package com.codingapi.sso.bus.service.impl;

import com.codingapi.common.mysql_mybatis.mybatis.syntax.Finder;
import com.codingapi.common.tools.util.Maps;
import com.codingapi.security.component.common.util.IpUtils;
import com.codingapi.security.consensus.message.SsoUserInfo;
import com.codingapi.security.sso.bus.client.ao.LoginReq;
import com.codingapi.security.sso.bus.client.ao.LoginRes;
import com.codingapi.security.sso.bus.client.ao.LogoutRes;
import com.codingapi.security.sso.bus.client.ao.VerifyReq;
import com.codingapi.security.sso.bus.client.ao.VerifyRes;
import com.codingapi.security.sso.client.ao.AuthenticationResult;
import com.codingapi.security.sso.client.ao.LogoutResult;
import com.codingapi.security.sso.client.ao.UserInfo;
import com.codingapi.sso.bus.SsoBusException;
import com.codingapi.sso.bus.ao.token.LogoutLogicReq;
import com.codingapi.sso.bus.db.ao.TokenOpsInfo;
import com.codingapi.sso.bus.db.domain.SubToken;
import com.codingapi.sso.bus.db.domain.TokenConfig;
import com.codingapi.sso.bus.db.domain.TokenStore;
import com.codingapi.sso.bus.db.mapper.SubTokenMapper;
import com.codingapi.sso.bus.db.redis.TokenOperator;
import com.codingapi.sso.bus.db.redis.UserPasswordCheckCounter;
import com.codingapi.sso.bus.discovery.LoadBalancedSsoClientFetcher;
import com.codingapi.sso.bus.discovery.ServerInfo;
import com.codingapi.sso.bus.service.UserSessionService;
import com.codingapi.sso.bus.utils.DeviceResolveHelper;
import com.codingapi.sso.bus.utils.RejectUtil;
import com.codingapi.sso.bus.utils.SsoUtil;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:com/codingapi/sso/bus/service/impl/UserSessionServiceImpl.class */
public class UserSessionServiceImpl implements UserSessionService {
    private static final Logger log = LoggerFactory.getLogger(UserSessionServiceImpl.class);
    private final LoadBalancedSsoClientFetcher ssoClientFetcher;
    private final UserPasswordCheckCounter userPasswordCheckCounter;
    private final TokenOperator tokenOperator;
    private final SubTokenMapper subTokenMapper;

    public UserSessionServiceImpl(LoadBalancedSsoClientFetcher loadBalancedSsoClientFetcher, UserPasswordCheckCounter userPasswordCheckCounter, TokenOperator tokenOperator, SubTokenMapper subTokenMapper) {
        this.ssoClientFetcher = loadBalancedSsoClientFetcher;
        this.userPasswordCheckCounter = userPasswordCheckCounter;
        this.tokenOperator = tokenOperator;
        this.subTokenMapper = subTokenMapper;
    }

    @Override // com.codingapi.sso.bus.service.UserSessionService
    public void deleteUserSession(String str, String str2, String str3) throws SsoBusException {
        ServerInfo ssoNodeInfo = SsoUtil.ssoNodeInfo(str2);
        this.tokenOperator.removeTokens(str2, str, str3);
        LogoutResult logoutLogic = this.ssoClientFetcher.logoutLogic(new LogoutLogicReq(ssoNodeInfo, new UserInfo(str)));
        if (logoutLogic.getSuccess().booleanValue()) {
            return;
        }
        SsoBusException.raise(logoutLogic.getMessage());
    }

    @Override // com.codingapi.sso.bus.service.UserSessionService
    public LoginRes login(LoginReq loginReq, HttpServletRequest httpServletRequest) throws SsoBusException {
        Assert.hasText(loginReq.getUserType(), "登录凭证不完整（USER_TYPE）");
        Assert.hasText(loginReq.getUserId(), "登录凭证不完整（USER_ID）");
        Assert.hasText(loginReq.getPassword(), "登录凭证不完整（PASSWORD）");
        TokenConfig tokenConfig = SsoUtil.tokenConfig(loginReq.getUserType());
        Assert.notNull(tokenConfig, "不存在该用户类型的配置");
        if (this.userPasswordCheckCounter.countOfUserAndType(loginReq.getUserId(), loginReq.getUserType()) >= tokenConfig.getMaxRetryCount().intValue()) {
            SsoBusException.raise(String.format("已达到最大重试次数%d，请%d分钟后再试", tokenConfig.getMaxRetryCount(), Long.valueOf(tokenConfig.getMaxRetryCdTime().longValue() / 60000)));
        }
        AuthenticationResult doAuthenticate = SsoUtil.doAuthenticate(loginReq.getUserType(), loginReq.getUserId(), loginReq.getPassword());
        if (!this.tokenOperator.usableUser(loginReq.getUserType(), doAuthenticate.getUserId())) {
            SsoBusException.raise("账号已被禁用，请联系管理员");
        }
        String device = DeviceResolveHelper.device(httpServletRequest);
        String clientIp = IpUtils.getClientIp(httpServletRequest);
        List<String> list = this.tokenOperator.tokens(loginReq.getUserType(), doAuthenticate.getUserId());
        if (list.size() >= tokenConfig.getMaxLoginCount().longValue()) {
            RejectUtil.checkLoginCount(tokenConfig, new RejectUtil.LoginContext(device, clientIp), str -> {
                Iterator it = list.subList(0, (int) ((list.size() - tokenConfig.getMaxLoginCount().longValue()) + 1)).iterator();
                while (it.hasNext()) {
                    try {
                        logout((String) it.next(), str);
                    } catch (Exception e) {
                    }
                }
            });
        }
        TokenStore tokenStore = new TokenStore();
        tokenStore.setIps(doAuthenticate.getIpList());
        tokenStore.setUserLevel(doAuthenticate.getUserLevel());
        tokenStore.setAttachment(doAuthenticate.getAttachment());
        tokenStore.setIp(clientIp);
        tokenStore.setDevice(device);
        LoginRes loginRes = new LoginRes();
        loginRes.setMessage("success");
        loginRes.setAttachment(doAuthenticate.getAttachment());
        loginRes.setToken(this.tokenOperator.newToken(loginReq.getUserType(), doAuthenticate.getUserId(), tokenStore));
        return loginRes;
    }

