package com.digiwin.dap.middleware.iam.api;

import com.digiwin.dap.middle.ram.domain.enums.TargetType;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.domain.StdData;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthAccessTokenRequest;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthAppVO;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthAuthRequest;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthRefreshTokenRequest;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthScopeApiVO;
import com.digiwin.dap.middleware.iam.entity.OauthApi;
import com.digiwin.dap.middleware.iam.entity.OauthApp;
import com.digiwin.dap.middleware.iam.entity.OauthScope;
import com.digiwin.dap.middleware.iam.entity.OauthScopeApi;
import com.digiwin.dap.middleware.iam.repository.OauthApiRepository;
import com.digiwin.dap.middleware.iam.repository.OauthAppRepository;
import com.digiwin.dap.middleware.iam.repository.OauthScopeApiRepository;
import com.digiwin.dap.middleware.iam.repository.OauthScopeRepository;
import com.digiwin.dap.middleware.iam.service.oauth.OauthAppCrudService;
import com.digiwin.dap.middleware.iam.service.oauth.OauthService;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import com.digiwin.dap.middleware.util.SnowFlake;
import com.digiwin.dap.middleware.util.UserUtils;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import org.apache.axis.utils.StringUtils;
import org.pac4j.oidc.config.OidcConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/iam/v2"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/OauthController.class */
public class OauthController {
    private Logger logger = LoggerFactory.getLogger((Class<?>) OauthController.class);

    @Autowired
    private OauthService oauthService;

    @Autowired
    private OauthAppCrudService oauthAppCrudService;

    @Autowired
    private OauthAppRepository oauthAppRepository;

    @Autowired
    private OauthScopeRepository oauthScopeRepository;

    @Autowired
    private OauthApiRepository oauthApiRepository;

    @Autowired
    private OauthScopeApiRepository oauthScopeApiRepository;

    @Autowired
    private AuthValidateService authValidateService;

    @PostMapping({"/oauth2/app/register"})
    public StdData addOauthApp(@Valid @RequestBody OauthAppVO oauthAppVO, @RequestAttribute(name = "digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (authoredUser.getTenantSid() == 0 || authoredUser.getSid() == 0) {
            throw new BusinessException(I18nError.TENANT_ID_AND_USER_NOT_NULL);
        }
        oauthAppVO.setTenantSid(authoredUser.getTenantSid());
        oauthAppVO.setOwnerUserSid(authoredUser.getSid());
        return StdData.ok(Long.valueOf(this.oauthService.registerApp(oauthAppVO)));
    }

    @GetMapping({"/oauth2/app/{appSid}"})
    public StdData getOauthApp(@PathVariable("appSid") long j, @RequestAttribute(name = "digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (authoredUser.getTenantSid() == 0 || authoredUser.getSid() == 0) {
            throw new BusinessException(I18nError.TENANT_ID_AND_USER_NOT_NULL);
        }
        OauthApp findBySid = this.oauthAppCrudService.findBySid(j);
        if (findBySid != null) {
            if (authoredUser.getTenantSid() != findBySid.getTenantSid()) {
                return StdData.of(500, String.format("租户%s下不存在应用%s", authoredUser.getTenantId(), findBySid.getName()));
            }
            if (authoredUser.getSid() != findBySid.getOwnerUserSid()) {
                return StdData.of(500, String.format("用户%s没有权限查看应用%s", authoredUser.getUserId(), findBySid.getName()));
            }
        }
        return StdData.ok(findBySid);
    }

    @PostMapping({"/oauth2/app/{appSid}"})
    public StdData updateOauthApp(@PathVariable("appSid") long j, @Valid @RequestBody OauthAppVO oauthAppVO, @RequestAttribute(name = "digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (authoredUser.getTenantSid() == 0 || authoredUser.getSid() == 0) {
            throw new BusinessException(I18nError.TENANT_ID_AND_USER_NOT_NULL);
        }
        OauthApp findBySid = this.oauthAppCrudService.findBySid(j);
        if (findBySid != null) {
            if (authoredUser.getTenantSid() != findBySid.getTenantSid() && !this.authValidateService.checkAccessPermission(TargetType.Sys.name(), "POST", "/api/iam/v2/oauth2/app/{appSid}", UserUtils.getSysId()).booleanValue()) {
                throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
            }
            findBySid.setName(oauthAppVO.getName());
            findBySid.setDescription(oauthAppVO.getDescription());
            findBySid.setCallbackUrl(oauthAppVO.getCallbackUrl());
            findBySid.setLogoImage(oauthAppVO.getLogoImage());
            this.oauthAppCrudService.update(findBySid);
        }
        return StdData.ok(Long.valueOf(j));
    }

