package com.digiwin.dap.middleware.iam.api;

import com.digiwin.dap.middle.encrypt.domain.annotation.DapSign;
import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middle.ram.domain.enums.TargetType;
import com.digiwin.dap.middleware.auth.AppAuthContextHolder;
import com.digiwin.dap.middleware.auth.AuthoredDevice;
import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.commons.crypto.AES;
import com.digiwin.dap.middleware.commons.crypto.PwdUtils;
import com.digiwin.dap.middleware.commons.crypto.RSA;
import com.digiwin.dap.middleware.constant.GlobalConstants;
import com.digiwin.dap.middleware.domain.ComeFromEnum;
import com.digiwin.dap.middleware.domain.StdData;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.constant.RedisConstants;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.cache.UserTempTokenCacheVO;
import com.digiwin.dap.middleware.iam.domain.login.CrossRegionLoginInnerRequest;
import com.digiwin.dap.middleware.iam.domain.login.CrossRegionLoginRequest;
import com.digiwin.dap.middleware.iam.domain.login.EncryptAesDTO;
import com.digiwin.dap.middleware.iam.domain.login.IdentityInfo;
import com.digiwin.dap.middleware.iam.domain.login.IdentityType;
import com.digiwin.dap.middleware.iam.domain.login.LoginSource;
import com.digiwin.dap.middleware.iam.domain.login.LoginUser;
import com.digiwin.dap.middleware.iam.domain.login.OauthLoginRequest;
import com.digiwin.dap.middleware.iam.domain.login.SsoLoginInfo;
import com.digiwin.dap.middleware.iam.domain.logout.LogoutInfo;
import com.digiwin.dap.middleware.iam.domain.token.AgentUserTokenVo;
import com.digiwin.dap.middleware.iam.domain.token.ChangedTokenVO;
import com.digiwin.dap.middleware.iam.domain.token.GrantTypeInfo;
import com.digiwin.dap.middleware.iam.domain.token.LoginAuthInfo;
import com.digiwin.dap.middleware.iam.domain.token.UserTokenVo;
import com.digiwin.dap.middleware.iam.domain.user.DingTalkImportInfo;
import com.digiwin.dap.middleware.iam.domain.user.DingTalkUserInfo;
import com.digiwin.dap.middleware.iam.domain.user.LoginByTempTokenVO;
import com.digiwin.dap.middleware.iam.domain.usermapping.UserMappingQueryResultVO;
import com.digiwin.dap.middleware.iam.entity.OtaToken;
import com.digiwin.dap.middleware.iam.entity.SyncTenantAuthScope;
import com.digiwin.dap.middleware.iam.entity.Sys;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.entity.UserInTenant;
import com.digiwin.dap.middleware.iam.mapper.LoginMapper;
import com.digiwin.dap.middleware.iam.repository.SyncTenantAuthScopeRepository;
import com.digiwin.dap.middleware.iam.repository.UserRepository;
import com.digiwin.dap.middleware.iam.service.WhiteListService;
import com.digiwin.dap.middleware.iam.service.login.AuthoredUserService;
import com.digiwin.dap.middleware.iam.service.login.IdentityService;
import com.digiwin.dap.middleware.iam.service.login.LoginFailureHandlingService;
import com.digiwin.dap.middleware.iam.service.notice.SysNoticeService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import com.digiwin.dap.middleware.iam.service.token.AppSSOService;
import com.digiwin.dap.middleware.iam.service.token.OtaTokenCrudService;
import com.digiwin.dap.middleware.iam.service.token.OtaTokenService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInTenantCrudService;
import com.digiwin.dap.middleware.iam.service.usermapping.UserMappingCrudService;
import com.digiwin.dap.middleware.iam.service.usermapping.UserMappingService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.cache.CommonCacheService;
import com.digiwin.dap.middleware.iam.support.exception.IncorrectUsernameOrPasswordException;
import com.digiwin.dap.middleware.iam.support.initialize.ImportDataService;
import com.digiwin.dap.middleware.iam.support.oauth.ThirdOauthService;
import com.digiwin.dap.middleware.iam.support.remote.RemoteIamService;
import com.digiwin.dap.middleware.iam.support.remote.domain.cac.CountResultVO;
import com.digiwin.dap.middleware.iam.support.remote.domain.huawei.OAuthLoginInfo;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import com.digiwin.dap.middleware.iam.support.validate.LoginCheckService;
import com.digiwin.dap.middleware.util.JsonUtils;
import com.digiwin.dap.middleware.util.UserUtils;
import eu.bitwalker.useragentutils.DeviceType;
import io.github.resilience4j.ratelimiter.annotation.RateLimiter;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.validation.Valid;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.ResponseEntity;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/iam/v2/identity"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/IdentityController.class */
public class IdentityController {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) IdentityController.class);

    @Autowired
    private LoginMapper loginMapper;

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private UserMappingService userMappingService;

    @Autowired
    @Qualifier("defaultIdentityService")
    private IdentityService defaultIdentityService;

    @Autowired
    @Qualifier("faceRecognitionKeyIdentityService")
    private IdentityService faceRecognitionIdentityService;

    @Autowired
    @Qualifier("internalIdentityService")
    private IdentityService internalIdentityService;

    @Autowired
    @Qualifier("adIdentityService")
    private IdentityService adIdentityService;

    @Autowired
    private List<IdentityService> identityServices;

    @Autowired
    private AuthoredUserService authoredUserService;

    @Autowired
    private LoginFailureHandlingService loginFailureHandlingService;

    @Autowired
    private OtaTokenService otaTokenService;

    @Autowired
    private OtaTokenCrudService otaTokenCrudService;

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    @Qualifier("oauthIdentityService")
    private IdentityService oauthIdentityService;

    @Autowired
    private List<ThirdOauthService> thirdOauthServices;

