package tech.corefinance.userprofile.service.impl;

import com.auth0.jwt.exceptions.JWTVerificationException;
import com.fasterxml.jackson.core.JsonProcessingException;
import jakarta.servlet.http.HttpServletRequest;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import tech.corefinance.common.config.JwtConfiguration;
import tech.corefinance.common.dto.GeneralApiResponse;
import tech.corefinance.common.dto.JwtTokenDto;
import tech.corefinance.common.dto.LoginDto;
import tech.corefinance.common.dto.UserRoleDto;
import tech.corefinance.common.enums.AppPlatform;
import tech.corefinance.common.ex.ResourceNotFound;
import tech.corefinance.common.ex.ServiceProcessingException;
import tech.corefinance.common.model.AppVersion;
import tech.corefinance.common.service.JwtService;
import tech.corefinance.userprofile.entity.AttemptedLogin;
import tech.corefinance.userprofile.entity.LoginSession;
import tech.corefinance.userprofile.entity.UserProfile;
import tech.corefinance.userprofile.repository.AttemptedLoginRepository;
import tech.corefinance.userprofile.repository.LoginSessionRepository;
import tech.corefinance.userprofile.service.AuthenService;
import tech.corefinance.userprofile.service.UserAuthenAddOn;

@Transactional
@Service
/* loaded from: input_file:tech/corefinance/userprofile/service/impl/AuthenServiceImpl.class */
public class AuthenServiceImpl implements AuthenService {
    private static final Logger log = LoggerFactory.getLogger(AuthenServiceImpl.class);
    private final LoginSessionRepository loginSessionRepository;
    private final AttemptedLoginRepository attemptedLoginRepository;
    private final JwtService jwtService;
    private final JwtConfiguration jwtConfiguration;
    private final List<UserAuthenAddOn> userAuthenAddOns;

    private UserAuthenAddOn getSuitableUserAuthenAddOn() {
        return this.userAuthenAddOns.iterator().next();
    }

    private LoginDto createToken(UserProfile userProfile, String str, String str2, AppPlatform appPlatform, AppVersion appVersion, HttpServletRequest httpServletRequest, String str3, String str4, Map<String, Object> map) throws JsonProcessingException, UnknownHostException {
        UserAuthenAddOn suitableUserAuthenAddOn = getSuitableUserAuthenAddOn();
        LoginSession loginSession = (LoginSession) this.loginSessionRepository.save(new LoginSession());
        List<UserRoleDto> buildUserRoleDtoList = suitableUserAuthenAddOn.buildUserRoleDtoList(userProfile, map);
        JwtTokenDto buildJwtTokenDto = suitableUserAuthenAddOn.buildJwtTokenDto(str, str2, appPlatform, appVersion, httpServletRequest, loginSession, userProfile, buildUserRoleDtoList, str3, str4, map);
        String buildLoginToken = this.jwtService.buildLoginToken(buildJwtTokenDto);
        String buildRefreshToken = this.jwtService.buildRefreshToken(buildJwtTokenDto, buildLoginToken);
        loginSession.setId(buildJwtTokenDto.getLoginId());
        loginSession.setLoginToken(buildLoginToken);
        loginSession.setRefreshToken(buildRefreshToken);
        loginSession.setValidToken(true);
        loginSession.setUserProfile(userProfile);
        loginSession.setVerifyKey(buildJwtTokenDto.getVerifyKey());
        loginSession.setAdditionalInfo(map);
        loginSession.setInputAccount(str3);
        loginSession.setInputPassword(str4);
        if (buildJwtTokenDto.getAdditionalInfo() != null) {
            Map<String, Object> additionalInfo = loginSession.getAdditionalInfo();
            if (additionalInfo == null) {
                loginSession.setAdditionalInfo(new HashMap(buildJwtTokenDto.getAdditionalInfo()));
            } else {
                additionalInfo.putAll(buildJwtTokenDto.getAdditionalInfo());
            }
        }
        this.loginSessionRepository.invalidateOldLogins(loginSession.getVerifyKey());
        return suitableUserAuthenAddOn.buildLoginDto(userProfile, (LoginSession) this.loginSessionRepository.save(loginSession), buildUserRoleDtoList, buildLoginToken, buildRefreshToken, map);
    }

