package ars.module.people.service;

import ars.database.repository.Repositories;
import ars.database.repository.Repository;
import ars.database.service.event.ServiceListener;
import ars.database.service.event.UpdateEvent;
import ars.invoke.event.InvokeBeforeEvent;
import ars.invoke.event.InvokeListener;
import ars.invoke.request.AccessDeniedException;
import ars.invoke.request.Requester;
import ars.invoke.request.Session;
import ars.invoke.request.Token;
import ars.invoke.request.TokenInvalidException;
import ars.module.people.assist.Passwords;
import ars.module.people.model.Logined;
import ars.module.people.model.Role;
import ars.module.people.model.User;
import ars.util.Beans;
import ars.util.Cache;
import ars.util.Opcodes;
import ars.util.Servers;
import ars.util.SimpleCache;
import ars.util.Strings;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import javax.imageio.ImageIO;

/* loaded from: input_file:ars/module/people/service/StandardAuthService.class */
public class StandardAuthService implements AuthService, InvokeListener<InvokeBeforeEvent>, ServiceListener<UpdateEvent> {
    public static final String TOKEN_CACHE_PREFIX = "token_";
    public static final String TOKEN_KEY_PERMISSION = "permission";
    public static final String SESSION_KEY_ERRORS = "__login_errors";
    public static final String SESSION_KEY_VALID_CODE = "__login_valid_code";
    private String pattern;
    private int errors = 5;
    private Cache cache = new SimpleCache();
    private int timeout = 86400;

    public String getPattern() {
        return this.pattern;
    }

    public void setPattern(String str) {
        this.pattern = str;
    }

    public int getErrors() {
        return this.errors;
    }

    public void setErrors(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("Illegal errors:" + i);
        }
        this.errors = i;
    }

    public Cache getCache() {
        return this.cache;
    }

    public void setCache(Cache cache) {
        this.cache = cache;
    }

    public int getTimeout() {
        return this.timeout;
    }

    public void setTimeout(int i) {
        if (i < 1) {
            throw new IllegalArgumentException("Illegal timeout:" + i);
        }
        this.timeout = i;
    }

    protected void authentication(Requester requester) {
        Token token = requester.getToken();
        if (token == null) {
            throw new TokenInvalidException("error.token.unbound");
        }
        token.validate();
        String str = (String) this.cache.get(TOKEN_CACHE_PREFIX + requester.getUser());
        if (str == null) {
            throw new TokenInvalidException("error.token.unfound");
        }
        if (!str.equals(token.getCode())) {
            throw new TokenInvalidException("error.token.reset");
        }
        String str2 = (String) token.get(TOKEN_KEY_PERMISSION);
        if (str2 == null || !Strings.matches(requester.getUri(), str2)) {
            throw new AccessDeniedException("error.token.unauthorized");
        }
    }

    protected Token doLogin(final Requester requester, final String str, String str2) {
        String operable;
        User user = (User) Repositories.getRepository(User.class).query().eq("code", str).single();
        if (user == null || !str.equals(user.getCode())) {
            throw new AccessDeniedException("error.user.unknown");
        }
        if (user.getActive() != Boolean.TRUE) {
            throw new AccessDeniedException("error.user.disabled");
        }
        if (!Passwords.matches(str2, user.getPassword())) {
            throw new AccessDeniedException("error.user.invalid");
        }
        HashMap hashMap = new HashMap(1);
        if (user.getAdmin().booleanValue()) {
            hashMap.put(TOKEN_KEY_PERMISSION, "*");
        } else {
            HashSet hashSet = new HashSet(user.getRoles().size());
            for (Role role : user.getRoles()) {
                if (role.getActive().booleanValue() && (operable = role.getOperable()) != null) {
                    hashSet.add(operable);
                }
            }
            if (!hashSet.isEmpty()) {
                hashMap.put(TOKEN_KEY_PERMISSION, Strings.join(hashSet, ','));
            }
        }
        Token build = Token.build(Strings.LOCALHOST_ADDRESS, str, this.timeout, hashMap);
        this.cache.set(TOKEN_CACHE_PREFIX + str, build.getCode());
        Servers.execute(new Runnable() { // from class: ars.module.people.service.StandardAuthService.1
            @Override // java.lang.Runnable
            public void run() {
                Repository repository = Repositories.getRepository(Logined.class);
                Logined logined = (Logined) Beans.getInstance(repository.getModel());
                logined.setUser(str);
                logined.setHost(requester.getHost());
                logined.setSpend(Long.valueOf(System.currentTimeMillis() - requester.getCreated().getTime()));
                repository.save(logined);
            }
        });
        return build;
    }