    @Autowired
    @Qualifier("agentIdentityService")
    private IdentityService agentIdentityService;

    @Autowired
    @Qualifier("tempUserTokenService")
    private IdentityService tempUserTokenService;

    @Autowired
    private SyncTenantAuthScopeRepository syncTenantAuthScopeRepository;

    @Autowired
    private ImportDataService importDataService;

    @Autowired
    private UserMappingCrudService userMappingCrudService;

    @Autowired
    private AppSSOService appSSOService;

    @Autowired
    private LoginCheckService loginCheckService;

    @Autowired
    private AuthValidateService authValidateService;

    @Autowired
    private SysNoticeService sysNoticeService;

    @Autowired
    private RemoteIamService remoteIamService;

    @Autowired
    private CommonCacheService commonCacheService;

    @Autowired
    private WhiteListService whiteListService;

    @Autowired
    private UserInTenantCrudService userInTenantCrudService;

    @PostMapping({"/aeskey"})
    @RateLimiter(name = "/api/iam/v2/identity/aeskey")
    public ResponseEntity<?> getEncryptAesKey(@Valid @RequestBody EncryptAesDTO encryptAesDTO) throws Exception {
        String decrypt = RSA.decrypt(encryptAesDTO.getClientEncryptPublicKey(), KeyConstant.BASE64_PRIVATE_KEY);
        return ResponseEntity.ok(Collections.singletonMap("encryptAesKey", RSA.encrypt(PwdUtils.getAesKey(decrypt), decrypt)));
    }

    @PostMapping(value = {DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL}, produces = {"application/json; charset=utf-8"})
    @RateLimiter(name = "/api/iam/v2/identity/login")
    public ResponseEntity<?> login(@RequestBody LoginUser loginUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys, @RequestAttribute(value = "digi-middleware-device-id-data", required = false) AuthoredDevice authoredDevice, HttpServletRequest httpServletRequest) {
        User queryUserByIdOrEmailOrTelephoneAndType;
        loginUser.setDevice(authoredDevice);
        if (Strings.isNotBlank(loginUser.getUserId()) && !IdentityType.secretKey.equals(loginUser.getIdentityType()) && !IdentityType.verificationCode.equals(loginUser.getIdentityType())) {
            this.loginFailureHandlingService.checkFrozen(loginUser.getUserId(), loginUser.getCode(), loginUser.getValue());
            if (!this.envProperties.getPasswordOpen().booleanValue()) {
                boolean z = !this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/identity/login", authoredSys.getId()).booleanValue();
                if (ObjectUtils.isEmpty(loginUser.getPasswordHash()) && z) {
                    logger.error(I18nError.IAM_LOGIN_PARAM_MISS.getMessage("passwordHash", JsonUtils.objToJson(loginUser)));
                    throw new BusinessException(I18nError.LOGIN_USERNAME_PASSWORD_ENCRYPT_ERROR);
                }
                if (Strings.isBlank(loginUser.getClientEncryptPublicKey()) && z) {
                    logger.error(I18nError.IAM_LOGIN_PARAM_MISS.getMessage(IamConstants.CLIENT_ENCRYPT_PUBLIC_KEY, JsonUtils.objToJson(loginUser)));
                    throw new BusinessException(I18nError.IAM_PARAM_FIELD_MISS, new Object[]{IamConstants.CLIENT_ENCRYPT_PUBLIC_KEY});
                }
            }
            if (!IdentityType.service.equals(loginUser.getIdentityType()) || !"digiwin".equals(loginUser.getServiceName())) {
                queryUserByIdOrEmailOrTelephoneAndType = this.userCrudService.queryUserByIdOrEmailOrTelephoneAndType(loginUser.getUserId(), loginUser.getUserId(), loginUser.getUserId(), 0);
            } else if (loginUser.getUserId().toLowerCase().endsWith(IamConstants.DEFAULT_EMAIL)) {
                queryUserByIdOrEmailOrTelephoneAndType = this.userCrudService.queryUserByIdOrEmailOrTelephoneAndType(loginUser.getUserId(), loginUser.getUserId(), loginUser.getUserId(), 0);
            } else {
                String format = String.format("%s@digiwin.com", loginUser.getUserId());
                queryUserByIdOrEmailOrTelephoneAndType = this.userCrudService.queryUserByIdOrEmailOrTelephoneAndType(format, format, format, 0);
            }
            if (queryUserByIdOrEmailOrTelephoneAndType != null) {
                if (IamConstants.VIRTUAL.equals(queryUserByIdOrEmailOrTelephoneAndType.getId())) {
                    throw new BusinessException(I18nError.LOGIN_VIRTUAL_LOGIN_ERROR, new Object[]{queryUserByIdOrEmailOrTelephoneAndType.getId()});
                }
                loginUser.setUser(queryUserByIdOrEmailOrTelephoneAndType);
                loginUser.setUserId(queryUserByIdOrEmailOrTelephoneAndType.getId());
            }
            if (0 == this.envProperties.getCloud().intValue()) {
                if ((queryUserByIdOrEmailOrTelephoneAndType != null && (queryUserByIdOrEmailOrTelephoneAndType.getId().toLowerCase().endsWith(IamConstants.DEFAULT_EMAIL) || IamConstants.DIGIWIN_APP_AD.equalsIgnoreCase(queryUserByIdOrEmailOrTelephoneAndType.getComeFrom()))) || (queryUserByIdOrEmailOrTelephoneAndType == null && loginUser.getUserId().toLowerCase().endsWith(IamConstants.DEFAULT_EMAIL))) {
                    loginUser.setIdentityType(IdentityType.service);
                    loginUser.setServiceName("digiwin");
                }
            }
            if (authoredSys != null) {
                loginUser.setApp(new Sys(authoredSys));
            }
        }
        if (IdentityType.verificationCode.equals(loginUser.getIdentityType())) {
            String header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_USER_TOKEN_KEY);
            if (!ObjectUtils.isEmpty(header)) {
                loginUser.setUserToken(header);
            }
            if (authoredSys != null) {
                loginUser.setApp(new Sys(authoredSys));
            }
        }
        for (IdentityService identityService : this.identityServices) {
            if (identityService.support(loginUser)) {
                try {
                    return ResponseEntity.ok(identityService.login(loginUser));
                } catch (IncorrectUsernameOrPasswordException e) {
                    this.loginFailureHandlingService.frozen(loginUser.getUserId(), 0, e.getMessage());
                }
            }
        }
        throw new BusinessException(I18nError.LOGIN_TYPE_NO_SUPPORT, new Object[]{loginUser.getIdentityType(), loginUser.getServiceName()});
    }

