package com.feingto.cloud.account.web.controller;

import com.fasterxml.jackson.databind.JsonNode;
import com.feingto.cloud.account.aop.annotation.RefreshUserRes;
import com.feingto.cloud.account.config.AppProperties;
import com.feingto.cloud.account.service.IUser;
import com.feingto.cloud.account.service.IUserAuth;
import com.feingto.cloud.account.support.QrCodeCacheHelper;
import com.feingto.cloud.constants.Constants;
import com.feingto.cloud.core.annotation.Log;
import com.feingto.cloud.core.api.annotation.ApiDoc;
import com.feingto.cloud.core.api.annotation.AutoApi;
import com.feingto.cloud.core.api.annotation.Param;
import com.feingto.cloud.core.aspectj.LogMessageObject;
import com.feingto.cloud.core.aspectj.LogUitls;
import com.feingto.cloud.core.context.HandlerContext;
import com.feingto.cloud.core.handler.BaseHandler;
import com.feingto.cloud.core.web.multipart.Base64ToImage;
import com.feingto.cloud.core.web.qrcode.QrCodeUtils;
import com.feingto.cloud.domain.account.User;
import com.feingto.cloud.domain.enums.GrantType;
import com.feingto.cloud.domain.enums.RoleType;
import com.feingto.cloud.domain.enums.SignType;
import com.feingto.cloud.dto.WebResult;
import com.feingto.cloud.dto.message.SendMessage;
import com.feingto.cloud.dto.oauth.TokenRequest;
import com.feingto.cloud.exception.ClientException;
import com.feingto.cloud.kit.DateKit;
import com.feingto.cloud.kit.Identities;
import com.feingto.cloud.kit.reflection.ReflectionKit;
import com.feingto.cloud.security.AuthUtils;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({Constants.BASE_API})
@AutoApi("账户服务")
@RestController
/* loaded from: input_file:BOOT-INF/lib/feingto-account-2.3.3.RELEASE.jar:com/feingto/cloud/account/web/controller/LoginController.class */
public class LoginController {

    @Value("${security.oauth2.client.access-token-uri}")
    protected String accessTokenUri;

    @Resource
    protected AppProperties appProperties;

    @Resource
    protected PasswordEncoder passwordEncoder;

    @Resource
    protected IUser userService;

    @Resource
    protected IUserAuth userAuthService;

    @PostMapping({"/login"})
    @ApiDoc(name = "用户登录", description = "根据应用Key、Secret、登录标识、密码登录并返回令牌(JSON字符串)", params = {@Param(name = "identifier", description = "登录标识（手机号/邮箱/用户名）", required = true), @Param(name = "password", description = "用户密码", required = true), @Param(name = "appKey", description = "应用Key", required = true)})
    public JsonNode login(@RequestParam String str, @RequestParam String str2, @RequestParam String str3) {
        return (JsonNode) Optional.ofNullable(this.userService.findSystemUser(str)).map(user -> {
            String parseException = parseException(user, str2);
            return StringUtils.hasText(parseException) ? WebResult.error(parseException) : AuthUtils.getToken(new TokenRequest().accessTokenUri(this.accessTokenUri).username(str).password(str2).appKey(str3).appSecret(getAppSecret(str3)).grantType(GrantType.PASSWORD));
        }).orElse(WebResult.error("未注册账号"));
    }

    @PostMapping({"/login/qrcode"})
    @ApiDoc(name = "二维码登录", description = "解析Base64编码的二维码图片", params = {@Param(name = "base64Image", description = "Base64编码字符串", required = true)})
    public JsonNode loginByQrcode(@RequestParam String str) {
        return (JsonNode) Optional.of(QrCodeUtils.decode(Base64ToImage.base64ToMutipartFile(str))).filter(QrCodeCacheHelper::has).map(str2 -> {
            return WebResult.success().put("username", str2).put(OAuth2AccessToken.ACCESS_TOKEN, QrCodeCacheHelper.get(str2));
        }).orElse(WebResult.error("无效二维码"));
    }

    @PostMapping({"/login/register"})
    @ApiDoc(name = "用户注册", params = {@Param(name = "identifier", description = "登录标识（手机号/邮箱/用户名）", required = true), @Param(name = "password", description = "用户密码", required = true), @Param(name = "signType", description = "登录类型（USERNAME/MOBILE/EMAIL")})
    @Log(name = "用户注册")
    public JsonNode register(@RequestParam String str, @RequestParam String str2, SignType signType) {
        if (Objects.isNull(signType)) {
            signType = SignType.USERNAME;
        }
        this.userAuthService.register(str, str2, signType, RoleType.USER);
        LogUitls.putArgs(LogMessageObject.Info(String.format("用户注册：[用户名:%s,注册类型:%s]", str, signType)));
        return WebResult.success();
    }

    @PostMapping({"/login/password/reset"})
    @ApiDoc(name = "密码重置", params = {@Param(name = "identifier", description = "登录标识（手机号/邮箱/用户名）", required = true), @Param(name = "redirectUri", description = "回调URI（一般为登录页）", required = true)})
    public JsonNode resetPassword(@RequestParam String str, @RequestParam String str2) {
        return (JsonNode) Optional.ofNullable(this.userService.findSystemUser(str)).map(user -> {
            if (user.getUserRoles().stream().anyMatch(userRole -> {
                return userRole.getRole().isAdminRole();
            })) {
                return WebResult.error("禁止重置超级管理员密码");
            }
            String email = user.getEmail();
            if (StringUtils.isEmpty(email)) {
                return WebResult.error("未绑定邮箱，无法使用找回密码功能");
            }
            String randomBase62 = Identities.randomBase62(10);
            this.userService.updateByProperty(user.getId(), "password", this.passwordEncoder.encode(randomBase62));
            HandlerContext.getHandler().proceed(BaseHandler.Type.SEND_EMAIL, new SendMessage().setSubject("小神龙 - 密码重置").setTo(new String[]{email}).setContent("您的登录密码重置为：" + randomBase62 + "，字母区分大小写，请尽快修改密码。").setRedirectUri(str2).setRedirectText("前往小神龙").setCreatedDate(DateKit.now()));
            return WebResult.success();
        }).orElse(WebResult.error("未注册账号"));
    }

    @ApiDoc(name = "登录后获取用户信息", description = "根据手机号/邮箱/用户名获取用户信息（不返回密码）", params = {@Param(name = "identifier", description = "登录标识（手机号/邮箱/用户名）", required = true)})
    @GetMapping({"/getUserInfo"})
    @RefreshUserRes(value = "#identifier", property = RefreshUserRes.PROPERTY.USER_IDENTIFIER)
    public User getUserInfo(@RequestParam String str) {
        User findSystemUser = this.userService.findSystemUser(str);
        Assert.notNull(findSystemUser, "用户不存在");
        return this.userService.loadResources(findSystemUser.getId());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAppSecret(String str) {
        return (String) Optional.ofNullable(ReflectionKit.getFieldValue(this.appProperties, str)).map(obj -> {
            return (String) obj;
        }).orElseThrow(() -> {
            return new ClientException("应用不存在");
        });
    }

    private String parseException(User user, String str) {
        String str2 = null;
        if (!Objects.nonNull(user)) {
            str2 = "账户不存在";
        } else if (!user.isEnabled()) {
            str2 = "账户已禁用";
        } else if (user.isExpired(SignType.UAA)) {
            str2 = "身份已过期";
        } else if (!user.passwordMatches(str, this.passwordEncoder)) {
            str2 = "密码有误，请重新输入";
        }
        return str2;
    }
}