    @Override // com.codingapi.sso.bus.service.UserSessionService
    public VerifyRes verify(VerifyReq verifyReq) throws SsoBusException {
        TokenOpsInfo tokenOpsInfo = this.tokenOperator.getTokenOpsInfo(verifyReq.getToken());
        if (StringUtils.hasText(tokenOpsInfo.getMessage())) {
            throw new SsoBusException(40103, tokenOpsInfo.getMessage());
        }
        Assert.isTrue(this.tokenOperator.usableUser(tokenOpsInfo.getUserType(), tokenOpsInfo.getUserId()), "已被禁用的账号，请联系管理员");
        if (!ObjectUtils.isEmpty(tokenOpsInfo.getTokenStore().getIps())) {
            Assert.isTrue(tokenOpsInfo.getTokenStore().getIps().contains(verifyReq.getIp()), "禁止此IP访问");
        }
        if (StringUtils.hasText(verifyReq.getUrl())) {
            SsoUtil.checkUserApiFlowLimit(tokenOpsInfo.getUserType(), tokenOpsInfo.getUserId(), verifyReq.getMethod(), verifyReq.getUrl());
        }
        TokenConfig tokenConfig = SsoUtil.tokenConfig(tokenOpsInfo.getUserType());
        Assert.notNull(tokenConfig, "不存在该用户类型的配置");
        this.tokenOperator.resetTokenCd(verifyReq.getToken(), tokenConfig);
        SsoUserInfo ssoUserInfo = new SsoUserInfo();
        ssoUserInfo.setAttachment(tokenOpsInfo.getTokenStore().getAttachment());
        ssoUserInfo.setUserType(tokenOpsInfo.getUserType());
        ssoUserInfo.setUserId(tokenOpsInfo.getUserId());
        ssoUserInfo.setUserLevel(tokenOpsInfo.getTokenStore().getUserLevel());
        VerifyRes verifyRes = new VerifyRes();
        verifyRes.setPass(true);
        verifyRes.setMessage("ok");
        verifyRes.setSsoUser(ssoUserInfo);
        return verifyRes;
    }

    @Override // com.codingapi.sso.bus.service.UserSessionService
    public LogoutRes logout(String str, String str2) throws SsoBusException {
        log.debug("Logout: {}", str);
        TokenOpsInfo tokenOpsInfo = this.tokenOperator.getTokenOpsInfo(str);
        if (SsoUtil.masterDeviceLeading(tokenOpsInfo.getUserType()) && Objects.isNull(this.subTokenMapper.getBySubToken(str))) {
            markAllSubTokenOffline(tokenOpsInfo.getUserType(), tokenOpsInfo.getUserId(), "主设备登出");
        }
        log.debug("TokenOpsInfo: {}", tokenOpsInfo);
        ServerInfo ssoNodeInfo = SsoUtil.ssoNodeInfo(tokenOpsInfo.getUserType());
        Finder.store(SubToken.class).where("sub_token=#{subToken}");
        this.subTokenMapper.deleteByFinder(Maps.of("subToken", str));
        this.tokenOperator.removeTokens(tokenOpsInfo.getUserType(), tokenOpsInfo.getUserId(), Collections.singletonList(str), str2);
        LogoutResult logoutLogic = this.ssoClientFetcher.logoutLogic(new LogoutLogicReq(ssoNodeInfo, new UserInfo(tokenOpsInfo.getUserId())));
        if (!logoutLogic.getSuccess().booleanValue()) {
            SsoBusException.raise(logoutLogic.getMessage());
        }
        return new LogoutRes(200, "ok");
    }

    @Override // com.codingapi.sso.bus.service.UserSessionService
    @Transactional
    public void markAllSubTokenOffline(String str, String str2, String str3) throws SsoBusException {
        Finder.store(SubToken.class);
        List findByFinderWithoutValues = this.subTokenMapper.findByFinderWithoutValues();
        Finder.store(SubToken.class).where("user_type=#{userType} and user_id=#{userId}");
        this.subTokenMapper.deleteByFinder(Maps.of("userType", str, "userId", str2));
        Iterator it = findByFinderWithoutValues.iterator();
        while (it.hasNext()) {
            logout(((SubToken) it.next()).getSubToken(), str3);
        }
    }
}