    @PostMapping({"/login/internal"})
    @RateLimiter(name = "/api/iam/v2/identity/login/internal")
    public ResponseEntity<?> loginInternal(@RequestBody LoginUser loginUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys) {
        loginUser.setApp(authoredSys == null ? null : new Sys(authoredSys));
        loginUser.setIdentityType(IdentityType.internal);
        return ResponseEntity.ok(this.internalIdentityService.login(loginUser));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @PostMapping({"/internal/login"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> internalLogin(@RequestBody LoginUser loginUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys, @RequestAttribute(value = "digi-middleware-device-id-data", required = false) AuthoredDevice authoredDevice, HttpServletRequest httpServletRequest) {
        loginUser.setDevice(authoredDevice);
        if (loginUser.getIdentityType() == null) {
            loginUser.setIdentityType(IdentityType.token);
        }
        if (Strings.isEmpty(loginUser.getUserId())) {
            throw new BusinessException(I18nError.LOGIN_USER_ID_NOT_EMPTY);
        }
        if (!this.envProperties.getPasswordOpen().booleanValue() && ObjectUtils.isEmpty(loginUser.getPasswordHash())) {
            throw new BusinessException(I18nError.LOGIN_USERNAME_PASSWORD_ENCRYPT_ERROR);
        }
        Tenant tenant = loginUser.getTenant();
        if (Strings.isEmpty(loginUser.getTenantId())) {
            if (loginUser.getTenantSid() > 0) {
                tenant = (Tenant) this.tenantCrudService.findBySid(loginUser.getTenantSid());
                if (tenant != null) {
                    loginUser.setTenant(tenant);
                    loginUser.setTenantId(tenant.getId());
                }
            }
            if (ObjectUtils.isEmpty(loginUser.getTenantId())) {
                throw new BusinessException(I18nError.ERROR_TENANT_ID_EMPTY);
            }
        }
        if (null == tenant) {
            tenant = this.tenantCrudService.findById(loginUser.getTenantId());
        }
        if (null == tenant) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{loginUser.getTenantId()});
        }
        loginUser.setTenant(tenant);
        if (authoredSys != null && IamConstants.GOODS_CODE_ISV.equals(authoredSys.getId()) && !tenant.isIsv()) {
            throw new BusinessException(I18nError.TENANT_TYPE_NOT_SERVICER, new Object[]{loginUser.getTenantId()});
        }
        loginUser.setApp(new Sys(authoredSys));
        this.loginCheckService.checkIP(loginUser.getIdentityType(), tenant, loginUser.getApp());
        String format = String.format("%s$%s", loginUser.getTenantId(), loginUser.getUserId());
        User findInnerUserByIdOrEmailOrTel = this.loginMapper.findInnerUserByIdOrEmailOrTel(format, loginUser.getUserId(), loginUser.getUserId(), loginUser.getTenantId());
        loginUser.setUser(findInnerUserByIdOrEmailOrTel);
        if (IdentityType.ad.equals(loginUser.getIdentityType())) {
            if (findInnerUserByIdOrEmailOrTel != null) {
                loginUser.setUserId(findInnerUserByIdOrEmailOrTel.getId().split("\\$")[1]);
            }
        } else {
            if (findInnerUserByIdOrEmailOrTel == null) {
                throw new BusinessException(I18nError.ERROR_GROUND_LOGIN_21001, new Object[]{loginUser.getTenantId(), loginUser.getUserId()});
            }
            if (IdentityType.ad.name().equals(findInnerUserByIdOrEmailOrTel.getComeFrom()) && tenant.isAdLogin()) {
                throw new BusinessException(I18nError.IAM_LOGIN_USER_AD_DOMAIN_TYPE_SUPPORT_ERROR);
            }
            loginUser.setUserId(findInnerUserByIdOrEmailOrTel.getId());
            this.loginFailureHandlingService.checkFrozenInner(loginUser.getUserId(), loginUser.getCode(), loginUser.getValue());
        }
        IamAuthoredUser iamAuthoredUser = null;
        if (this.defaultIdentityService.support(loginUser)) {
            try {
                iamAuthoredUser = this.defaultIdentityService.login(loginUser);
            } catch (IncorrectUsernameOrPasswordException e) {
                this.loginFailureHandlingService.freezeInner(loginUser.getUserId(), tenant);
            }
        } else if (this.faceRecognitionIdentityService.support(loginUser)) {
            iamAuthoredUser = this.faceRecognitionIdentityService.login(loginUser);
        } else if (this.adIdentityService.support(loginUser)) {
            iamAuthoredUser = this.adIdentityService.login(loginUser);
        }
        if (iamAuthoredUser == null) {
            throw new BusinessException(I18nError.LOGIN_TYPE_NO_SUPPORT, new Object[]{loginUser.getIdentityType()});
        }
        RedisUtils.delete(RedisConstants.IAM_FAILURE_LOGIN + format.toLowerCase());
        return ResponseEntity.ok(iamAuthoredUser);
    }

