package org.springblade.auth.endpoint;

import com.wf.captcha.SpecCaptcha;
import java.time.Duration;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springblade.auth.props.SsoProperties;
import org.springblade.core.cache.utils.CacheUtil;
import org.springblade.core.jwt.JwtUtil;
import org.springblade.core.jwt.props.JwtProperties;
import org.springblade.core.redis.cache.BladeRedis;
import org.springblade.core.secure.BladeUser;
import org.springblade.core.secure.utils.AuthUtil;
import org.springblade.core.tenant.annotation.NonDS;
import org.springblade.core.tool.api.R;
import org.springblade.core.tool.support.Kv;
import org.springblade.core.tool.utils.CollectionUtil;
import org.springblade.core.tool.utils.StringUtil;
import org.springblade.core.tool.utils.WebUtil;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;

@NonDS
@RestController
/* loaded from: input_file:org/springblade/auth/endpoint/BladeTokenEndPoint.class */
public class BladeTokenEndPoint {
    private static final Logger log = LoggerFactory.getLogger(BladeTokenEndPoint.class);
    private BladeRedis bladeRedis;
    private StringRedisTemplate stringRedisTemplate;
    private final JwtProperties jwtProperties;
    private ClientDetailsService clientDetailsService;
    private final TokenStore tokenStore;
    private SsoProperties ssoProperties;

    @GetMapping({"/oauth/login"})
    public ModelAndView require(ModelAndView modelAndView) {
        log.info("跳转单点登录表单页地址：{}", this.ssoProperties.getLoginpageurl());
        modelAndView.setViewName("redirect:" + this.ssoProperties.getLoginpageurl());
        return modelAndView;
    }

    @GetMapping({"/oauth/confirm_access"})
    public ModelAndView confirm(HttpSession httpSession, ModelAndView modelAndView) {
        Object attribute = httpSession.getAttribute("authorizationRequest");
        if (attribute != null) {
            modelAndView.addObject("client", this.clientDetailsService.loadClientByClientId(((AuthorizationRequest) attribute).getClientId()));
            modelAndView.addObject("principal", SecurityContextHolder.getContext().getAuthentication().getPrincipal());
        }
        modelAndView.setViewName("confirm");
        return modelAndView;
    }

    @GetMapping({"/oauth/user-info"})
    public R<Authentication> currentUser(Authentication authentication) {
        return R.data(authentication);
    }

    @GetMapping({"/oauth/captcha"})
    public Kv captcha() {
        SpecCaptcha specCaptcha = new SpecCaptcha(130, 48, 5);
        String lowerCase = specCaptcha.text().toLowerCase();
        String randomUUID = StringUtil.randomUUID();
        this.bladeRedis.setEx("blade:auth::blade:captcha:" + randomUUID, lowerCase, Duration.ofMinutes(30L));
        return Kv.create().set("key", randomUUID).set("image", specCaptcha.toBase64());
    }

    @GetMapping({"/oauth/logout"})
    public Kv logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        BladeUser user = AuthUtil.getUser();
        String token = JwtUtil.getToken(WebUtil.getRequest().getHeader("Blade-Auth"));
        if (user != null && this.jwtProperties.getState().booleanValue()) {
            JwtUtil.removeAccessToken(user.getTenantId(), String.valueOf(user.getUserId()), token);
        }
        OAuth2AccessToken readAccessToken = this.tokenStore.readAccessToken(token);
        OAuth2RefreshToken oAuth2RefreshToken = null;
        if (readAccessToken != null && StringUtil.isNoneBlank(new CharSequence[]{readAccessToken.getValue()})) {
            oAuth2RefreshToken = readAccessToken.getRefreshToken();
            this.tokenStore.removeAccessToken(readAccessToken);
        }
        if (oAuth2RefreshToken != null && StringUtil.isNoneBlank(new CharSequence[]{oAuth2RefreshToken.getValue()})) {
            this.tokenStore.removeRefreshToken(oAuth2RefreshToken);
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null) {
            new SecurityContextLogoutHandler().logout(httpServletRequest, httpServletResponse, authentication);
        }
        return Kv.create().set("success", "true").set("msg", "success");
    }

    @GetMapping({"/oauth/clear-cache"})
    public Kv clearCache() {
        BladeUser user = AuthUtil.getUser();
        if (user == null || user.getRoleName() == null || !(user.getRoleName().contains("admin") || user.getRoleName().contains("administrator"))) {
            return Kv.create().set("success", "false").set("msg", "Role error");
        }
        CacheUtil.clear("*");
        Set keys = this.stringRedisTemplate.keys("*");
        if (CollectionUtil.isNotEmpty(keys)) {
            this.stringRedisTemplate.delete(keys);
        }
        return Kv.create().set("success", "true").set("msg", "success");
    }

    public BladeTokenEndPoint(BladeRedis bladeRedis, StringRedisTemplate stringRedisTemplate, JwtProperties jwtProperties, ClientDetailsService clientDetailsService, TokenStore tokenStore, SsoProperties ssoProperties) {
        this.bladeRedis = bladeRedis;
        this.stringRedisTemplate = stringRedisTemplate;
        this.jwtProperties = jwtProperties;
        this.clientDetailsService = clientDetailsService;
        this.tokenStore = tokenStore;
        this.ssoProperties = ssoProperties;
    }
}