    public void onInvokeEvent(InvokeBeforeEvent invokeBeforeEvent) {
        Requester source = invokeBeforeEvent.getSource();
        if ("people/auth/login".equals(source.getUri()) || "people/auth/verifycode".equals(source.getUri())) {
            return;
        }
        if (this.pattern == null) {
            authentication(source);
            return;
        }
        Requester root = source.getRoot();
        if (root == source) {
            if (Strings.matches(source.getUri(), this.pattern)) {
                authentication(source);
            }
        } else if (Strings.matches(root.getUri(), this.pattern) && Strings.matches(source.getUri(), this.pattern)) {
            authentication(source);
        }
    }

    public void onServiceEvent(UpdateEvent updateEvent) {
        Object entity = updateEvent.getEntity();
        if (entity instanceof User) {
            User user = (User) entity;
            User user2 = (User) Repositories.getRepository(User.class).get(user.getId());
            if (Beans.isEqual(user.getActive(), user2.getActive()) && Beans.isEqual(user.getGroup(), user2.getGroup()) && Beans.isEqual(user.getRoles(), user2.getRoles())) {
                return;
            }
            this.cache.remove(TOKEN_CACHE_PREFIX + user.getCode());
        }
    }

    @Override // ars.module.people.service.AuthService
    public byte[] verifycode(Requester requester) throws IOException {
        String upperCase = Strings.random(Strings.CHARS, 4).toUpperCase();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            ImageIO.write(Opcodes.encode(upperCase), "jpg", byteArrayOutputStream);
            byteArrayOutputStream.close();
            requester.getSession().setAttribute(SESSION_KEY_VALID_CODE, upperCase);
            return byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            byteArrayOutputStream.close();
            throw th;
        }
    }

    @Override // ars.module.people.service.AuthService
    public Token login(Requester requester, String str, String str2) {
        if (this.errors == 0) {
            return doLogin(requester, str, str2);
        }
        Session session = requester.getSession();
        Integer num = (Integer) session.getAttribute(SESSION_KEY_ERRORS);
        if (num != null && num.intValue() >= this.errors) {
            String str3 = (String) requester.getParameter("verifycode");
            if (str3 == null) {
                throw new AccessDeniedException("error.verifycode.required");
            }
            if (!str3.equalsIgnoreCase((String) session.getAttribute(SESSION_KEY_VALID_CODE))) {
                throw new AccessDeniedException("error.verifycode.invalid");
            }
        }
        try {
            try {
                Token doLogin = doLogin(requester, str, str2);
                session.removeAttribute(SESSION_KEY_ERRORS);
                session.removeAttribute(SESSION_KEY_VALID_CODE);
                return doLogin;
            } catch (Exception e) {
                if (num == null) {
                    session.setAttribute(SESSION_KEY_ERRORS, 1);
                } else if (num.intValue() < this.errors) {
                    session.setAttribute(SESSION_KEY_ERRORS, Integer.valueOf(num.intValue() + 1));
                }
                if (e instanceof RuntimeException) {
                    throw ((RuntimeException) e);
                }
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            session.removeAttribute(SESSION_KEY_VALID_CODE);
            throw th;
        }
    }

    @Override // ars.module.people.service.AuthService
    public void logout(Requester requester) {
        this.cache.remove(TOKEN_CACHE_PREFIX + requester.getUser());
    }

    @Override // ars.module.people.service.AuthService
    public boolean permissible(Requester requester, String str) {
        String str2 = (String) requester.getToken().get(TOKEN_KEY_PERMISSION);
        return str2 != null && Strings.matches(str, str2);
    }
}