    @PostMapping(value = {"/logout"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    public StdData<?> logout(@RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys, @RequestBody(required = false) LogoutInfo logoutInfo) {
        if (!StringUtils.hasText(iamAuthoredUser.getToken())) {
            return StdData.ok().build();
        }
        boolean z = false;
        if (Objects.nonNull(logoutInfo) && Boolean.TRUE.equals(logoutInfo.getClearAll())) {
            z = true;
        }
        String id = authoredSys == null ? "" : authoredSys.getId();
        if (Arrays.asList(IamConstants.VIRTUAL.toUpperCase(), "integration".toUpperCase()).contains(iamAuthoredUser.getUserId().toUpperCase())) {
            return StdData.ok().build();
        }
        if (!z && !DeviceType.MOBILE.equals(iamAuthoredUser.getDeviceType())) {
            List<String> whiteList = this.whiteListService.getWhiteList(IamConstants.WHITE_LIST_SINGLE_LOGOUT_WHITE_APPS);
            if (!CollectionUtils.isEmpty(whiteList) && whiteList.contains(id)) {
                return StdData.ok().build();
            }
        }
        logger.info("用户[{}]登出应用[{}]！", iamAuthoredUser.getUserId(), id);
        this.authoredUserService.logout(iamAuthoredUser, id, z);
        return StdData.ok().build();
    }

    @RequestMapping(value = {"/publickey"}, method = {RequestMethod.GET})
    @RateLimiter(name = "/api/iam/v2/identity/publickey")
    public ResponseEntity<?> getPublicKey() {
        return ResponseEntity.ok(Collections.singletonMap("publicKey", KeyConstant.BASE64_PUBLIC_KEY));
    }

    @PostMapping(value = {"/token/analyze"}, produces = {"application/json; charset=utf-8"})
    @RateLimiter(name = "/api/iam/v2/identity/token/analyze")
    public ResponseEntity<?> analyzeAccessToken(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return ResponseEntity.ok(new UserTokenVo((IamAuthoredUser) authoredUser));
    }

    @PostMapping(value = {"/token/analyze/get/agent"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> analyzeAgentAccessToken(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        AgentUserTokenVo agentUserTokenVo = new AgentUserTokenVo((IamAuthoredUser) authoredUser);
        if (ObjectUtils.isEmpty(agentUserTokenVo.getAgentUserId())) {
            throw new BusinessException(I18nError.AGENT_USER_ID_EMPTY);
        }
        User findById = this.userRepository.findById(agentUserTokenVo.getAgentUserId());
        if (null == findById) {
            throw new BusinessException(I18nError.USER_NOT_EXIST, new Object[]{agentUserTokenVo.getAgentUserId()});
        }
        agentUserTokenVo.setAgentUserName(findById.getName());
        return ResponseEntity.ok(agentUserTokenVo);
    }

    @RateLimiter(name = "/api/iam/v2/identity/token/analyze/internal")
    @GetMapping({"/token/analyze/internal"})
    public ResponseEntity<?> analyzeToken(@RequestAttribute(value = "digi-middleware-auth-user-data", required = false) AuthoredUser authoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        UserTokenVo userTokenVo = authoredUser != null ? new UserTokenVo((IamAuthoredUser) authoredUser) : new UserTokenVo();
        userTokenVo.setSys(authoredSys);
        return ResponseEntity.ok(userTokenVo);
    }

    @PostMapping(value = {"/login/info"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getAuthoredUser(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        IamAuthoredUser iamAuthoredUser = (IamAuthoredUser) authoredUser;
        this.authoredUserService.resetUserMetadata(iamAuthoredUser);
        return ResponseEntity.ok(iamAuthoredUser);
    }

    @PostMapping(value = {"/token/grant/access"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    @RateLimiter(name = "/api/iam/v2/identity/token/grant/access")
    public ResponseEntity<?> createAccessToken(@RequestBody GrantTypeInfo grantTypeInfo, HttpServletRequest httpServletRequest) {
        if (!IamConstants.VERIFY_USER_GRANT_TYPE.equals(grantTypeInfo.getGrantType())) {
            throw new BusinessException(I18nError.ACCESS_TOKEN_GRANT_TYPE_ERROR);
        }
        if (httpServletRequest.getRequestURI().contains(IamConstants.API_V1_PREFIX) && ObjectUtils.isEmpty(grantTypeInfo.getTenantId())) {
            grantTypeInfo.setTenantId("default");
        }
        return ResponseEntity.ok(this.authoredUserService.getByGrantTypeInfo(grantTypeInfo));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @PostMapping(value = {"/token/refresh/tenant"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> refreshUserTokenWithTenant(HttpServletRequest httpServletRequest, @RequestBody LoginUser loginUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        String header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_USER_TOKEN_KEY);
        if (ObjectUtils.isEmpty(header)) {
            header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_ACCESS_TOKEN_KEY);
        }
        if (header == null) {
            throw new IllegalArgumentException("需要在header中传入参数digi-middleware-auth-user");
        }
        Tenant tenant = null;
        if (loginUser.getTenantSid() > 0) {
            tenant = (Tenant) this.tenantCrudService.findBySid(loginUser.getTenantSid());
        } else if (!Strings.isBlank(loginUser.getTenantId())) {
            tenant = this.tenantCrudService.findById(loginUser.getTenantId());
        }
        loginUser.setApp(new Sys(authoredSys));
        return ResponseEntity.ok(new ChangedTokenVO(tenant, this.authoredUserService.refreshUserTokenInTenant(header, tenant, loginUser.getApp())));
    }

