package com.zxkxc.cloud.api.service.impl;

import com.zxkxc.cloud.admin.entity.SysParams;
import com.zxkxc.cloud.admin.entity.SysUserToken;
import com.zxkxc.cloud.admin.entity.SysVerify;
import com.zxkxc.cloud.admin.service.SysParamsService;
import com.zxkxc.cloud.admin.service.SysUserTokenService;
import com.zxkxc.cloud.admin.service.SysUsersService;
import com.zxkxc.cloud.admin.service.SysVerifyService;
import com.zxkxc.cloud.api.dto.LoginDto;
import com.zxkxc.cloud.api.dto.RegisterDto;
import com.zxkxc.cloud.api.dto.ResetPassDto;
import com.zxkxc.cloud.api.service.SecurityService;
import com.zxkxc.cloud.common.Constants;
import com.zxkxc.cloud.common.enums.ResultCode;
import com.zxkxc.cloud.common.enums.UserLoginType;
import com.zxkxc.cloud.common.enums.VerifyCodeType;
import com.zxkxc.cloud.common.exception.ServiceException;
import com.zxkxc.cloud.common.model.Claims;
import com.zxkxc.cloud.common.model.LoginRes;
import com.zxkxc.cloud.common.utils.JwtUtil;
import com.zxkxc.cloud.common.utils.StringsUtil;
import com.zxkxc.cloud.common.utils.cache.EhCacheUtil;
import com.zxkxc.cloud.common.utils.date.LocalDateUtil;
import com.zxkxc.cloud.extension.security.UserDetail;
import com.zxkxc.cloud.logs.manager.AsyncManager;
import com.zxkxc.cloud.logs.manager.factory.AsyncFactory;
import jakarta.annotation.Resource;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.util.HashMap;
import java.util.Map;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.stereotype.Service;

@Service("SecurityService")
/* loaded from: input_file:com/zxkxc/cloud/api/service/impl/SecurityServiceImpl.class */
public class SecurityServiceImpl implements SecurityService {
    private static final String LOGIN_RETRY_CACHE_KEY_SUFFIX = "_login_retry_time";
    private static final String LOGIN_LOCK_CACHE_KEY_SUFFIX = "_login_lock_time";
    private static final String LOGIN_RETRY_PARAM_KEY = "system.password.retry.time";
    private static final String LOGIN_LOCK_PARAM_KEY = "system.password.lock.minutes";
    private static final String LOGIN_VERIFY_SOURCES_PARAM_KEY = "system.login.verify.sources";
    private static final String LOGIN_CAPTCHA_ENABLE_PARAM_KEY = "system.login.captcha.enable";
    private static final String LOGIN_CAPTCHA_ENABLE_RETRY_PARAM_KEY = "system.login.captcha.password.retry_time";
    private static final String LOGIN_SMS_CODE_ENABLE_PARAM_KEY = "system.login.smscode.enable";
    private static final String LOGIN_SMS_CODE_ENABLE_RETRY_PARAM_KEY = "system.login.smscode.password.retry_time";

    @Resource
    private AuthenticationManager authenticationManager;
    private final SysUsersService sysUsersService;
    private final SysParamsService sysParamsService;
    private final SysVerifyService sysVerifyService;
    private final SysUserTokenService sysUserTokenService;

    public SecurityServiceImpl(SysUsersService sysUsersService, SysParamsService sysParamsService, SysVerifyService sysVerifyService, SysUserTokenService sysUserTokenService) {
        this.sysUsersService = sysUsersService;
        this.sysParamsService = sysParamsService;
        this.sysVerifyService = sysVerifyService;
        this.sysUserTokenService = sysUserTokenService;
    }

    @Override // com.zxkxc.cloud.api.service.SecurityService
    public LoginRes login(LoginDto loginDto) {
        try {
            checkLoginAllow(loginDto);
            checkLoginCaptcha(loginDto);
            checkLoginSmsCode(loginDto);
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(loginDto.getUsername(), loginDto.getPassword());
            usernamePasswordAuthenticationToken.setDetails(loginDto);
            UserDetail userDetail = (UserDetail) this.authenticationManager.authenticate(usernamePasswordAuthenticationToken).getPrincipal();
            Claims claims = new Claims();
            claims.setUserId(userDetail.getUsers().getUserId());
            claims.setUserName(userDetail.getUsers().getUserName());
            claims.setUserRoles(userDetail.getAuthorities().stream().map((v0) -> {
                return v0.getAuthority();
            }).toList());
            LoginRes loginRes = new LoginRes();
            loginRes.setAccessToken(JwtUtil.createAccessToken(claims));
            loginRes.setExpiresIn(claims.getExp());
            loginRes.setRefreshToken(JwtUtil.createRefreshToken(claims));
            this.sysUserTokenService.insertUserToken(claims.getUserId(), loginRes.getAccessToken(), loginRes.getRefreshToken());
            AsyncManager.me().execute(AsyncFactory.recordLoginInfo(loginDto.getUsername(), "0", "登录成功", new Object[0]));
            String username = loginDto.getUsername();
            EhCacheUtil.deleteCacheValue(Constants.BASIC_CACHE_NAME, username + "_login_retry_time");
            EhCacheUtil.deleteCacheValue(Constants.BASIC_CACHE_NAME, username + "_login_lock_time");
            return loginRes;
        } catch (Exception e) {
            AsyncManager.me().execute(AsyncFactory.recordLoginInfo(loginDto.getUsername(), "1", e.getMessage(), new Object[0]));
            throw new ServiceException(ResultCode.USER_LOGIN_ERROR, e.getMessage(), getReturnResult(loginDto));
        }
    }

