package cn.watsontech.core.web.spring.security.authentication;

import cn.watsontech.core.service.AdminService;
import cn.watsontech.core.service.UserService;
import cn.watsontech.core.service.manually.AdminManualService;
import cn.watsontech.core.service.manually.MessageManualService;
import cn.watsontech.core.web.form.AdminRegisterForm;
import cn.watsontech.core.web.spring.aop.annotation.Access;
import cn.watsontech.core.web.spring.aop.annotation.AccessParam;
import cn.watsontech.core.web.spring.security.LoginUser;
import cn.watsontech.core.web.spring.security.entity.Admin;
import cn.watsontech.core.web.spring.security.entity.User;
import java.util.Date;
import org.apache.commons.lang3.time.DateFormatUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import tk.mybatis.mapper.entity.Condition;
import tk.mybatis.mapper.entity.Example;

@Service
/* loaded from: input_file:cn/watsontech/core/web/spring/security/authentication/AccountService.class */
public class AccountService {
    private static final Logger log = LogManager.getLogger(AccountService.class);
    UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
    UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();

    @Autowired
    AdminService adminService;

    @Autowired
    UserService userService;

    @Autowired
    MessageManualService messageManualService;

    @Autowired
    JdbcTemplate jdbcTemplate;

    @Autowired
    PasswordEncoder passwordEncoder;

    /* loaded from: input_file:cn/watsontech/core/web/spring/security/authentication/AccountService$DefaultPostAuthenticationChecks.class */
    private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
        private DefaultPostAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (userDetails.isCredentialsNonExpired()) {
                return;
            }
            AccountService.log.debug("User account credentials have expired, account = {}", userDetails);
            throw new CredentialsExpiredException("该账户密码已过期！");
        }
    }

    /* loaded from: input_file:cn/watsontech/core/web/spring/security/authentication/AccountService$DefaultPreAuthenticationChecks.class */
    private class DefaultPreAuthenticationChecks implements UserDetailsChecker {
        private DefaultPreAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (!userDetails.isAccountNonLocked()) {
                AccountService.log.debug("User account is locked, account = {}", userDetails);
                throw new LockedException("该账号已锁定！");
            }
            if (!userDetails.isEnabled()) {
                AccountService.log.debug("User account is disabled, account = {}", userDetails);
                throw new DisabledException("该账号已禁用！");
            }
            if (userDetails.isAccountNonExpired()) {
                return;
            }
            AccountService.log.debug("User account is expired, account = {}", userDetails);
            throw new AccountExpiredException("该账号已过期！");
        }
    }

    @Access("用户(%s)使用密码登录(ip地址:%s)")
    public LoginUser loginByUsername(@AccessParam String str, String str2, @AccessParam String str3) throws UsernameNotFoundException {
        String[] splitUsernameAndType = splitUsernameAndType(str);
        String str4 = splitUsernameAndType[0];
        LoginUser.Type valueOf = LoginUser.Type.valueOf(splitUsernameAndType[1]);
        LoginUser loadAccountInfo = loadAccountInfo("username", str4, valueOf, new String[]{"id", "username", "password", "nickName", "gender", "email", "avatarUrl", "mobile", "lastLoginDate", "enabled", "expired", "locked", "credentialsExpired", "extraData"}, false);
        loadRolesAndPermissions(loadAccountInfo);
        this.preAuthenticationChecks.check(loadAccountInfo);
        Assert.isTrue(this.passwordEncoder.matches(str2, loadAccountInfo.getPassword()), "密码不正确");
        this.postAuthenticationChecks.check(loadAccountInfo);
        Object obj = "tb_user";
        switch (valueOf) {
            case admin:
                obj = AdminManualService.tableName;
                break;
        }
        this.jdbcTemplate.execute(String.format("update %s set last_login_date=login_date, last_login_ip=login_ip, login_ip='%s', login_date='%s' where id = %s", obj, str3, DateFormatUtils.format(new Date(), "yyyy-MM-dd HH:mm:ss"), loadAccountInfo.getId()));
        return loadAccountInfo;
    }

    private void loadRolesAndPermissions(LoginUser loginUser) {
        if (loginUser == null || loginUser.getUserType() != LoginUser.Type.admin) {
            return;
        }
        loginUser.setRoles(this.jdbcTemplate.queryForList(String.format("select b.name from ref_admin_role a left join tb_role b on a.role_id=b.id where a.admin_id=%s", loginUser.getId()), String.class));
        loginUser.setPermissions(this.jdbcTemplate.queryForList(String.format("select distinct b.name from ref_role_permission a left join tb_permission b on a.permission_id=b.id left join ref_admin_role c on a.role_id=c.role_id where c.admin_id=%s", loginUser.getId()), String.class));
    }

    @Access("小程序用户(%s)自动登录")
    public LoginUser loginByOpenId(@AccessParam String str) throws UsernameNotFoundException {
        LoginUser loadAccountInfo = loadAccountInfo("openid", str, LoginUser.Type.user, new String[]{"id", "username", "nickName", "gender", "avatarUrl", "mobile", "lastLoginDate", "enabled", "expired", "locked", "credentialsExpired", "createdTime"}, false, false);
        if (loadAccountInfo != null) {
            this.preAuthenticationChecks.check(loadAccountInfo);
            this.postAuthenticationChecks.check(loadAccountInfo);
        }
        return loadAccountInfo;
    }

