package com.ajaxjs.iam.client;

import com.ajaxjs.iam.client.model.UserAccessToken;
import com.ajaxjs.iam.jwt.JwtUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.view.RedirectView;
import org.springframework.web.util.UriComponentsBuilder;

@RequestMapping({"/oauth_client"})
@RestController
/* loaded from: input_file:com/ajaxjs/iam/client/OAuthClientController.class */
public class OAuthClientController {

    @Value("${client.id}")
    private String clientId;

    @Value("${client.secret}")
    private String clientSecret;

    @Value("${oauth.authorizeUrl}")
    private String authorizeUrl;

    @Value("${oauth.tokenUrl}")
    private String tokenUrl;

    @Value("${User.home}")
    private String userHome;
    static final String GRANT_TYPE = "authorization_code";
    public static final String USER_SESSION_KEY = "USER";

    @GetMapping({"/login"})
    public RedirectView redirectToLogin(HttpSession httpSession) {
        String randomString = JwtUtils.getRandomString(5);
        httpSession.setAttribute(ClientUtils.OAUTH_STATE, randomString);
        return new RedirectView(UriComponentsBuilder.fromHttpUrl(this.authorizeUrl).queryParam("response_type", new Object[]{"code"}).queryParam("client_id", new Object[]{this.clientId}).queryParam("redirect_uri", new Object[]{"http://your-callback-url.com/oauth/callback"}).queryParam("scope", new Object[]{"openid profile email address phone"}).queryParam("state", new Object[]{randomString}).toUriString());
    }

    @RequestMapping({"/callback"})
    public void token(@RequestParam String str, @RequestParam String str2, HttpSession httpSession, HttpServletResponse httpServletResponse) {
        if (!str2.equals((String) httpSession.getAttribute(ClientUtils.OAUTH_STATE))) {
            ClientUtils.returnForbidden(httpServletResponse);
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.setBasicAuth(this.clientId, this.clientSecret);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", GRANT_TYPE);
        linkedMultiValueMap.add("code", str);
        linkedMultiValueMap.add("redirect_uri", "http://your-callback-url.com/oauth/callback");
        new RestTemplate().exchange(this.tokenUrl, HttpMethod.POST, new HttpEntity(linkedMultiValueMap, httpHeaders), String.class, new Object[0]);
    }

    public static UserAccessToken getLoginedUser(HttpServletRequest httpServletRequest) {
        return getLoginedUser(httpServletRequest.getSession());
    }

    public static UserAccessToken getLoginedUser(HttpSession httpSession) {
        Object attribute = httpSession.getAttribute("USER");
        if (attribute == null) {
            throw new IllegalAccessError("用户未登录，非法访问");
        }
        if (attribute instanceof UserAccessToken) {
            return (UserAccessToken) attribute;
        }
        throw new IllegalStateException("用户不是 User 类型");
    }

    public static boolean isLogin(HttpServletRequest httpServletRequest) {
        return isLogin(httpServletRequest.getSession());
    }

    public static boolean isLogin(HttpSession httpSession) {
        return httpSession.getAttribute("USER") != null;
    }
}
