package xyz.migoo.framework.infra.service.login;

import cn.hutool.crypto.SecureUtil;
import jakarta.annotation.Resource;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import xyz.migoo.framework.common.enums.CommonStatus;
import xyz.migoo.framework.common.enums.NumberConstants;
import xyz.migoo.framework.common.exception.util.ServiceExceptionUtil;
import xyz.migoo.framework.common.util.json.JsonUtils;
import xyz.migoo.framework.infra.controller.login.vo.AuthLoginReqVO;
import xyz.migoo.framework.infra.controller.login.vo.AuthLoginRespVO;
import xyz.migoo.framework.infra.dal.dataobject.sys.User;
import xyz.migoo.framework.infra.enums.SysErrorCodeConstants;
import xyz.migoo.framework.infra.service.sys.user.UserService;
import xyz.migoo.framework.security.config.SecurityProperties;
import xyz.migoo.framework.security.core.LoginUser;
import xyz.migoo.framework.security.core.service.SecuritySessionAuthService;

@Service
/* loaded from: input_file:xyz/migoo/framework/infra/service/login/TokenServiceImpl.class */
public class TokenServiceImpl implements TokenService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TokenServiceImpl.class);

    @Resource
    @Lazy
    private AuthenticationManager authenticationManager;

    @Resource
    private SecuritySessionAuthService securitySessionAuthService;

    @Resource
    private UserService userService;

    @Resource
    private SecurityProperties securityProperties;

    public UserDetails loadUserByUsername(String str) {
        return this.userService.toLoginUser(this.userService.get(((AuthLoginReqVO) JsonUtils.parseObject(str, AuthLoginReqVO.class)).getUsername()));
    }

    public LoginUser verifyTokenAndRefresh(String str) {
        LoginUser loginUser = this.securitySessionAuthService.getLoginUser(str);
        if (Objects.nonNull(loginUser)) {
            refreshLoginUserCache(str, loginUser);
        }
        return loginUser;
    }

    public void signOut(String str) {
        this.securitySessionAuthService.deleteUserSession(str);
    }

    @Override // xyz.migoo.framework.infra.service.login.TokenService
    public AuthLoginRespVO signIn(AuthLoginReqVO authLoginReqVO) {
        LoginUser login0 = login0(JsonUtils.toJsonString(authLoginReqVO), authLoginReqVO.getPassword());
        return new AuthLoginRespVO().setToken(this.securitySessionAuthService.createUserSession(login0, new String[0])).setRequiredBindAuthenticator(Boolean.valueOf(login0.isRequiredBindAuthenticator()));
    }

    private LoginUser login0(String str, String str2) {
        try {
            return (LoginUser) this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(str, SecureUtil.aes(this.securityProperties.getPasswordSecret().getBytes(StandardCharsets.UTF_8)).decryptStr(str2))).getPrincipal();
        } catch (DisabledException e) {
            throw ServiceExceptionUtil.get(SysErrorCodeConstants.AUTH_LOGIN_USER_DISABLED);
        } catch (BadCredentialsException e2) {
            throw ServiceExceptionUtil.get(SysErrorCodeConstants.AUTH_LOGIN_BAD_CREDENTIALS);
        } catch (AuthenticationException e3) {
            log.error("[login0][user({}) 发生未知异常]", str, e3);
            throw ServiceExceptionUtil.get(SysErrorCodeConstants.AUTH_LOGIN_FAIL_UNKNOWN);
        }
    }

    private void refreshLoginUserCache(String str, LoginUser loginUser) {
        if (System.currentTimeMillis() - loginUser.getUpdateTime().getTime() > this.securitySessionAuthService.getSessionTimeoutMillis().longValue() / NumberConstants.N_2.intValue()) {
            User user = this.userService.get(loginUser.getUsername());
            if (Objects.isNull(user) || !CommonStatus.isEnabled(user.getStatus().intValue())) {
                throw ServiceExceptionUtil.get(SysErrorCodeConstants.AUTH_TOKEN_EXPIRED);
            }
            this.securitySessionAuthService.refreshUserSession(str, loginUser);
        }
    }
}