    private void checkLoginAllow(LoginDto loginDto) {
        String str = loginDto.getUsername() + "_login_lock_time";
        Object cacheValue = EhCacheUtil.getCacheValue(Constants.BASIC_CACHE_NAME, str);
        SysParams paramByKey = this.sysParamsService.getParamByKey(LOGIN_LOCK_PARAM_KEY);
        if (cacheValue == null || paramByKey == null) {
            return;
        }
        long chronoUnitBetween = LocalDateUtil.getChronoUnitBetween(LocalDateTime.now(), LocalDateUtil.parseLocalDateTime(String.valueOf(cacheValue), "yyyy-MM-dd HH:mm:ss"), ChronoUnit.MINUTES);
        long parseLong = Long.parseLong(paramByKey.getParamValue().trim());
        if (chronoUnitBetween >= parseLong) {
            EhCacheUtil.deleteCacheValue(Constants.BASIC_CACHE_NAME, str);
        } else {
            throw new ServiceException(ResultCode.USER_LOGIN_ERROR, "登录失败次数达到上限，请" + (parseLong - chronoUnitBetween) + "分钟后再试");
        }
    }

    private void checkLoginCaptcha(LoginDto loginDto) {
        SysParams paramByKey;
        SysParams paramByKey2;
        SysParams paramByKey3;
        Object cacheValue = EhCacheUtil.getCacheValue(Constants.BASIC_CACHE_NAME, loginDto.getUsername() + "_login_retry_time");
        if (cacheValue == null || (paramByKey = this.sysParamsService.getParamByKey(LOGIN_VERIFY_SOURCES_PARAM_KEY)) == null || !paramByKey.getParamValue().contains(loginDto.getLoginSource()) || (paramByKey2 = this.sysParamsService.getParamByKey(LOGIN_CAPTCHA_ENABLE_PARAM_KEY)) == null || !Boolean.parseBoolean(paramByKey2.getParamValue().trim()) || (paramByKey3 = this.sysParamsService.getParamByKey(LOGIN_CAPTCHA_ENABLE_RETRY_PARAM_KEY)) == null) {
            return;
        }
        if (Integer.parseInt(String.valueOf(cacheValue)) < Integer.parseInt(paramByKey3.getParamValue())) {
            return;
        }
        String captcha = loginDto.getCaptcha();
        String checkKey = loginDto.getCheckKey();
        if (StringsUtil.isNotEmpty(captcha) && StringsUtil.isNotEmpty(checkKey)) {
            if (captcha.toLowerCase().equals(EhCacheUtil.getCacheValue(Constants.BASIC_CACHE_NAME, checkKey))) {
                EhCacheUtil.deleteCacheValue(Constants.BASIC_CACHE_NAME, checkKey);
                return;
            }
        }
        throw new ServiceException(ResultCode.USER_LOGIN_ERROR, "验证码错误，请核对");
    }

    private void checkLoginSmsCode(LoginDto loginDto) {
        SysParams paramByKey;
        SysParams paramByKey2;
        SysParams paramByKey3;
        SysVerify findVerify;
        Object cacheValue = EhCacheUtil.getCacheValue(Constants.BASIC_CACHE_NAME, loginDto.getUsername() + "_login_retry_time");
        if (cacheValue == null || (paramByKey = this.sysParamsService.getParamByKey(LOGIN_VERIFY_SOURCES_PARAM_KEY)) == null || !paramByKey.getParamValue().contains(loginDto.getLoginSource()) || (paramByKey2 = this.sysParamsService.getParamByKey(LOGIN_SMS_CODE_ENABLE_PARAM_KEY)) == null || !Boolean.parseBoolean(paramByKey2.getParamValue().trim()) || (paramByKey3 = this.sysParamsService.getParamByKey(LOGIN_SMS_CODE_ENABLE_RETRY_PARAM_KEY)) == null) {
            return;
        }
        if (Integer.parseInt(String.valueOf(cacheValue)) < Integer.parseInt(paramByKey3.getParamValue())) {
            return;
        }
        String mobile = loginDto.getMobile();
        String smsCode = loginDto.getSmsCode();
        if (!StringsUtil.isNotEmpty(mobile) || !StringsUtil.isNotEmpty(smsCode) || (findVerify = this.sysVerifyService.findVerify(VerifyCodeType.LOGIN.getValue(), mobile)) == null || !findVerify.getVerifyCode().equals(smsCode) || LocalDateUtil.getChronoUnitBetween(LocalDateTime.now(), findVerify.getCreateTime(), ChronoUnit.MINUTES) >= 10) {
            throw new ServiceException(ResultCode.USER_LOGIN_ERROR, "短信验证码错误，请核对");
        }
        this.sysVerifyService.deleteVerify(VerifyCodeType.LOGIN.getValue(), mobile);
    }

