package team.sailboat.ms.ac.component;

import jakarta.annotation.PostConstruct;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.ReentrantLock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.stereotype.Component;
import team.sailboat.commons.fan.collection.XC;
import team.sailboat.commons.fan.excep.ExceptionAssist;
import team.sailboat.commons.fan.exec.CommonExecutor;
import team.sailboat.commons.fan.http.HttpClient;
import team.sailboat.commons.fan.http.ISigner;
import team.sailboat.commons.fan.http.Request;
import team.sailboat.commons.fan.http.xca.XAppSigner;
import team.sailboat.commons.fan.json.JSONArray;
import team.sailboat.commons.fan.lang.JCommon;
import team.sailboat.commons.fan.text.XString;
import team.sailboat.ms.ac.data.LoginAppRecord;
import team.sailboat.ms.ac.dbean.ClientApp;
import team.sailboat.ms.ac.dbean.User;
import team.sailboat.ms.ac.frame.IUserAuthoritiesChangeListener;
import team.sailboat.ms.ac.frame.UserAuthoritiesChangeEvent;
import team.sailboat.ms.ac.server.IClientAppDataManager;
import team.sailboat.ms.ac.server.ResourceManageServer;

@Component
/* loaded from: input_file:team/sailboat/ms/ac/component/UserAuthoritiesChangeMonitor.class */
public class UserAuthoritiesChangeMonitor implements IUserAuthoritiesChangeListener, Runnable, LogoutSuccessHandler {

    @Autowired
    ResourceManageServer mResMngServer;

    @Autowired
    OAuth2AuthorizationService mTokenService;

    @Autowired
    LoginUserRegisterRepo mLoginRegisterRepo;
    final Logger mLogger = LoggerFactory.getLogger(getClass());
    final Map<String, Set<String>> mNotifyTasks = XC.concurrentHashMap();
    final ReentrantLock mLock = new ReentrantLock();
    final Condition mHasTaskCnd = this.mLock.newCondition();
    final ISigner mSigner = new XAppSigner();
    boolean mInterruptted = false;

    @PostConstruct
    void _init() {
        CommonExecutor.execInSelfThread(this, "监控并通知用户权限变化");
        this.mResMngServer.getClientAppDataMng().addListener(this);
    }

    @Override // java.util.function.Consumer
    public void accept(UserAuthoritiesChangeEvent userAuthoritiesChangeEvent) {
        if (userAuthoritiesChangeEvent.getAppId().equals(this.mResMngServer.getClientAppId_SailAC())) {
            return;
        }
        Set<String> filterNotExpiredUsersInApp = this.mLoginRegisterRepo.filterNotExpiredUsersInApp(userAuthoritiesChangeEvent.getAppId(), userAuthoritiesChangeEvent.getUserIds());
        if (XC.isNotEmpty(filterNotExpiredUsersInApp)) {
            this.mLock.lock();
            try {
                this.mNotifyTasks.merge(userAuthoritiesChangeEvent.getAppId(), filterNotExpiredUsersInApp, (set, set2) -> {
                    set.addAll(set2);
                    return set;
                });
                this.mHasTaskCnd.signal();
            } finally {
                this.mLock.unlock();
            }
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        while (!this.mInterruptted) {
            this.mLock.lock();
            while (this.mNotifyTasks.isEmpty()) {
                try {
                    this.mHasTaskCnd.await();
                } catch (InterruptedException e) {
                    this.mLogger.error(ExceptionAssist.getStackTrace(e));
                } finally {
                    this.mLock.unlock();
                }
            }
            for (String str : (String[]) this.mNotifyTasks.keySet().toArray(JCommon.sEmptyStringArray)) {
                Set<String> remove = this.mNotifyTasks.remove(str);
                ClientApp clientApp = this.mResMngServer.getClientAppDataMng().getClientApp(str);
                if (clientApp != null) {
                    String refreshUserAuthsNotifierUrl = clientApp.getRefreshUserAuthsNotifierUrl();
                    if (XString.isNotEmpty(refreshUserAuthsNotifierUrl)) {
                        URI create = URI.create(refreshUserAuthsNotifierUrl);
                        try {
                            HttpClient.ofURI(create, clientApp.getAppKey(), clientApp.getAppSecret(), this.mSigner).execute(Request.POST(create).setJsonEntity(JSONArray.of(remove)));
                            this.mLogger.info("已经向应用[{}]通知刷新 {} 个用户的权限", clientApp.getName(), Integer.valueOf(remove.size()));
                        } catch (Exception e2) {
                            this.mLogger.error("向应用[{}]通知刷新用户权限出现异常！异常消息：{}", clientApp.getName(), e2.getMessage());
                        }
                    } else {
                        this.mLogger.info("应用[{}]没有设置权限刷新通知地址，现用户权限发生改变，无法通知它刷新权限！", clientApp.getName());
                    }
                }
            }
        }
    }

    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        if (authentication != null) {
            User user = (User) authentication.getPrincipal();
            List<LoginAppRecord> notExpiredLoginAppsOfUser = this.mLoginRegisterRepo.getNotExpiredLoginAppsOfUser(user.getId());
            if (XC.isNotEmpty(notExpiredLoginAppsOfUser)) {
                IClientAppDataManager clientAppDataMng = this.mResMngServer.getClientAppDataMng();
                for (LoginAppRecord loginAppRecord : notExpiredLoginAppsOfUser) {
                    OAuth2Authorization findById = this.mTokenService.findById(loginAppRecord.getOAuth2AuthorizationId());
                    if (findById != null) {
                        this.mTokenService.remove(findById);
                    }
                    ClientApp clientApp = clientAppDataMng.getClientApp(loginAppRecord.getAppId());
                    if (clientApp != null) {
                        this.mLock.lock();
                        try {
                            this.mNotifyTasks.merge(clientApp.getId(), XC.hashSet(new String[]{user.getId()}), (set, set2) -> {
                                set.addAll(set2);
                                return set;
                            });
                            this.mHasTaskCnd.signal();
                        } finally {
                            this.mLock.unlock();
                        }
                    }
                }
            }
        }
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath());
    }
}