    @GetMapping({"/oauth2/apps"})
    public StdData getOauthApps(@RequestAttribute(name = "digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (authoredUser.getTenantSid() == 0 || authoredUser.getSid() == 0) {
            throw new BusinessException(I18nError.TENANT_ID_AND_USER_NOT_NULL);
        }
        ArrayList arrayList = new ArrayList();
        for (Object[] objArr : this.oauthAppRepository.findByTenantSidAndOwnerUserSid(authoredUser.getTenantSid(), authoredUser.getSid())) {
            OauthAppVO oauthAppVO = new OauthAppVO();
            oauthAppVO.setSid(((Long) objArr[0]).longValue());
            oauthAppVO.setId((String) objArr[1]);
            oauthAppVO.setName((String) objArr[2]);
            oauthAppVO.setLogoImage((String) objArr[3]);
            oauthAppVO.setCallbackUrl((String) objArr[4]);
            oauthAppVO.setDescription((String) objArr[5]);
            arrayList.add(oauthAppVO);
        }
        return StdData.ok(arrayList);
    }

    @PostMapping({"/oauth2/app"})
    public StdData updateOauthApp(@Valid @RequestBody OauthAppVO oauthAppVO) {
        return StdData.ok(Long.valueOf(this.oauthService.updateApp(oauthAppVO)));
    }

    @PostMapping({"/oauth2/authorize"})
    public StdData getAuthCode(@Valid @RequestBody OauthAuthRequest oauthAuthRequest, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return StdData.ok(this.oauthService.getAuthCode(oauthAuthRequest, authoredUser));
    }

    @PostMapping({"/oauth2/accesstoken"})
    public StdData getAccessToken(@Valid @RequestBody OauthAccessTokenRequest oauthAccessTokenRequest) {
        return StdData.ok(this.oauthService.getAccessToken(oauthAccessTokenRequest));
    }

    @PostMapping({"/oauth2/refreshtoken"})
    public StdData refreshAccessToken(@Valid @RequestBody OauthRefreshTokenRequest oauthRefreshTokenRequest) {
        return StdData.ok(this.oauthService.refreshAccessToken(oauthRefreshTokenRequest));
    }

    @GetMapping({"/oauth2/scope"})
    public StdData getScope(@RequestParam(required = false) String str) {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isEmpty(str)) {
            arrayList.add(this.oauthScopeRepository.findById("user_read"));
        } else {
            String[] split = str.split(",");
            List<String> findAllIds = this.oauthScopeRepository.findAllIds();
            StringBuilder sb = new StringBuilder();
            for (String str2 : split) {
                if (findAllIds.contains(str2)) {
                    OauthScope findById = this.oauthScopeRepository.findById(str2);
                    if (findById != null) {
                        arrayList.add(findById);
                    }
                } else {
                    sb.append(str2).append(";");
                }
            }
            if (sb.length() > 0) {
                this.logger.error(String.format("%s授权范围不存在", sb.toString()));
            }
        }
        return StdData.ok(arrayList);
    }

    @GetMapping({"/oauth2/get/name"})
    public StdData getAppName(@RequestParam String str) {
        OauthApp findById = this.oauthAppRepository.findById(str);
        if (null != findById) {
            return StdData.ok(findById.getName());
        }
        throw new BusinessException(I18nError.SYS_NOT_EXISTED);
    }

    @GetMapping({"/oauth/authorize"})
    public void getCommonAuthCode(@RequestParam String str, @RequestParam String str2, @RequestParam String str3, @RequestParam(required = false) String str4, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(String.format("%s?state=%s&code=%s", str3, str2, this.oauthService.getCommonAuthCode(str, str3, str4, authoredUser).getCode()));
    }

