package com.feingto.cloud.account.web.controller;

import com.fasterxml.jackson.databind.JsonNode;
import com.feingto.cloud.core.annotation.Log;
import com.feingto.cloud.core.api.annotation.ApiDoc;
import com.feingto.cloud.core.api.annotation.AutoApi;
import com.feingto.cloud.core.api.annotation.Param;
import com.feingto.cloud.core.aspectj.LogMessageObject;
import com.feingto.cloud.core.aspectj.LogUitls;
import com.feingto.cloud.data.jpa.specification.bean.Condition;
import com.feingto.cloud.domain.account.User;
import com.feingto.cloud.domain.account.UserAuth;
import com.feingto.cloud.domain.enums.GrantType;
import com.feingto.cloud.domain.enums.ParamPosition;
import com.feingto.cloud.domain.enums.SignType;
import com.feingto.cloud.dto.WebResult;
import com.feingto.cloud.dto.oauth.TokenRequest;
import com.feingto.cloud.exception.ClientException;
import com.feingto.cloud.kit.DateKit;
import com.feingto.cloud.kit.json.JSON;
import com.feingto.cloud.security.AuthUtils;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.hibernate.Hibernate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.HttpClientErrorException;

@RequestMapping({"/api/v1/3rd"})
@AutoApi("账户服务")
@RestController
/* loaded from: input_file:BOOT-INF/lib/feingto-account-2.3.3.RELEASE.jar:com/feingto/cloud/account/web/controller/ThirdpartyController.class */
public class ThirdpartyController extends LoginController {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ThirdpartyController.class);

    @PostMapping({"/getTokenByThirdparty"})
    @ApiDoc(name = "授权码模式获取第三方令牌信息", body = true, params = {@Param(name = "request", description = "令牌模型")})
    public JsonNode getTokenByThirdparty(@RequestBody TokenRequest tokenRequest) {
        return AuthUtils.getToken(tokenRequest.grantType(GrantType.AUTHORIZATION_CODE), false);
    }

    @ApiDoc(name = "第三方登录", description = "返回包含令牌的JSON字符串", params = {@Param(name = "username", description = "登录用户名", required = true), @Param(name = "signType", description = "登录类型", required = true), @Param(name = "appKey", description = "应用Key", required = true)})
    @GetMapping({"/login"})
    public JsonNode login(@RequestParam String str, @RequestParam SignType signType, @RequestParam String str2) {
        String str3;
        UserAuth findOne = this.userAuthService.findOne(Condition.build().eq("appKey", str2).eq("identifier", str).eq("signType", signType));
        if (Objects.isNull(findOne)) {
            log.debug("未注册应用跳转至绑定页");
            return WebResult.success("首次登录绑定用户").put("redirect", true);
        }
        if (findOne.isExpired()) {
            log.debug("令牌已过期");
            try {
                str3 = (String) Optional.of(AuthUtils.getToken(new TokenRequest().accessTokenUri(this.accessTokenUri).appKey(str2).appSecret(getAppSecret(str2)).refreshToken(findOne.getRefreshToken()).grantType(GrantType.REFRESH_TOKEN))).filter(jsonNode -> {
                    return jsonNode.has(OAuth2AccessToken.ACCESS_TOKEN);
                }).map(jsonNode2 -> {
                    log.debug("令牌已过期并且刷新令牌未过期则通过刷新令牌获取新令牌并更新用户授权信息");
                    String asText = jsonNode2.get(OAuth2AccessToken.ACCESS_TOKEN).asText();
                    this.userAuthService.save(findOne.setCredential(asText).setRefreshToken(jsonNode2.get(OAuth2AccessToken.REFRESH_TOKEN).asText(null)).setExpiredDate(jsonNode2.has(OAuth2AccessToken.EXPIRES_IN) ? DateKit.getAfterOf(new Date(), jsonNode2.get(OAuth2AccessToken.EXPIRES_IN).asInt(), 13) : null));
                    return asText;
                }).orElseThrow(() -> {
                    return new ClientException("获取令牌失败");
                });
            } catch (HttpClientErrorException e) {
                log.debug("令牌和刷新令牌都已过期则跳转至绑定页");
                return WebResult.success("身份已过期，请输入密码确认").put("redirect", true);
            }
        } else {
            str3 = findOne.getCredential();
            log.debug("令牌未过期直接返回密码凭证：{}{}", System.lineSeparator(), str3);
        }
        return JSON.JSONObject().put(OAuth2AccessToken.ACCESS_TOKEN, str3);
    }

    @ApiDoc(name = "第三方列表", description = "返回第三方应用集合", params = {@Param(name = "identifier", description = "登录标识", position = ParamPosition.PATH), @Param(name = "appKey", description = "应用Key", required = true)})
    @GetMapping({"/{identifier}"})
    public List<UserAuth> list(@PathVariable String str, @RequestParam String str2) {
        return this.userAuthService.findAll(Condition.build().eq("identifier", str).eq("appKey", str2).ne("signType", SignType.USERNAME).ne("signType", SignType.MOBILE).ne("signType", SignType.EMAIL));
    }

    @PostMapping({"/bind"})
    @ApiDoc(name = "第三方绑定", description = "包含令牌的JSON字符串", body = true, params = {@Param(name = "request", description = "令牌模型")})
    @Log(name = "第三方绑定")
    public JsonNode bind(@RequestBody TokenRequest tokenRequest) {
        tokenRequest.appSecret(getAppSecret(tokenRequest.appKey()));
        String username = tokenRequest.username();
        User findSystemUser = this.userService.findSystemUser(username);
        if (Objects.isNull(findSystemUser)) {
            findSystemUser = this.userAuthService.register(username, tokenRequest.password(), SignType.USERNAME, tokenRequest.role());
        } else if (!findSystemUser.passwordMatches(tokenRequest.password(), this.passwordEncoder)) {
            return WebResult.error("密码有误，请重新输入");
        }
        findSystemUser.setRealName(tokenRequest.realName());
        findSystemUser.setAvatar(tokenRequest.avatar());
        this.userService.save(findSystemUser);
        LogUitls.putArgs(LogMessageObject.Info(String.format("用户%s绑定了%s账户", username, tokenRequest.signType())));
        return this.userAuthService.bind(findSystemUser.getId(), tokenRequest);
    }

    @PostMapping({"/unbind"})
    @ApiDoc(name = "第三方解绑", params = {@Param(name = "identifier", description = "登录标识", required = true), @Param(name = "signType", description = "登录类型", required = true), @Param(name = "appKey", description = "应用Key", required = true)})
    @Log(name = "第三方解绑")
    public JsonNode unbind(@RequestParam String str, @RequestParam SignType signType, @RequestParam String str2) {
        this.userAuthService.setLazyInitializer(userAuth -> {
            Hibernate.initialize(userAuth.getUser());
        });
        User user = this.userAuthService.findOne(Condition.build().eq("identifier", str).eq("appKey", str2).eq("signType", signType)).getUser();
        user.getUserAuths().removeIf(userAuth2 -> {
            return userAuth2.getSignType().equals(signType) && userAuth2.getAppKey().equals(str2);
        });
        this.userService.save(user);
        LogUitls.putArgs(LogMessageObject.Info(String.format("用户%s解绑了%s账户", str, signType)));
        return WebResult.success();
    }
}