    @Access("用户(%s)使用令牌登录")
    public LoginUser loginByUserId(@AccessParam String str) throws UsernameNotFoundException {
        String[] splitUsernameAndType = splitUsernameAndType(str);
        Long l = null;
        try {
            l = Long.valueOf(Long.parseLong(splitUsernameAndType[0]));
        } catch (NumberFormatException e) {
            e.printStackTrace();
        }
        LoginUser loadAccountInfo = loadAccountInfo("id", l, LoginUser.Type.valueOf(splitUsernameAndType[1]), new String[]{"id", "username", "nickName", "gender", "avatarUrl", "mobile", "lastLoginDate", "extraData", "createdTime", "enabled", "expired", "locked", "credentialsExpired"}, false);
        this.preAuthenticationChecks.check(loadAccountInfo);
        this.postAuthenticationChecks.check(loadAccountInfo);
        loadRolesAndPermissions(loadAccountInfo);
        return loadAccountInfo;
    }

    public LoginUser loadLoginAccount(Long l, LoginUser.Type type) {
        LoginUser loadAccountInfo = loadAccountInfo("id", l, type, new String[]{"id", "username", "nickName", "gender", "avatarUrl", "mobile", "lastLoginDate", "extraData", "createdTime", "enabled", "expired", "locked", "credentialsExpired"}, false);
        this.preAuthenticationChecks.check(loadAccountInfo);
        this.postAuthenticationChecks.check(loadAccountInfo);
        loadRolesAndPermissions(loadAccountInfo);
        return loadAccountInfo;
    }

    private LoginUser loadLoginAccountInternal(Long l, LoginUser.Type type) {
        return loadAccountInfo("id", l, type, new String[]{"id", "username", "nickName", "gender", "avatarUrl", "mobile", "lastLoginDate", "extraData", "createdTime"}, true);
    }

    private LoginUser loadAccountInfo(String str, Object obj, LoginUser.Type type, String[] strArr, boolean z) {
        return loadAccountInfo(str, obj, type, strArr, z, true);
    }

    private LoginUser loadAccountInfo(String str, Object obj, LoginUser.Type type, String[] strArr, boolean z, boolean z2) {
        LoginUser loginUser = null;
        if (str != null && obj != null) {
            Condition userCondition = getUserCondition(type);
            cn.watsontech.core.service.intf.Service<? extends LoginUser, Long> userService = getUserService(type);
            userCondition.selectProperties(strArr);
            switch (type) {
                case admin:
                    userCondition.selectProperties(new String[]{"type"});
                    break;
                case user:
                    userCondition.selectProperties(new String[]{"openid", "email", "logged"});
                    break;
            }
            Example.Criteria andEqualTo = userCondition.createCriteria().andEqualTo(str, obj);
            if (z) {
                andEqualTo.andEqualTo("enabled", true).andEqualTo("locked", false);
            }
            loginUser = userService.selectFirstByCondition(userCondition);
        }
        if (loginUser != null) {
            loginUser.setUnreadMessages(this.messageManualService.countUnreadMessages(type, loginUser.getId().longValue()));
        } else if (z2) {
            throw new UsernameNotFoundException("数据库中未找到用户(" + obj + "@" + type + ")");
        }
        return loginUser;
    }

    public static String[] splitUsernameAndType(String str) {
        int lastIndexOf = str.lastIndexOf("@");
        LoginUser.Type type = LoginUser.Type.user;
        String str2 = str;
        if (lastIndexOf > 0) {
            try {
                type = LoginUser.Type.valueOf(str.substring(lastIndexOf + 1));
                str2 = str.substring(0, lastIndexOf);
            } catch (Exception e) {
            }
        }
        return new String[]{str2, type.name()};
    }

    private cn.watsontech.core.service.intf.Service<? extends LoginUser, Long> getUserService(LoginUser.Type type) {
        switch (type) {
            case admin:
                return this.adminService;
            default:
                return this.userService;
        }
    }

    public static Condition getUserCondition(LoginUser.Type type) {
        switch (type) {
            case admin:
                return new Condition(Admin.class);
            default:
                return new Condition(User.class);
        }
    }

    @Transactional
    public Admin registerAdmin(AdminRegisterForm adminRegisterForm, LoginUser loginUser) {
        Condition condition = new Condition(Admin.class);
        condition.createCriteria().andEqualTo("username", adminRegisterForm.getUsername());
        Assert.isNull(this.adminService.selectFirstByCondition(condition), "用户名已存在");
        Admin admin = new Admin();
        admin.setType(Integer.valueOf(adminRegisterForm.getType()));
        admin.setUsername(adminRegisterForm.getUsername());
        admin.setEnabled(true);
        admin.setMobile(adminRegisterForm.getMobile());
        admin.setGender(adminRegisterForm.getGender());
        admin.setNickName(adminRegisterForm.getNickName());
        admin.setEmail(adminRegisterForm.getEmail());
        admin.setAddress(adminRegisterForm.getAddress());
        admin.setPassword(this.passwordEncoder.encode(adminRegisterForm.getPassword()));
        admin.setCreatedBy(loginUser.getId());
        admin.setCreatedByName(loginUser.getUsername());
        Assert.isTrue(this.adminService.insertSelective(admin) > 0, "添加管理员账号失败，请稍后再试");
        long j = 5;
        if (admin.getType() != null) {
            if (0 == admin.getType().intValue()) {
                j = 0;
            } else if (1 == admin.getType().intValue()) {
                j = 1;
            }
        }
        this.jdbcTemplate.update("INSERT ignore INTO ref_admin_role (role_id, admin_id, created_by) VALUES (?, ?, ?)", new Object[]{Long.valueOf(j), admin.getId(), loginUser.getId()});
        return admin;
    }
}
