package com.alibaba.nacos.console.controller;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.config.server.auth.RoleInfo;
import com.alibaba.nacos.config.server.model.RestResult;
import com.alibaba.nacos.console.security.nacos.NacosAuthConfig;
import com.alibaba.nacos.console.security.nacos.NacosAuthManager;
import com.alibaba.nacos.console.security.nacos.roles.NacosRoleServiceImpl;
import com.alibaba.nacos.console.security.nacos.users.NacosUser;
import com.alibaba.nacos.console.security.nacos.users.NacosUserDetailsServiceImpl;
import com.alibaba.nacos.console.utils.JwtTokenUtils;
import com.alibaba.nacos.console.utils.PasswordEncoderUtil;
import com.alibaba.nacos.core.auth.AccessException;
import com.alibaba.nacos.core.auth.ActionTypes;
import com.alibaba.nacos.core.auth.AuthConfigs;
import com.alibaba.nacos.core.auth.AuthSystemTypes;
import com.alibaba.nacos.core.auth.Secured;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/v1/auth", "/v1/auth/users"})
@RestController("user")
/* loaded from: input_file:com/alibaba/nacos/console/controller/UserController.class */
public class UserController {

    @Autowired
    private JwtTokenUtils jwtTokenUtils;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private NacosUserDetailsServiceImpl userDetailsService;

    @Autowired
    private NacosRoleServiceImpl roleService;

    @Autowired
    private AuthConfigs authConfigs;

    @Autowired
    private NacosAuthManager authManager;

    @PostMapping
    @Secured(resource = "console/users", action = ActionTypes.WRITE)
    public Object createUser(@RequestParam String str, @RequestParam String str2) {
        if (this.userDetailsService.getUserFromDatabase(str) != null) {
            throw new IllegalArgumentException("user '" + str + "' already exist!");
        }
        this.userDetailsService.createUser(str, PasswordEncoderUtil.encode(str2));
        return new RestResult(200, "create user ok!");
    }

    @DeleteMapping
    @Secured(resource = "console/users", action = ActionTypes.WRITE)
    public Object deleteUser(@RequestParam String str) {
        List<RoleInfo> roles = this.roleService.getRoles(str);
        if (roles != null) {
            Iterator<RoleInfo> it = roles.iterator();
            while (it.hasNext()) {
                if (it.next().getRole().equals(NacosRoleServiceImpl.GLOBAL_ADMIN_ROLE)) {
                    throw new IllegalArgumentException("cannot delete admin: " + str);
                }
            }
        }
        this.userDetailsService.deleteUser(str);
        return new RestResult(200, "delete user ok!");
    }

    @PutMapping
    @Secured(resource = "console/users", action = ActionTypes.WRITE)
    public Object updateUser(@RequestParam String str, @RequestParam String str2) {
        if (this.userDetailsService.getUserFromDatabase(str) == null) {
            throw new IllegalArgumentException("user " + str + " not exist!");
        }
        this.userDetailsService.updateUserPassword(str, PasswordEncoderUtil.encode(str2));
        return new RestResult(200, "update user ok!");
    }

    @GetMapping
    @Secured(resource = "console/users", action = ActionTypes.READ)
    public Object getUsers(@RequestParam int i, @RequestParam int i2) {
        return this.userDetailsService.getUsersFromDatabase(i, i2);
    }

    @PostMapping({"/login"})
    public Object login(@RequestParam String str, @RequestParam String str2, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) throws AccessException {
        if (AuthSystemTypes.NACOS.name().equalsIgnoreCase(this.authConfigs.getNacosAuthSystemType())) {
            NacosUser nacosUser = (NacosUser) this.authManager.login(httpServletRequest);
            httpServletResponse.addHeader(NacosAuthConfig.AUTHORIZATION_HEADER, "Bearer " + nacosUser.getToken());
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("accessToken", nacosUser.getToken());
            jSONObject.put("tokenTtl", Long.valueOf(this.authConfigs.getTokenValidityInSeconds()));
            jSONObject.put("globalAdmin", Boolean.valueOf(nacosUser.isGlobalAdmin()));
            return jSONObject;
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str, str2);
        RestResult restResult = new RestResult();
        try {
            Authentication authenticate = this.authenticationManager.authenticate(usernamePasswordAuthenticationToken);
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            String createToken = this.jwtTokenUtils.createToken(authenticate);
            httpServletResponse.addHeader(NacosAuthConfig.AUTHORIZATION_HEADER, "Bearer " + createToken);
            restResult.setCode(200);
            restResult.setData("Bearer " + createToken);
            return restResult;
        } catch (BadCredentialsException e) {
            restResult.setCode(401);
            restResult.setMessage("Login failed");
            return restResult;
        }
    }

    @PutMapping({"/password"})
    @Deprecated
    public RestResult<String> updatePassword(@RequestParam("oldPassword") String str, @RequestParam("newPassword") String str2) {
        RestResult<String> restResult = new RestResult<>();
        String username = ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername();
        try {
            if (PasswordEncoderUtil.matches(str, this.userDetailsService.getUserFromDatabase(username).getPassword()).booleanValue()) {
                this.userDetailsService.updateUserPassword(username, PasswordEncoderUtil.encode(str2));
                restResult.setCode(200);
                restResult.setMessage("Update password success");
            } else {
                restResult.setCode(401);
                restResult.setMessage("Old password is invalid");
            }
        } catch (Exception e) {
            restResult.setCode(500);
            restResult.setMessage("Update userpassword failed");
        }
        return restResult;
    }
}
