package com.artfess.cgpt.sso.controller;

import com.artfess.base.annotation.ApiGroup;
import com.artfess.base.conf.JwtConfig;
import com.artfess.base.conf.SaaSConfig;
import com.artfess.base.controller.BaseController;
import com.artfess.base.enums.ResponseErrorEnums;
import com.artfess.base.exception.BaseException;
import com.artfess.base.exception.CertificateException;
import com.artfess.base.jwt.JwtAuthenticationResponse;
import com.artfess.base.jwt.JwtTokenHandler;
import com.artfess.base.model.CommonResult;
import com.artfess.base.service.LoginLogService;
import com.artfess.base.service.LoginUserService;
import com.artfess.base.util.BeanUtils;
import com.artfess.base.util.EncryptUtil;
import com.artfess.base.util.HttpUtil;
import com.artfess.base.util.IPUtils;
import com.artfess.base.util.StringUtil;
import com.artfess.cgpt.sso.manager.SsoSystemManager;
import com.artfess.cgpt.sso.model.SsoSystem;
import com.artfess.cgpt.sso.vo.AuthVO;
import com.artfess.cgpt.sso.vo.BizSsoAuthVO;
import com.artfess.uc.api.model.IUser;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.util.HashMap;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@Api(tags = {"单点系统配置"})
@RequestMapping({"/ssoSystem/v1/"})
@RestController
@ApiGroup(group = {"group_biz"})
/* loaded from: input_file:com/artfess/cgpt/sso/controller/SsoSystemController.class */
public class SsoSystemController extends BaseController<SsoSystemManager, SsoSystem> {

    @Resource
    JwtTokenHandler jwtTokenHandler;

    @Resource
    UserDetailsService userDetailsService;

    @Resource
    LoginUserService loginUserService;

    @Resource
    JwtConfig jwtConfig;

    @Autowired
    SsoSystemManager ssoSystemManager;

    @Resource
    SaaSConfig saasConfig;

    @Resource
    LoginLogService loginLogService;

    @PostMapping({"/saveEntity"})
    @ApiOperation("添加实体的接口")
    public CommonResult<String> saveEntity(@ApiParam(name = "model", value = "实体信息") @RequestBody SsoSystem ssoSystem) throws Exception {
        return !((SsoSystemManager) this.baseService).insertSsoSystem(ssoSystem) ? new CommonResult<>(ResponseErrorEnums.FAIL_OPTION, (Object) null) : new CommonResult<>();
    }

    @PutMapping({"/"})
    @ApiOperation("更新实体")
    public CommonResult<String> updateById(@ApiParam(name = "model", value = "实体信息") @RequestBody SsoSystem ssoSystem) {
        return !((SsoSystemManager) this.baseService).updateSsoSystem(ssoSystem) ? new CommonResult<>(ResponseErrorEnums.FAIL_OPTION, "更新实体失败") : new CommonResult<>();
    }

    @RequestMapping(value = {"/getTokenOfSso"}, method = {RequestMethod.POST}, produces = {"application/json; charset=utf-8"})
    @ApiOperation(value = "获取token", httpMethod = "POST", notes = "获取token")
    public ResponseEntity<?> getTokenOfSso(@RequestBody BizSsoAuthVO bizSsoAuthVO) throws AuthenticationException, CertificateException {
        HttpServletRequest request = HttpUtil.getRequest();
        QueryWrapper queryWrapper = new QueryWrapper();
        ((QueryWrapper) ((QueryWrapper) queryWrapper.eq("ACCESS_KEY_", bizSsoAuthVO.getAccessKey())).eq("SECRET_KEY_", bizSsoAuthVO.getSecretKey())).last("limit 1");
        SsoSystem ssoSystem = (SsoSystem) ((SsoSystemManager) this.baseService).getBaseMapper().selectOne(queryWrapper);
        if (BeanUtils.isEmpty(ssoSystem)) {
            throw new BaseException("用户不存在或授权过期，请联系管理员");
        }
        if (ssoSystem.getIsIpAstrict().intValue() == 1 && BeanUtils.isNotEmpty(ssoSystem.getIpAddress()) && ssoSystem.getIpAddress().equals(IPUtils.getIpAddr(request))) {
            throw new BaseException("用户不存在或授权过期，请联系管理员");
        }
        HttpSession session = request.getSession();
        IUser loadUserByUsername = this.userDetailsService.loadUserByUsername("admin");
        String generateToken = this.jwtTokenHandler.generateToken(loadUserByUsername);
        String username = loadUserByUsername.getUsername();
        String str = "";
        String str2 = "";
        HashMap hashMap = new HashMap();
        if (loadUserByUsername instanceof IUser) {
            IUser iUser = loadUserByUsername;
            username = iUser.getFullname();
            str = iUser.getAccount();
            str2 = iUser.getUserId();
            request.setAttribute("loginUser", String.format("%s[%s]", username, str));
            hashMap.put("tenantId", iUser.getTenantId());
        }
        session.removeAttribute("_loginTime_");
        this.loginUserService.updateLastLoginTime(str);
        return ResponseEntity.ok(new JwtAuthenticationResponse(generateToken, username, str, str2, Long.valueOf(this.jwtConfig.getExpirationLong()), true, hashMap));
    }