    @PostMapping(value = {"/token/refresh/user"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    @RateLimiter(name = "/api/iam/v2/identity/token/refresh/user")
    public ResponseEntity<?> refreshUserToken(HttpServletRequest httpServletRequest, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys) {
        String header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_USER_TOKEN_KEY);
        if (ObjectUtils.isEmpty(header)) {
            header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_ACCESS_TOKEN_KEY);
        }
        if (header == null) {
            throw new IllegalArgumentException("需要在header中传入参数digi-middleware-auth-user");
        }
        return ResponseEntity.ok(Collections.singletonMap("user_token", this.authoredUserService.refreshUserToken(header, new Sys(authoredSys)).getToken()));
    }

    @PostMapping(value = {""}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> getUserInfoByToken(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, HttpServletRequest httpServletRequest) {
        AuthoredSys authoredSys = AppAuthContextHolder.getContext().getAuthoredSys();
        if (httpServletRequest.getRequestURI().contains(IamConstants.API_V1_PREFIX) && authoredUser.getTenantSid() == 0) {
            authoredUser.setTenantSid(1L);
            authoredUser.setTenantId("default");
        }
        List<UserMappingQueryResultVO> mappedByUserAndApp = authoredSys != null ? this.userMappingService.getMappedByUserAndApp(authoredUser.getTenantSid(), authoredUser.getSid(), authoredSys.getId()) : this.userMappingService.getMappedByUser(authoredUser.getTenantSid(), authoredUser.getSid());
        IdentityInfo identityInfo = new IdentityInfo();
        identityInfo.setUserSid(authoredUser.getSid());
        identityInfo.setUserId(authoredUser.getUserId());
        identityInfo.setTenantId(authoredUser.getTenantId());
        identityInfo.setTenantSid(authoredUser.getTenantSid());
        identityInfo.setMapping(mappedByUserAndApp);
        return ResponseEntity.ok(identityInfo);
    }

    @PostMapping(value = {"/token/refresh/app"}, produces = {"application/json; charset=utf-8"})
    @Transactional(rollbackFor = {Exception.class})
    public ResponseEntity<?> refreshAppUserToken(HttpServletRequest httpServletRequest, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys, @RequestAttribute(value = "digi-middleware-device-id-data", required = false) AuthoredDevice authoredDevice) {
        if (authoredSys == null) {
            throw new IllegalArgumentException("切换应用的token需要在header中传入参数digi-middleware-auth-app");
        }
        String header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_USER_TOKEN_KEY);
        if (ObjectUtils.isEmpty(header)) {
            header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_ACCESS_TOKEN_KEY);
        }
        if (header == null) {
            throw new IllegalArgumentException("需要在header中传入参数digi-middleware-auth-user");
        }
        return ResponseEntity.ok(new ChangedTokenVO(this.authoredUserService.refreshUserTokenInSys(header, new Sys(authoredSys), authoredDevice)));
    }

    @PostMapping(value = {"/ota"}, produces = {"application/json; charset=utf-8"})
    public ResponseEntity<?> loginByOta(@RequestBody GrantTypeInfo grantTypeInfo, HttpServletRequest httpServletRequest, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.hasText(grantTypeInfo.getTenantId(), "租户Id不能为空！");
        Assert.isTrue("onetimeauth_credentials".equalsIgnoreCase(grantTypeInfo.getGrantType()), "grant_type只能为onetimeauth_credentials！");
        String otaToken = grantTypeInfo.getOtaToken();
        if (Strings.isEmpty(otaToken)) {
            otaToken = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_OTA_TOKEN_KEY);
        }
        Assert.hasText(otaToken, "otaToken不能为空！");
        OtaToken findByToken = this.otaTokenCrudService.findByToken(otaToken);
        Assert.notNull(findByToken, "OtaToken不存在！");
        return ResponseEntity.ok(this.otaTokenService.checkOtaToken((IamAuthoredUser) authoredUser, grantTypeInfo, findByToken));
    }

    @PostMapping({"/oauth/token/grant/access"})
    public ResponseEntity<?> loginByOauth(@Valid @RequestBody OauthLoginRequest oauthLoginRequest) {
        AuthoredDevice authoredDevice = null;
        if (ComeFromEnum.WECHAT.getId().equals(oauthLoginRequest.getType()) || ComeFromEnum.LINE.getId().equals(oauthLoginRequest.getType())) {
            Assert.hasText(oauthLoginRequest.getUnionid(), "unionid不能为空");
            try {
                String decryptHex = AES.decryptHex(oauthLoginRequest.getUnionid(), KeyConstant.WECHAT_UNION_ID);
                oauthLoginRequest.setUnionid(decryptHex);
                authoredDevice = new AuthoredDevice("applet", oauthLoginRequest.getAppId(), oauthLoginRequest.getType(), decryptHex, AppAuthContextHolder.getContext().getClientIP());
            } catch (Exception e) {
                throw new BusinessException(I18nError.ENCRYPTED_INCORRECTLY_AND_CANNOT_BE_DECRYPTED);
            }
        } else {
            Assert.hasText(oauthLoginRequest.getAccessToken(), "accessToken不能为空");
            Assert.hasText(oauthLoginRequest.getCallBackUri(), "callBackUri不能为空");
            Assert.hasText(oauthLoginRequest.getMethod(), "method不能为空");
        }
        LoginUser loginUser = new LoginUser();
        loginUser.setDevice(authoredDevice);
        loginUser.setIdentityType(IdentityType.oauth);
        loginUser.setOauthLoginRequest(oauthLoginRequest);
        return ResponseEntity.ok(this.oauthIdentityService.login(loginUser));
    }

