package net.ymate.module.sso.controller;

import java.util.HashMap;
import net.ymate.framework.commons.ParamUtils;
import net.ymate.framework.webmvc.intercept.UserSessionStatusInterceptor;
import net.ymate.framework.webmvc.support.UserSessionBean;
import net.ymate.module.sso.ISSOToken;
import net.ymate.module.sso.ISSOTokenAttributeAdapter;
import net.ymate.module.sso.ISSOTokenStorageAdapter;
import net.ymate.module.sso.SSO;
import net.ymate.platform.core.beans.annotation.Before;
import net.ymate.platform.core.support.IContext;
import net.ymate.platform.core.util.ExpressionUtils;
import net.ymate.platform.validation.validate.VRequired;
import net.ymate.platform.webmvc.annotation.Controller;
import net.ymate.platform.webmvc.annotation.RequestMapping;
import net.ymate.platform.webmvc.annotation.RequestParam;
import net.ymate.platform.webmvc.base.Type;
import net.ymate.platform.webmvc.context.WebContext;
import net.ymate.platform.webmvc.util.WebResult;
import net.ymate.platform.webmvc.util.WebUtils;
import net.ymate.platform.webmvc.view.IView;
import net.ymate.platform.webmvc.view.View;
import net.ymate.platform.webmvc.view.impl.HttpStatusView;
import org.apache.commons.lang.StringUtils;

@RequestMapping("/sso")
@Controller
/* loaded from: input_file:net/ymate/module/sso/controller/SSOTokenController.class */
public class SSOTokenController {
    @RequestMapping("/authorize")
    @Before({UserSessionStatusInterceptor.class})
    public IView __toAuthorize(@RequestParam("redirect_url") String str) throws Exception {
        if (StringUtils.isBlank(str) || StringUtils.contains(str, "/sso/authorize")) {
            return HttpStatusView.METHOD_NOT_ALLOWED;
        }
        if (UserSessionBean.current() != null) {
            return View.redirectView(str);
        }
        if (SSO.get().getModuleCfg().isClientMode()) {
            HashMap hashMap = new HashMap();
            hashMap.put("redirect_url", str);
            return View.redirectView(ParamUtils.appendQueryParamValue(SSO.get().getModuleCfg().getServiceBaseUrl().concat("sso/authorize"), hashMap, true, WebContext.getContext().getOwner().getModuleCfg().getDefaultCharsetEncoding()));
        }
        ISSOToken currentToken = SSO.get().currentToken();
        if (currentToken == null) {
            return View.redirectView(ExpressionUtils.bind(WebUtils.buildRedirectURL((IContext) null, WebContext.getRequest(), StringUtils.defaultIfBlank(WebContext.getContext().getOwner().getOwner().getConfig().getParam("webmvc.redirect_login_url"), "login?redirect_url=${redirect_url}"), true)).set("redirect_url", WebUtils.encodeURL(str)).getResult());
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put(SSO.get().getModuleCfg().getTokenParamName(), SSO.get().getModuleCfg().getTokenAdapter().encryptToken(currentToken));
        return View.redirectView(ParamUtils.appendQueryParamValue(str, hashMap2, true, WebContext.getContext().getOwner().getModuleCfg().getDefaultCharsetEncoding()));
    }

    @RequestMapping(value = "/authorize", method = {Type.HttpMethod.POST})
    public IView __doAuthorize(@RequestParam("token_id") @VRequired String str, @RequestParam @VRequired String str2, @RequestParam("remote_addr") @VRequired String str3, @RequestParam @VRequired String str4) throws Exception {
        ISSOTokenStorageAdapter tokenStorageAdapter;
        ISSOToken load;
        if (SSO.get().getModuleCfg().isClientMode()) {
            return HttpStatusView.METHOD_NOT_ALLOWED;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("token_id", str);
        hashMap.put("uid", str2);
        hashMap.put("remote_addr", str3);
        if (!StringUtils.equals(str4, ParamUtils.createSignature(hashMap, false, new String[]{SSO.get().getModuleCfg().getServiceAuthKey()})) || (load = (tokenStorageAdapter = SSO.get().getModuleCfg().getTokenStorageAdapter()).load(str2, str)) == null) {
            return WebResult.create(-1).toJSON();
        }
        boolean z = SSO.get().getModuleCfg().isIpCheckEnabled() && !StringUtils.equals(str3, load.getRemoteAddr());
        if (load.timeout() || !load.verified() || z) {
            tokenStorageAdapter.remove(load.getUid(), load.getId());
            return WebResult.create(-5).toJSON();
        }
        WebResult succeed = WebResult.succeed();
        ISSOTokenAttributeAdapter tokenAttributeAdapter = SSO.get().getModuleCfg().getTokenAttributeAdapter();
        if (tokenAttributeAdapter != null) {
            tokenAttributeAdapter.loadAttributes(load);
            if (!load.getAttributes().isEmpty()) {
                succeed.data(load.getAttributes());
            }
        }
        return succeed.toJSON();
    }
}