    @RequestMapping(value = {"/authentication"}, method = {RequestMethod.POST}, produces = {"application/json; charset=utf-8"})
    @ApiOperation(value = "第三方系统认证", httpMethod = "POST", notes = "authVO")
    public CommonResult externalSystemAuth(@RequestBody AuthVO authVO) throws Exception {
        if (BeanUtils.isEmpty(authVO.getSysCode())) {
            return new CommonResult("系统编码不能为空");
        }
        if (BeanUtils.isEmpty(authVO.getKey())) {
            return new CommonResult("密匙不能为空");
        }
        QueryWrapper queryWrapper = new QueryWrapper();
        ((QueryWrapper) queryWrapper.eq("SYS_CODE_", authVO.getSysCode())).last("limit 1");
        SsoSystem ssoSystem = (SsoSystem) this.ssoSystemManager.getBaseMapper().selectOne(queryWrapper);
        if (BeanUtils.isEmpty(ssoSystem)) {
            return new CommonResult(false, "系统配置不存在");
        }
        if (BeanUtils.isEmpty(ssoSystem.getAccessKey()) || BeanUtils.isEmpty(ssoSystem.getSecretKey())) {
            return new CommonResult(false, "认证失败");
        }
        if (!EncryptUtil.md5Hex(ssoSystem.getSysCode() + ssoSystem.getAccessKey() + ssoSystem.getSecretKey()).equalsIgnoreCase(authVO.getKey())) {
            return new CommonResult(false, "认证失败");
        }
        HttpServletRequest request = HttpUtil.getRequest();
        request.getSession();
        String ipAddr = IPUtils.getIpAddr(request);
        HttpUtil.isMobile(request);
        if (BeanUtils.isNotEmpty(ssoSystem.getIsIpAstrict()) && ssoSystem.getIsIpAstrict().intValue() == 1 && BeanUtils.isNotEmpty(ssoSystem.getIpAddress()) && ipAddr.equals(ssoSystem.getIpAddress())) {
            return new CommonResult(false, "认证失败");
        }
        return new CommonResult(true, "认证成功", this.jwtTokenHandler.generateToken(this.userDetailsService.loadUserByUsername(ssoSystem.getSysCode())));
    }

    private void handleSingleLogin(boolean z, String str, String str2, String str3) {
        String str4 = z ? "mobile" : "pc";
        if (this.jwtConfig.isSingle()) {
            if (StringUtil.isEmpty(str) && !this.saasConfig.isEnable()) {
                str = "-1";
            }
            this.jwtTokenHandler.putTokenInCache(str4, str, str2, this.jwtConfig.getExpiration(), str3);
        } else {
            this.jwtTokenHandler.putTokenInCache(str4, str, str2, IPUtils.getIpAddr(HttpUtil.getRequest()), this.jwtConfig.getExpiration(), str3);
        }
        this.loginLogService.log(str2, z ? "mobile" : "pc");
    }
}
