package cn.bootx.platform.iam.handler;

import cn.bootx.platform.common.core.entity.UserDetail;
import cn.bootx.platform.common.core.util.LocalDateTimeUtil;
import cn.bootx.platform.iam.code.UserStatusCode;
import cn.bootx.platform.iam.core.security.password.dao.PasswordLoginFailRecordManager;
import cn.bootx.platform.iam.core.security.password.entity.PasswordLoginFailRecord;
import cn.bootx.platform.iam.core.security.password.service.PasswordLoginFailRecordService;
import cn.bootx.platform.iam.core.security.password.service.PasswordSecurityConfigService;
import cn.bootx.platform.iam.core.user.service.UserAdminService;
import cn.bootx.platform.iam.dto.security.PasswordSecurityConfigDto;
import cn.bootx.platform.starter.auth.authentication.UserInfoStatusCheck;
import cn.bootx.platform.starter.auth.entity.AuthClient;
import cn.bootx.platform.starter.auth.entity.AuthInfoResult;
import cn.bootx.platform.starter.auth.entity.LoginAuthContext;
import cn.bootx.platform.starter.auth.exception.LoginFailureException;
import cn.hutool.core.util.StrUtil;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:cn/bootx/platform/iam/handler/UserInfoStatusCheckImpl.class */
public class UserInfoStatusCheckImpl implements UserInfoStatusCheck {
    private static final Logger log = LoggerFactory.getLogger(UserInfoStatusCheckImpl.class);
    private final PasswordLoginFailRecordManager loginFailRecordManager;
    private final PasswordLoginFailRecordService loginFailRecordService;
    private final PasswordSecurityConfigService securityConfigService;
    private final UserAdminService userAdminService;

    public void check(AuthInfoResult authInfoResult, LoginAuthContext loginAuthContext) {
        UserDetail userDetail = authInfoResult.getUserDetail();
        AuthClient authClient = loginAuthContext.getAuthClient();
        if (!loginAuthContext.getAuthProperties().isEnableAdmin() && userDetail.isAdmin()) {
            throw new LoginFailureException("未开启超级管理员权限");
        }
        if (userDetail.isAdmin()) {
            return;
        }
        if (!userDetail.getClientIds().contains(authClient.getId())) {
            throw new LoginFailureException("该用户不拥有该终端的权限");
        }
        if (Objects.equals(userDetail.getStatus(), UserStatusCode.BAN)) {
            throw new LoginFailureException("该用户已被禁用");
        }
        if (Objects.equals(userDetail.getStatus(), UserStatusCode.LOCK)) {
            checkLock(userDetail);
        }
    }

    private void checkLock(UserDetail userDetail) {
        PasswordSecurityConfigDto passwordSecurityConfigDto = this.securityConfigService.getDefault();
        PasswordLoginFailRecord orElse = this.loginFailRecordManager.findByUserId(userDetail.getId()).orElse(null);
        if (Objects.isNull(orElse)) {
            throw new LoginFailureException("该用户已被锁定，请联系管理员进行解锁");
        }
        long between = LocalDateTimeUtil.between(LocalDateTime.now(), LocalDateTimeUtil.offset(orElse.getFailTime(), passwordSecurityConfigDto.getErrorLockTime(), ChronoUnit.MINUTES), ChronoUnit.SECONDS);
        if (between <= 0) {
            throw new LoginFailureException(StrUtil.format("该用户已被锁定，请 {} 秒后再试", new Object[]{Long.valueOf(between)}));
        }
        this.loginFailRecordService.clearFailCount(userDetail.getId());
        this.userAdminService.unlock(Long.valueOf(between));
    }

    public UserInfoStatusCheckImpl(PasswordLoginFailRecordManager passwordLoginFailRecordManager, PasswordLoginFailRecordService passwordLoginFailRecordService, PasswordSecurityConfigService passwordSecurityConfigService, UserAdminService userAdminService) {
        this.loginFailRecordManager = passwordLoginFailRecordManager;
        this.loginFailRecordService = passwordLoginFailRecordService;
        this.securityConfigService = passwordSecurityConfigService;
        this.userAdminService = userAdminService;
    }
}