    @PostMapping({"/oauth/token/access/token"})
    public ResponseEntity<?> login2ThirdPlatform(@Valid @RequestBody OauthLoginRequest oauthLoginRequest) {
        if (null == oauthLoginRequest.getAutoRegister()) {
            oauthLoginRequest.setAutoRegister(true);
        }
        Assert.hasText(oauthLoginRequest.getUnionid(), "unionid不能为空");
        Assert.hasText(oauthLoginRequest.getTenantId(), "租户id不能为空");
        Assert.hasText(oauthLoginRequest.getUserId(), "userId:用户id不能为空");
        Tenant findById = this.tenantCrudService.findById(oauthLoginRequest.getTenantId());
        if (null == findById) {
            throw new BusinessException(I18nError.ERROR_21018);
        }
        DingTalkImportInfo dingTalkImportInfo = new DingTalkImportInfo(oauthLoginRequest);
        DingTalkUserInfo dingTalkUserInfo = new DingTalkUserInfo(oauthLoginRequest);
        List<UserMappingQueryResultVO> mappings = this.userMappingService.getMappings(Long.valueOf(findById.getSid()), oauthLoginRequest.getType(), oauthLoginRequest.getUnionid());
        if (!mappings.isEmpty()) {
            UserMappingQueryResultVO orElse = mappings.stream().filter(userMappingQueryResultVO -> {
                return userMappingQueryResultVO.getProviderId().equals(oauthLoginRequest.getAppId());
            }).findFirst().orElse(null);
            if (null == orElse) {
                orElse = mappings.get(0);
            }
            logger.info("第三方集成{} 获取三方账号{}在租户下{}绑定应用{}的归户用户为:[{}]", oauthLoginRequest.getType(), oauthLoginRequest.getUnionid(), oauthLoginRequest.getTenantId(), oauthLoginRequest.getAppId(), orElse.getUserId());
            User user = (User) this.userRepository.findById((UserRepository) Long.valueOf(orElse.getUserSid())).orElse(null);
            UserInTenant findByUnionKey = this.userInTenantCrudService.findByUnionKey(findById.getSid(), orElse.getUserSid());
            if (user == null || findByUnionKey == null) {
                logger.error("第三方集成{} 获取三方账号{}在租户下{}绑定应用{}的归户用户为:[{}]不存在", oauthLoginRequest.getType(), oauthLoginRequest.getUnionid(), oauthLoginRequest.getTenantId(), oauthLoginRequest.getAppId(), orElse.getUserId());
                this.userMappingCrudService.deleteByUnionKey(findById.getSid(), orElse.getUserSid(), oauthLoginRequest.getAppId(), oauthLoginRequest.getType());
            } else {
                dingTalkUserInfo = new DingTalkUserInfo(user, oauthLoginRequest.getUserId(), oauthLoginRequest.getUnionid(), oauthLoginRequest.getDeptId(), oauthLoginRequest.getThirdUserId(), oauthLoginRequest.getTelephone());
                if (!oauthLoginRequest.getAppId().equalsIgnoreCase(orElse.getProviderId())) {
                    dingTalkUserInfo.setNeedMapping(true);
                }
            }
        }
        SyncTenantAuthScope findByTenantSidAndPlatformAndAuthApp = this.syncTenantAuthScopeRepository.findByTenantSidAndPlatformAndAuthApp(Long.valueOf(findById.getSid()), oauthLoginRequest.getType(), oauthLoginRequest.getAppId());
        if (null == findByTenantSidAndPlatformAndAuthApp) {
            logger.error("用户{}({})未被租户{}授权使用该应用{},授权范围对象为空", oauthLoginRequest.getUserName(), oauthLoginRequest.getUserId(), oauthLoginRequest.getTenantId(), oauthLoginRequest.getAppId());
        } else if (!findByTenantSidAndPlatformAndAuthApp.getAuthUserIds().contains(oauthLoginRequest.getUserId()) && !oauthLoginRequest.getOrgs().stream().anyMatch(l -> {
            return findByTenantSidAndPlatformAndAuthApp.getAuthOrgs().contains(l);
        })) {
            logger.error("用户{}({})未被租户{}授权使用该应用{},授权范围对象不包括该用户，授权范围{}", oauthLoginRequest.getUserName(), oauthLoginRequest.getUserId(), oauthLoginRequest.getTenantId(), oauthLoginRequest.getAppId(), JsonUtils.writeValue(findByTenantSidAndPlatformAndAuthApp));
        }
        dingTalkImportInfo.getUsers().add(dingTalkUserInfo);
        CountResultVO countResultVO = null;
        if (oauthLoginRequest.getAutoRegister().booleanValue()) {
            countResultVO = this.importDataService.importDingTalkUser(dingTalkImportInfo, findById);
        }
        LoginUser loginUser = new LoginUser();
        loginUser.setDevice(new AuthoredDevice("applet", oauthLoginRequest.getAppId(), oauthLoginRequest.getType(), oauthLoginRequest.getUnionid(), AppAuthContextHolder.getContext().getClientIP()));
        loginUser.setIdentityType(IdentityType.oauth);
        oauthLoginRequest.setVerified(false);
        loginUser.setOauthLoginRequest(oauthLoginRequest);
        IamAuthoredUser login = this.oauthIdentityService.login(loginUser);
        if (countResultVO != null && 1 <= countResultVO.getCurrentCount()) {
            this.sysNoticeService.authUser(findById, oauthLoginRequest.getAppId(), countResultVO.getArgument().get("strategyId"), login);
        }
        return ResponseEntity.ok(login);
    }

