String) modelAndView.getModel().get("errorMsg");
            if (StringUtils.isNoneBlank(new CharSequence[]{str2})) {
                str = str + "&errorMsg=" + str2;
            }
            modelAndView.setViewName(buildRedirectUrl(str));
            return;
        }
        modelAndView.getModel().put("client_id", securityOauth2Client.getClientId());
        modelAndView.getModel().put("client_secret", securityOauth2Client.getClientSecret());
        modelAndView.getModel().put("response_type", securityOauth2Client.getResponseType());
        modelAndView.getModel().put("scope", securityOauth2Client.getScope());
        modelAndView.getModel().put("redirect_uri", securityOauth2Client.getRedirectUri());
        modelAndView.getModel().put("state", securityOauth2Client.getState());
        modelAndView.getModel().put("loginTitle", ((SecurityProperties) SecurityFactory.getConfig.get()).getLoginConfig().getLoginTitle());
        modelAndView.getModel().put("copyright", ((SecurityProperties) SecurityFactory.getConfig.get()).getLoginConfig().getCopyright());
        modelAndView.setViewName("athena-security-oauth2/login.html");
    }

    private String buildRedirectUrl(String str) {
        return "redirect:" + str;
    }
}
