package com.vortex.xiaoshan.auth.application.controller;

import com.alibaba.fastjson.JSON;
import com.vortex.xiaoshan.auth.api.constants.AuthenticationConstants;
import com.vortex.xiaoshan.auth.api.dto.RefreshTokenDTO;
import com.vortex.xiaoshan.auth.application.conf.properties.LocalClientSecretProperties;
import com.vortex.xiaoshan.auth.application.helper.StaffHelper;
import com.vortex.xiaoshan.auth.application.utils.DistributedLock;
import com.vortex.xiaoshan.usercenter.api.dto.response.StaffInfoDTO;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/common"})
@RestController
/* loaded from: input_file:com/vortex/xiaoshan/auth/application/controller/CommonLoginController.class */
public class CommonLoginController {

    @Resource
    private LocalClientSecretProperties localClientSecretProperties;

    @Resource(name = "defaultAuthorizationServerTokenServices")
    private AuthorizationServerTokenServices authorizationServerTokenServices;

    @Resource
    private TokenStore tokenStore;

    @Resource
    private RedisTemplate<String, Object> redisTemplate;

    @Resource
    private StaffHelper staffHelper;
    private static final Logger log = LoggerFactory.getLogger(CommonLoginController.class);
    private static String CONCURRENT_LOGIN_LOCK = "concurrent-login-lock";

    @RequestMapping(value = {"/login"}, method = {RequestMethod.POST})
    public ResponseEntity<OAuth2AccessToken> login(Principal principal, String str) {
        return getLocalResponse(principal, str);
    }

    @RequestMapping(value = {"/captchaLogin"}, method = {RequestMethod.POST})
    public ResponseEntity<OAuth2AccessToken> captchaLogin(Principal principal, String str) {
        return getLocalResponse(principal, str);
    }

    private ResponseEntity<OAuth2AccessToken> getLocalResponse(Principal principal, String str) {
        if (!(principal instanceof Authentication)) {
            throw new InsufficientAuthenticationException("用户认证失败！");
        }
        HashSet hashSet = new HashSet();
        hashSet.add("gateway");
        Authentication authentication = (Authentication) principal;
        StaffInfoDTO staff = this.staffHelper.getStaff(authentication.getName());
        HashSet hashSet2 = new HashSet();
        if (StringUtils.isEmpty(str) || !AuthenticationConstants.APP_SCOPE.equals(str)) {
            hashSet2.add(AuthenticationConstants.WEB_SCOPE);
        } else {
            hashSet2.add(AuthenticationConstants.APP_SCOPE);
        }
        OAuth2AccessToken oAuth2AccessToken = null;
        OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(new OAuth2Request((Map) null, this.localClientSecretProperties.getClientId(), Collections.EMPTY_SET, true, hashSet2, hashSet, (String) null, (Set) null, (Map) null), authentication);
        oAuth2Authentication.setAuthenticated(true);
        String str2 = CONCURRENT_LOGIN_LOCK + "-" + str + "-" + staff.getId();
        for (boolean lock = DistributedLock.getLock(str2, "1", 5); !lock; lock = DistributedLock.getLock(str2, "1", 5)) {
            try {
                try {
                    Thread.sleep(500L);
                } catch (InterruptedException e) {
                    log.error(e.getMessage(), e);
                }
            } catch (Throwable th) {
                try {
                    DistributedLock.releaseLock(str2, "1");
                } catch (Exception e2) {
                    log.error(e2.getMessage(), e2);
                }
                throw th;
            }
        }
        try {
            OAuth2AccessToken accessToken = this.authorizationServerTokenServices.getAccessToken(oAuth2Authentication);
            if (accessToken != null && !accessToken.isExpired()) {
                this.tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(accessToken.getValue()));
                this.tokenStore.removeRefreshToken(accessToken.getRefreshToken());
                this.redisTemplate.delete(AuthenticationConstants.ACCESS_TOKEN_INFO + accessToken.getValue());
            }
            oAuth2AccessToken = this.authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
            this.redisTemplate.opsForValue().set(AuthenticationConstants.ACCESS_TOKEN_INFO + oAuth2AccessToken.getValue(), JSON.toJSONString(staff), oAuth2AccessToken.getExpiresIn(), TimeUnit.SECONDS);
            this.staffHelper.loginConfirm(staff.getId().longValue());
            try {
                DistributedLock.releaseLock(str2, "1");
            } catch (Exception e3) {
                log.error(e3.getMessage(), e3);
            }
        } catch (Exception e4) {
            log.error(e4.getMessage(), e4);
            try {
                DistributedLock.releaseLock(str2, "1");
            } catch (Exception e5) {
                log.error(e5.getMessage(), e5);
            }
        }
        return new ResponseEntity<>(oAuth2AccessToken, HttpStatus.OK);
    }

