package com.elitescloud.boot.auth.provider.security.handler;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.auth.client.config.AuthorizationProperties;
import com.elitescloud.boot.auth.client.config.support.AuthenticationCache;
import com.elitescloud.boot.auth.client.config.support.AuthenticationCallable;
import com.elitescloud.boot.auth.provider.common.AuthorizationConstant;
import com.elitescloud.boot.auth.provider.common.LoginDeviceLimitStrategy;
import com.elitescloud.boot.auth.provider.common.param.UserLoginDeviceDTO;
import com.elitescloud.boot.auth.provider.config.properties.AuthorizationProviderProperties;
import com.elitescloud.boot.auth.provider.config.properties.TokenProperties;
import com.elitescloud.boot.auth.provider.config.system.LoginProperties;
import com.elitescloud.boot.auth.provider.security.TokenPropertiesProvider;
import com.elitescloud.boot.util.DatetimeUtil;
import com.elitescloud.cloudt.context.util.HttpServletUtil;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import java.io.IOException;
import java.time.Duration;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/security/handler/CacheUserAuthenticationCallable.class */
public class CacheUserAuthenticationCallable implements AuthenticationCallable {
    private static final Logger log = LogManager.getLogger(CacheUserAuthenticationCallable.class);
    private final AuthorizationProperties authorizationProperties;
    private final AuthorizationProviderProperties authorizationProviderProperties;
    private final AuthenticationCache authenticationCache;
    private final TokenPropertiesProvider tokenPropertiesProvider;

    public CacheUserAuthenticationCallable(AuthorizationProperties authorizationProperties, AuthorizationProviderProperties authorizationProviderProperties, AuthenticationCache authenticationCache, TokenPropertiesProvider tokenPropertiesProvider) {
        this.authorizationProperties = authorizationProperties;
        this.authorizationProviderProperties = authorizationProviderProperties;
        this.authenticationCache = authenticationCache;
        this.tokenPropertiesProvider = tokenPropertiesProvider;
    }

    public void onLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Authentication authentication) throws IOException, ServletException {
        GeneralUserDetails generalUserDetails = null;
        if (authentication.getPrincipal() instanceof GeneralUserDetails) {
            generalUserDetails = (GeneralUserDetails) authentication.getPrincipal();
        }
        if (generalUserDetails == null || !StringUtils.hasText(str)) {
            return;
        }
        log.info("用户{}登录，token：{}", generalUserDetails.getUsername(), str);
        this.authenticationCache.setUserDetail(str, generalUserDetails, cachePrincipalDuration());
        UserLoginDeviceDTO buildLoginDevice = buildLoginDevice(httpServletRequest, generalUserDetails, str);
        ArrayList arrayList = new ArrayList(expireOtherDevice(queryUserDeviceOnline(generalUserDetails), buildLoginDevice.getClientId()));
        arrayList.add(buildLoginDevice);
        this.authenticationCache.setAttribute(generalUserDetails.getUserId().toString() + ":loginDevice", arrayList, (Duration) null);
    }

    public void onLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Object obj) {
        if (StringUtils.hasText(str)) {
            if (obj instanceof GeneralUserDetails) {
                log.info("用户{}注销", ((GeneralUserDetails) obj).getUsername());
                CompletableFuture.runAsync(() -> {
                    clearUserDevice((GeneralUserDetails) obj, str);
                }).whenComplete((r4, th) -> {
                    if (th != null) {
                        log.error("清理用户在线设备异常：", th);
                    }
                });
            }
            this.authenticationCache.removeUserDetail(str);
        }
    }

    private void clearUserDevice(GeneralUserDetails generalUserDetails, String str) {
        List<UserLoginDeviceDTO> list = (List) this.authenticationCache.getAttribute(generalUserDetails.getUserId().toString() + ":loginDevice");
        if (CollUtil.isEmpty(list)) {
            return;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (UserLoginDeviceDTO userLoginDeviceDTO : list) {
            if (!str.equals(userLoginDeviceDTO.getToken())) {
                arrayList.add(userLoginDeviceDTO);
            }
        }
        this.authenticationCache.setAttribute(generalUserDetails.getUserId().toString() + ":loginDevice", arrayList, (Duration) null);
    }

    private List<UserLoginDeviceDTO> queryUserDeviceOnline(GeneralUserDetails generalUserDetails) {
        List list = (List) this.authenticationCache.getAttribute(generalUserDetails.getUserId().toString() + ":loginDevice");
        return CollUtil.isEmpty(list) ? Collections.emptyList() : (List) list.stream().filter(userLoginDeviceDTO -> {
            return this.authenticationCache.exists(userLoginDeviceDTO.getToken());
        }).collect(Collectors.toList());
    }

    private List<UserLoginDeviceDTO> expireOtherDevice(List<UserLoginDeviceDTO> list, String str) {
        if (CollUtil.isEmpty(list) || CharSequenceUtil.isBlank(str)) {
            return list;
        }
        LoginDeviceLimitStrategy loginDeviceLimitStrategy = null;
        Iterator<LoginProperties.LoginDeviceLimiter> it = this.authorizationProviderProperties.getLogin().getLoginDeviceLimiters().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            LoginProperties.LoginDeviceLimiter next = it.next();
            if (str.equals(next.getClientId())) {
                loginDeviceLimitStrategy = next.getStrategy();
                break;
            }
        }
        if (LoginDeviceLimitStrategy.INVALID_OTHER != loginDeviceLimitStrategy) {
            return list;
        }
        ArrayList arrayList = new ArrayList(list.size());
        for (UserLoginDeviceDTO userLoginDeviceDTO : list) {
            if (str.equals(userLoginDeviceDTO.getClientId())) {
                this.authenticationCache.removeUserDetail(userLoginDeviceDTO.getToken());
                log.info("自动注销已登录的设备：{}, {}, {}", userLoginDeviceDTO.getLoginTime(), userLoginDeviceDTO.getUserAgent(), userLoginDeviceDTO.getToken());
            } else {
                arrayList.add(userLoginDeviceDTO);
            }
        }
        return arrayList;
    }

    private UserLoginDeviceDTO buildLoginDevice(HttpServletRequest httpServletRequest, GeneralUserDetails generalUserDetails, String str) {
        UserLoginDeviceDTO userLoginDeviceDTO = new UserLoginDeviceDTO();
        if (httpServletRequest != null) {
            userLoginDeviceDTO.setClientId((String) httpServletRequest.getAttribute(AuthorizationConstant.REQUEST_ATTRIBUTE_CLIENT_ID));
            userLoginDeviceDTO.setLoginIp(HttpServletUtil.currentClientIp());
            userLoginDeviceDTO.setUserAgent(httpServletRequest.getHeader("User-Agent"));
        }
        userLoginDeviceDTO.setToken(str);
        userLoginDeviceDTO.setLoginTime(DatetimeUtil.toStr(LocalDateTime.now()));
        return userLoginDeviceDTO;
    }

    private Duration cachePrincipalDuration() {
        TokenProperties tokenProperties = this.tokenPropertiesProvider.get();
        if (tokenProperties != null) {
            return tokenProperties.getTokenTtl();
        }
        if (this.authorizationProperties.getTokenTtl() == null || this.authorizationProperties.getTokenTtl().getSeconds() <= 0) {
            return null;
        }
        return this.authorizationProperties.getTokenTtl();
    }
}