    private Map<String, Object> getReturnResult(LoginDto loginDto) {
        HashMap hashMap = new HashMap(2);
        String username = loginDto.getUsername();
        if (StringsUtil.isEmpty(username)) {
            return hashMap;
        }
        String str = username + "_login_retry_time";
        Object cacheValue = EhCacheUtil.getCacheValue(Constants.BASIC_CACHE_NAME, str);
        int parseInt = cacheValue == null ? 1 : Integer.parseInt(String.valueOf(cacheValue)) + 1;
        SysParams paramByKey = this.sysParamsService.getParamByKey(LOGIN_VERIFY_SOURCES_PARAM_KEY);
        if (paramByKey != null && paramByKey.getParamValue().contains(loginDto.getLoginSource())) {
            if (isParamEnabled(LOGIN_CAPTCHA_ENABLE_PARAM_KEY) && isRetryLimitReached(parseInt, LOGIN_CAPTCHA_ENABLE_RETRY_PARAM_KEY)) {
                hashMap.put("captcha_enable", true);
            }
            if (isParamEnabled(LOGIN_SMS_CODE_ENABLE_PARAM_KEY) && isRetryLimitReached(parseInt, LOGIN_SMS_CODE_ENABLE_RETRY_PARAM_KEY)) {
                hashMap.put("mobile_enable", true);
            }
        }
        SysParams paramByKey2 = this.sysParamsService.getParamByKey(LOGIN_RETRY_PARAM_KEY);
        SysParams paramByKey3 = this.sysParamsService.getParamByKey(LOGIN_LOCK_PARAM_KEY);
        if (paramByKey2 != null && paramByKey3 != null) {
            EhCacheUtil.setCacheValue(Constants.BASIC_CACHE_NAME, str, String.valueOf(parseInt));
            if (parseInt > Integer.parseInt(paramByKey2.getParamValue().trim())) {
                EhCacheUtil.setCacheValue(Constants.BASIC_CACHE_NAME, username + "_login_lock_time", LocalDateUtil.getLocalDateTimeStr());
            }
        }
        return hashMap;
    }

    private boolean isParamEnabled(String str) {
        SysParams paramByKey = this.sysParamsService.getParamByKey(str);
        return paramByKey != null && Boolean.parseBoolean(paramByKey.getParamValue().trim());
    }

    private boolean isRetryLimitReached(int i, String str) {
        SysParams paramByKey = this.sysParamsService.getParamByKey(str);
        return paramByKey != null && i >= Integer.parseInt(paramByKey.getParamValue());
    }

    @Override // com.zxkxc.cloud.api.service.SecurityService
    public void register(RegisterDto registerDto) {
        if (UserLoginType.MOBILE.getValue().equals(registerDto.getRegisterType())) {
            this.sysUsersService.registerAccountForUserMobile(registerDto.getUsername(), registerDto.getMobile(), registerDto.getSmsCode(), registerDto.getPassword(), registerDto.getPassword2());
        }
    }

    @Override // com.zxkxc.cloud.api.service.SecurityService
    public void resetPassword(ResetPassDto resetPassDto) {
        this.sysUsersService.resetUserPassForCaptcha(resetPassDto.getResetType(), resetPassDto.getUsername(), resetPassDto.getCaptcha(), resetPassDto.getPassword(), resetPassDto.getPassword2());
    }

    @Override // com.zxkxc.cloud.api.service.SecurityService
    public void logout(String str) {
        if (this.sysUserTokenService.findByAccessToken(str) != null) {
            this.sysUserTokenService.deleteByAccessToken(str);
        }
    }

    @Override // com.zxkxc.cloud.api.service.SecurityService
    public LoginRes refreshToken(String str) throws ServiceException {
        SysUserToken findByRefreshToken = this.sysUserTokenService.findByRefreshToken(str);
        if (findByRefreshToken == null) {
            throw new ServiceException(ResultCode.INVALID_REFRESH_TOKEN);
        }
        Claims verifyToken = JwtUtil.verifyToken(str, true);
        LoginRes loginRes = new LoginRes();
        loginRes.setAccessToken(JwtUtil.createAccessToken(verifyToken));
        loginRes.setExpiresIn(verifyToken.getExp());
        loginRes.setRefreshToken(JwtUtil.createRefreshToken(verifyToken));
        findByRefreshToken.setAccessToken(loginRes.getAccessToken());
        findByRefreshToken.setRefreshToken(loginRes.getRefreshToken());
        findByRefreshToken.setModifyTime(LocalDateTime.now());
        this.sysUserTokenService.update(findByRefreshToken);
        return loginRes;
    }
}