    @Override // tech.corefinance.userprofile.service.AuthenService
    @Transactional(noRollbackFor = {ServiceProcessingException.class})
    public LoginDto login(String str, String str2, String str3, String str4, AppPlatform appPlatform, AppVersion appVersion, HttpServletRequest httpServletRequest) throws Exception {
        if (this.attemptedLoginRepository.countByAccountAndEnabled(str, true) >= this.jwtConfiguration.getMaxLoginFailAllowed()) {
            throw new ServiceProcessingException(GeneralApiResponse.createErrorResponseWithCode("user_locked"));
        }
        UserAuthenAddOn suitableUserAuthenAddOn = getSuitableUserAuthenAddOn();
        Map<String, Object> retrieveAdditionalLoginInfo = suitableUserAuthenAddOn.retrieveAdditionalLoginInfo(httpServletRequest);
        UserProfile authenticate = suitableUserAuthenAddOn.authenticate(str, str2, retrieveAdditionalLoginInfo);
        if (authenticate == null) {
            this.attemptedLoginRepository.save(new AttemptedLogin(str, this.jwtService.extractIpAddress(httpServletRequest), httpServletRequest.getHeader("user-agent"), str4, str3, appPlatform, appVersion, retrieveAdditionalLoginInfo));
            throw new ServiceProcessingException(GeneralApiResponse.createErrorResponseWithCode("login_fail"));
        }
        this.attemptedLoginRepository.updateEnabledByAccount(false, authenticate.getUsername(), authenticate.getEmail());
        return createToken(authenticate, str3, str4, appPlatform, appVersion, httpServletRequest, str, str2, retrieveAdditionalLoginInfo);
    }

    @Override // tech.corefinance.userprofile.service.AuthenService
    public void unlockUser(String str) {
        this.attemptedLoginRepository.updateEnabledByAccount(false, str, str);
    }

    @Override // tech.corefinance.userprofile.service.AuthenService
    public LoginDto refreshToken(String str, String str2, String str3, String str4, AppPlatform appPlatform, AppVersion appVersion, HttpServletRequest httpServletRequest) throws UnknownHostException, JsonProcessingException {
        LoginSession orElseThrow = this.loginSessionRepository.findByIdAndRefreshToken(str, str2).orElseThrow(() -> {
            return new AccessDeniedException("ID or refresh token is wrong");
        });
        validateLoginSession(str3, httpServletRequest, orElseThrow);
        orElseThrow.setValidToken(false);
        this.loginSessionRepository.save(orElseThrow);
        return createToken(orElseThrow.getUserProfile(), str3, str4, appPlatform, appVersion, httpServletRequest, orElseThrow.getInputAccount(), orElseThrow.getInputPassword(), orElseThrow.getAdditionalInfo());
    }

    private void validateLoginSession(String str, HttpServletRequest httpServletRequest, LoginSession loginSession) throws UnknownHostException {
        try {
            this.jwtService.verify(loginSession.getLoginToken(), str, this.jwtService.extractIpAddress(httpServletRequest));
        } catch (JWTVerificationException e) {
            throw new AccessDeniedException("IP Address is changed or Device ID is not correct");
        }
    }

    @Override // tech.corefinance.userprofile.service.AuthenService
    public boolean isValidToken(String str) {
        return ((LoginSession) this.loginSessionRepository.findById(str).orElseThrow(() -> {
            return new ResourceNotFound("Login session not found");
        })).isValidToken();
    }

    @Override // tech.corefinance.userprofile.service.AuthenService
    public void invalidateLogin(String str) {
        LoginSession loginSession = (LoginSession) this.loginSessionRepository.findById(str).orElseThrow(() -> {
            return new ResourceNotFound("Login session not found");
        });
        loginSession.setValidToken(false);
        this.loginSessionRepository.save(loginSession);
    }

    public AuthenServiceImpl(LoginSessionRepository loginSessionRepository, AttemptedLoginRepository attemptedLoginRepository, JwtService jwtService, JwtConfiguration jwtConfiguration, List<UserAuthenAddOn> list) {
        this.loginSessionRepository = loginSessionRepository;
        this.attemptedLoginRepository = attemptedLoginRepository;
        this.jwtService = jwtService;
        this.jwtConfiguration = jwtConfiguration;
        this.userAuthenAddOns = list;
    }
}