    @PostMapping({"/oauth/token/grant/access/internal"})
    public ResponseEntity<?> loginByOauthInternal(@Valid @RequestBody OauthLoginRequest oauthLoginRequest) {
        Assert.hasText(oauthLoginRequest.getUnionid(), "unionid不能为空");
        try {
            String decryptHex = AES.decryptHex(oauthLoginRequest.getUnionid(), KeyConstant.WECHAT_UNION_ID);
            oauthLoginRequest.setUnionid(decryptHex);
            AuthoredDevice authoredDevice = new AuthoredDevice("applet", oauthLoginRequest.getAppId(), oauthLoginRequest.getType(), decryptHex, AppAuthContextHolder.getContext().getClientIP());
            LoginUser loginUser = new LoginUser();
            loginUser.setDevice(authoredDevice);
            loginUser.setIdentityType(IdentityType.oauth);
            oauthLoginRequest.setVerified(false);
            loginUser.setOauthLoginRequest(oauthLoginRequest);
            return ResponseEntity.ok(this.oauthIdentityService.login(loginUser));
        } catch (Exception e) {
            throw new BusinessException(I18nError.ENCRYPTED_INCORRECTLY_AND_CANNOT_BE_DECRYPTED);
        }
    }

    @PostMapping({"/oauth/token/access"})
    public ResponseEntity<?> loginByOauthToAccessTokenInWeb(@RequestBody OAuthLoginInfo oAuthLoginInfo) {
        for (ThirdOauthService thirdOauthService : this.thirdOauthServices) {
            if (thirdOauthService.support(oAuthLoginInfo)) {
                return ResponseEntity.ok(thirdOauthService.getWebAccessToken(oAuthLoginInfo));
            }
        }
        return ResponseEntity.ok(null);
    }

    @PostMapping({"/oauth/token/access/app"})
    public ResponseEntity<?> loginByOauthToAccessToken(@RequestBody OAuthLoginInfo oAuthLoginInfo) {
        for (ThirdOauthService thirdOauthService : this.thirdOauthServices) {
            if (thirdOauthService.support(oAuthLoginInfo)) {
                return ResponseEntity.ok(thirdOauthService.getAppAccessToken(oAuthLoginInfo));
            }
        }
        return ResponseEntity.ok(null);
    }

    @PostMapping({"/token/change/user"})
    public ResponseEntity<?> changeUser(@RequestAttribute("digi-middleware-auth-user-data") IamAuthoredUser iamAuthoredUser, @RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys, @RequestBody LoginUser loginUser) {
        if (ObjectUtils.isEmpty(loginUser.getUserId()) || ObjectUtils.isEmpty(loginUser.getClientEncryptPublicKey())) {
            throw new BusinessException(I18nError.USER_ID_AND_PUBLIC_KEY_NOT_NULL);
        }
        if (0 == iamAuthoredUser.getTenantSid()) {
            throw new BusinessException(I18nError.TENANT_ID_NOT_NULL);
        }
        return ResponseEntity.ok(this.authoredUserService.changeUserToken(iamAuthoredUser, loginUser, new Sys(authoredSys)));
    }

    @PostMapping({"/login/proxy/users"})
    public ResponseEntity<?> getProxyUsers(@RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys, @RequestBody LoginUser loginUser) {
        Assert.hasText(loginUser.getUserId(), "代理用户的id不能为空");
        Assert.hasText(loginUser.getPasswordHash(), "代理用户密码不能为空");
        Assert.hasText(loginUser.getAgentAuthorizationCode(), "代理授权码不能为空");
        Assert.hasText(loginUser.getClientEncryptPublicKey(), "加密公钥不能为空");
        loginUser.setApp(authoredSys == null ? null : new Sys(authoredSys));
        return ResponseEntity.ok(this.agentIdentityService.login(loginUser));
    }

    @PostMapping({"/login/proxy"})
    public ResponseEntity<?> loginInProxy(@RequestAttribute(value = "digi-middleware-auth-app-data", required = false) AuthoredSys authoredSys, @RequestAttribute(value = "digi-middleware-device-id-data", required = false) AuthoredDevice authoredDevice, @RequestBody LoginUser loginUser) {
        Assert.hasText(loginUser.getUserId(), "用户的id不能为空");
        Assert.hasText(loginUser.getAgentToken(), "代理token不能为空");
        loginUser.setIdentityType(IdentityType.agent);
        try {
            loginUser.setUserId(AES.decryptHex(loginUser.getUserId(), KeyConstant.LOGIN_AGENT));
            loginUser.setApp(authoredSys == null ? null : new Sys(authoredSys));
            loginUser.setDevice(authoredDevice);
            return ResponseEntity.ok(this.agentIdentityService.login(loginUser));
        } catch (Exception e) {
            throw new BusinessException(I18nError.ENCRYPTED_INCORRECTLY_AND_CANNOT_BE_DECRYPTED);
        }
    }

    @PostMapping({"/token/temp/access"})
    public StdData<?> loginByTempToken(@RequestBody LoginByTempTokenVO loginByTempTokenVO) {
        LoginUser loginUser = new LoginUser();
        loginUser.setIdentityType(IdentityType.tempUserToken);
        loginUser.setUserId(loginByTempTokenVO.getUserId());
        loginUser.setTenantId(loginByTempTokenVO.getTenantId());
        loginUser.setSysId(loginByTempTokenVO.getAppId());
        loginUser.setTempUserToken(loginByTempTokenVO.getTempToken().toLowerCase());
        return StdData.ok(Collections.singletonMap("token", this.tempUserTokenService.login(loginUser).getToken()));
    }

    @PostMapping({"/sso/auth/code"})
    public StdData<?> getAuthCode(@RequestBody LoginAuthInfo loginAuthInfo) {
        if (ObjectUtils.isEmpty(loginAuthInfo.getTargetAppId())) {
            throw new BusinessException(I18nError.IAM_PARAM_EMPTY_ERROR, new Object[]{"targetAppId"});
        }
        String authCode = this.appSSOService.getAuthCode(loginAuthInfo.getTargetAppId());
        HashMap hashMap = new HashMap();
        hashMap.put("authCode", authCode);
        return StdData.ok(hashMap);
    }