    @RequestMapping(value = {"/logout"}, method = {RequestMethod.POST})
    public ResponseEntity<Boolean> logout(@RequestHeader("Authorization") String str) {
        log.info("Authorization : " + str);
        if (StringUtils.isEmpty(str)) {
            throw new InsufficientAuthenticationException("access Token 不能为空！");
        }
        if (!str.toLowerCase().startsWith("bearer")) {
            throw new InsufficientAuthenticationException("access Token 格式不正确！");
        }
        String substring = str.substring(7);
        log.info("accessToken : " + substring);
        OAuth2AccessToken readAccessToken = this.tokenStore.readAccessToken(substring);
        this.tokenStore.removeAccessToken(new DefaultOAuth2AccessToken(substring));
        this.tokenStore.removeRefreshToken(readAccessToken.getRefreshToken());
        this.redisTemplate.delete(AuthenticationConstants.ACCESS_TOKEN_INFO + substring);
        return new ResponseEntity<>(true, HttpStatus.OK);
    }

    @RequestMapping(value = {"/refresh"}, method = {RequestMethod.POST})
    public ResponseEntity<OAuth2AccessToken> refresh(@RequestBody RefreshTokenDTO refreshTokenDTO, @RequestHeader("Authorization") String str) {
        log.info("Authorization : " + str);
        if (StringUtils.isEmpty(str)) {
            throw new InsufficientAuthenticationException("access Token 不能为空！");
        }
        if (!str.toLowerCase().startsWith("bearer")) {
            throw new InsufficientAuthenticationException("access Token 格式不正确！");
        }
        String substring = str.substring(7);
        log.info("accessToken : " + substring);
        StaffInfoDTO staffInfoDTO = (StaffInfoDTO) JSON.parseObject((String) this.redisTemplate.opsForValue().get(AuthenticationConstants.ACCESS_TOKEN_INFO + substring), StaffInfoDTO.class);
        String refreshToken = refreshTokenDTO.getRefreshToken();
        if (StringUtils.isEmpty(refreshToken)) {
            throw new InsufficientAuthenticationException("refresh Token 不能为空！");
        }
        log.info("refreshToken : " + refreshToken);
        OAuth2AccessToken refreshAccessToken = this.authorizationServerTokenServices.refreshAccessToken(refreshToken, new TokenRequest((Map) null, this.localClientSecretProperties.getClientId(), (Collection) null, (String) null));
        this.redisTemplate.opsForValue().set(AuthenticationConstants.ACCESS_TOKEN_INFO + refreshAccessToken.getValue(), JSON.toJSONString(staffInfoDTO), refreshAccessToken.getExpiresIn(), TimeUnit.SECONDS);
        log.info("删除ak：" + (this.redisTemplate.delete(new StringBuilder().append(AuthenticationConstants.ACCESS_TOKEN_INFO).append(substring).toString()).booleanValue() ? "成功" : "失败"));
        return new ResponseEntity<>(refreshAccessToken, HttpStatus.OK);
    }
}