    @PostMapping({"/oauth/accesstoken"})
    public ResponseEntity<?> getCommonAccessToken(@RequestParam Map<String, Object> map) {
        ObjectMapper objectMapper = new ObjectMapper();
        try {
            OauthAccessTokenRequest oauthAccessTokenRequest = (OauthAccessTokenRequest) objectMapper.readValue(objectMapper.writeValueAsString(map), OauthAccessTokenRequest.class);
            if (map.containsKey(OidcConfiguration.CLIENT_ID) && StringUtils.isEmpty(oauthAccessTokenRequest.getClient_id())) {
                throw new IllegalArgumentException(OidcConfiguration.CLIENT_ID);
            }
            if (StringUtils.isEmpty(oauthAccessTokenRequest.getRedirect_uri())) {
                throw new IllegalArgumentException(OidcConfiguration.REDIRECT_URI);
            }
            if (StringUtils.isEmpty(oauthAccessTokenRequest.getCode())) {
                throw new IllegalArgumentException("code");
            }
            if (StringUtils.isEmpty(oauthAccessTokenRequest.getGrant_type())) {
                throw new IllegalArgumentException("grant_type");
            }
            return ResponseEntity.ok(this.oauthService.getCommonAccessToken(oauthAccessTokenRequest));
        } catch (IOException e) {
            throw new BusinessException(I18nError.ACCESS_TOKEN_DECRYPTION_FAILED);
        }
    }

    @PostMapping({"/oauth/refreshtoken"})
    public StdData refreshCommonAccessToken(@Valid @RequestBody OauthRefreshTokenRequest oauthRefreshTokenRequest) {
        return StdData.ok(this.oauthService.refreshAccessToken(oauthRefreshTokenRequest));
    }

    @GetMapping({"/oauth/user/info"})
    public Map getUserInfo(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        HashMap hashMap = new HashMap();
        hashMap.put("name", authoredUser.getUserName());
        hashMap.put("email", authoredUser.getUserId());
        return hashMap;
    }

    @GetMapping({"/oauth/tenant/info"})
    public Map getTenantInfo(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        HashMap hashMap = new HashMap();
        hashMap.put("name", authoredUser.getTenantName());
        hashMap.put("email", authoredUser.getTenantId());
        return hashMap;
    }

    @PostMapping({"/oauth2/api"})
    public StdData addOauthApi(@RequestBody List<OauthScopeApiVO> list) {
        List<T> findAll = this.oauthScopeRepository.findAll();
        list.forEach(oauthScopeApiVO -> {
            OauthApi oauthApi = new OauthApi();
            oauthApi.setSid(oauthScopeApiVO.getSid() == null ? SnowFlake.getInstance().newId() : oauthScopeApiVO.getSid().longValue());
            oauthApi.setApi(oauthScopeApiVO.getApi());
            oauthApi.setMethod(oauthScopeApiVO.getMethod());
            oauthApi.setModule(oauthScopeApiVO.getModule());
            this.oauthApiRepository.save(oauthApi);
            oauthScopeApiVO.getScopes().forEach(str -> {
                OauthScope oauthScope = (OauthScope) findAll.stream().filter(oauthScope2 -> {
                    return str.equals(oauthScope2.getId());
                }).findFirst().orElse(null);
                if (oauthScope != null) {
                    OauthScopeApi oauthScopeApi = new OauthScopeApi();
                    oauthScopeApi.setScopeSid(oauthScope.getSid());
                    oauthScopeApi.setApiSid(oauthApi.getSid());
                    this.oauthScopeApiRepository.save(oauthScopeApi);
                }
            });
        });
        return StdData.ok().build();
    }

    @PostMapping({"/oauth2/sync"})
    public StdData syncOauthApp(@RequestBody List<OauthAppVO> list) {
        list.forEach(oauthAppVO -> {
            Assert.hasText(oauthAppVO.getSysId(), "应用id不能为空");
            Assert.hasText(oauthAppVO.getId(), "应用key不能为空");
            Assert.hasText(oauthAppVO.getSecret(), "应用秘钥不能为空");
        });
        this.oauthService.syncOauthApp(list);
        return StdData.ok().build();
    }
}