    @PostMapping({"/sso/accesstoken"})
    public StdData<?> getAccessTokenByAuthCode(@RequestBody LoginAuthInfo loginAuthInfo, @RequestAttribute(value = "digi-middleware-device-id-data", required = false) AuthoredDevice authoredDevice) {
        if (ObjectUtils.isEmpty(loginAuthInfo.getAuthCode())) {
            throw new BusinessException(I18nError.IAM_PARAM_EMPTY_ERROR, new Object[]{"authCode"});
        }
        if (ObjectUtils.isEmpty(loginAuthInfo.getSourceAppId())) {
            throw new BusinessException(I18nError.IAM_PARAM_EMPTY_ERROR, new Object[]{"sourceAppId"});
        }
        return StdData.ok(this.appSSOService.getUserTokenByAuthCode(loginAuthInfo.getSourceAppId(), loginAuthInfo.getAuthCode(), authoredDevice));
    }

    @PostMapping({"/token/saml/access", "/token/sso/access"})
    public StdData<?> loginBySsoToken(@RequestBody SsoLoginInfo ssoLoginInfo, @RequestAttribute(value = "digi-middleware-device-id-data", required = false) AuthoredDevice authoredDevice) {
        Object[] objArr = new Object[2];
        objArr[0] = StringUtils.hasText(ssoLoginInfo.getSsoType()) ? ssoLoginInfo.getSsoType() : IamConstants.TENANT_METADATA_CATALOG_ID_SAML;
        objArr[1] = ssoLoginInfo.getCode();
        String format = String.format(RedisConstants.REDIS_IAM_SSO_TOKEN, objArr);
        UserTempTokenCacheVO userTempTokenCacheVO = (UserTempTokenCacheVO) RedisUtils.get(format, UserTempTokenCacheVO.class);
        if (Objects.isNull(userTempTokenCacheVO)) {
            throw new BusinessException(I18nError.TEMP_TOKEN_INVALID, new Object[]{ssoLoginInfo.getCode()});
        }
        RedisUtils.delete(format);
        String[] split = userTempTokenCacheVO.getValue().split(":_");
        Tenant findById = this.tenantCrudService.findById(split[1]);
        if (findById == null) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{split[1]});
        }
        String str = split[0];
        User findById2 = this.userCrudService.findById(str);
        if (findById2 == null) {
            throw new BusinessException(I18nError.USER_NOT_EXIST, new Object[]{str});
        }
        LoginUser loginUser = new LoginUser();
        loginUser.setIdentityType(IdentityType.tempUserToken);
        loginUser.setUser(findById2);
        loginUser.setTenant(findById);
        loginUser.setApp(new Sys(UserUtils.getAuthoredSys()));
        loginUser.setDevice(authoredDevice);
        return StdData.ok(Collections.singletonMap("token", this.authoredUserService.generate(loginUser, true, false).getToken()));
    }

    @PostMapping({"/cross/region/login"})
    @DapSign
    public StdData<?> crossRegionLogin(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys, @Valid @RequestBody CrossRegionLoginRequest crossRegionLoginRequest) {
        String tenantId = crossRegionLoginRequest.getTenantId();
        if (!StringUtils.hasText(tenantId)) {
            tenantId = authoredUser.getTenantId();
        }
        String str = null;
        if (!Objects.equals(authoredUser.getTenantId(), tenantId)) {
            Tenant findById = this.tenantCrudService.findById(authoredUser.getTenantId());
            if (!StringUtils.hasText(findById.getCustomerId())) {
                throw new BusinessException(I18nError.CUSTOMER_CODE_OF_TENANT_NOT_EMPTY, new Object[]{authoredUser.getTenantId()});
            }
            str = findById.getCustomerId();
        }
        IamAuthoredUser crossRegionLogin = this.remoteIamService.crossRegionLogin(crossRegionLoginRequest.getCloud(), crossRegionLoginRequest.getArea(), tenantId, authoredSys.getId(), str);
        HashMap hashMap = new HashMap();
        hashMap.put("token", crossRegionLogin.getToken());
        hashMap.put("tokenExpiresIn", Long.valueOf(crossRegionLogin.getTokenExpiresIn()));
        return StdData.ok(hashMap);
    }

    @PostMapping({"/cross/region/login/inner"})
    @DapSign
    public StdData<?> crossRegionLoginInner(@Valid @RequestBody CrossRegionLoginInnerRequest crossRegionLoginInnerRequest) {
        Tenant findById = this.tenantCrudService.findById(crossRegionLoginInnerRequest.getTenantId());
        if (findById == null) {
            return StdData.of(500, I18nError.TENANT_NOT_EXISTED.getErrorMessage(new Object[]{crossRegionLoginInnerRequest.getTenantId()}));
        }
        String customerId = crossRegionLoginInnerRequest.getCustomerId();
        if (StringUtils.hasText(customerId) && !Objects.equals(customerId, findById.getCustomerId())) {
            return StdData.of(500, I18nError.CUSTOMER_ID_NOT_SAME.getErrorMessage());
        }
        Sys sysById = this.commonCacheService.getSysById(crossRegionLoginInnerRequest.getSysId());
        if (sysById == null) {
            return StdData.of(500, I18nError.SYS_NOT_EXISTED.getErrorMessage(new Object[]{crossRegionLoginInnerRequest.getSysId()}));
        }
        User findById2 = this.userCrudService.findById("integration");
        LoginUser loginUser = new LoginUser();
        loginUser.setIdentityType(IdentityType.crossRegion);
        loginUser.setUser(findById2);
        loginUser.setTenant(findById);
        loginUser.setApp(sysById);
        loginUser.setLoginSource(LoginSource.crossRegion);
        return StdData.ok(this.authoredUserService.generate(loginUser, false, false));
    }
}
