package com.jk.zs.crm.service.login;

import cn.binarywang.wx.miniapp.bean.WxMaJscode2SessionResult;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollectionUtil;
import com.alibaba.fastjson.JSON;
import com.jk.project.security.utils.JwtTokenUtil;
import com.jk.project.security.utils.SecurityUtils;
import com.jk.zs.crm.common.utils.DesensitizationUtil;
import com.jk.zs.crm.common.utils.IpUtil;
import com.jk.zs.crm.common.utils.RedisRateLimitUtil;
import com.jk.zs.crm.config.LoginProperties;
import com.jk.zs.crm.constant.CommonConstant;
import com.jk.zs.crm.constant.login.LoginConstant;
import com.jk.zs.crm.constant.login.LoginResultCode;
import com.jk.zs.crm.dto.PlatformUserDetail;
import com.jk.zs.crm.exception.BusinessException;
import com.jk.zs.crm.model.dto.user.PlatformLoginUserDTO;
import com.jk.zs.crm.model.po.login.PlatformLoginLog;
import com.jk.zs.crm.model.po.user.PlatformUser;
import com.jk.zs.crm.repository.service.login.PlatformLoginLogService;
import com.jk.zs.crm.request.login.SmsLoginReq;
import com.jk.zs.crm.request.login.WxLoginReq;
import com.jk.zs.crm.response.login.LoginUserResp;
import com.jk.zs.crm.response.login.TokenModel;
import com.jk.zs.crm.service.user.MiniAppService;
import com.jk.zs.crm.service.user.PlatformUserDetailService;
import com.jzt.cloud.msgcenter.ba.common.api.MsgEventClient;
import com.jzt.cloud.msgcenter.ba.common.model.dto.bean.EventBean;
import com.jzt.cloud.msgcenter.ba.common.model.dto.bean.EventResult;
import com.jzt.cloud.msgcenter.ba.common.model.dto.bean.EventSms;
import com.jzt.cloud.msgcenter.ba.common.model.dto.bean.EventSmsWrapper;
import com.jzt.cloud.msgcenter.ba.common.model.dto.common.Result;
import com.jzt.jk.center.common.redis.util.RedisFactory;
import com.jzt.jk.center.common.redis.v2.util.RedisUtils;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.modelmapper.ModelMapper;
import org.redisson.api.RLock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/com/jk/zs/crm/service/login/LoginService.class */
public class LoginService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) LoginService.class);

    @Resource
    private MiniAppService miniAppService;

    @Resource
    private LoginProperties loginProperties;

    @Resource
    private ModelMapper modelMapper;

    @Resource
    private JwtTokenUtil jwtTokenUtil;

    @Resource
    private PlatformUserDetailService platformUserDetailService;

    @Resource
    private PlatformLoginLogService platformLoginLogService;

    @Resource
    private HttpServletRequest request;

    @Resource
    private RedisRateLimitUtil redisRateLimitUtil;

    @Resource
    private MsgEventClient msgEventClient;

    public TokenModel loginByWx(String str, WxLoginReq wxLoginReq) {
        return login(buildPlatformLoginUser(str, this.miniAppService.getWxPhoneInfo(str, wxLoginReq.getPhoneCode()).getPhoneNumber(), wxLoginReq.getLoginCode(), LoginConstant.LOGIN_TYPE_WX));
    }

    private PlatformLoginUserDTO buildPlatformLoginUser(String str, String str2, String str3, Integer num) {
        PlatformLoginUserDTO.PlatformLoginUserDTOBuilder loginType = PlatformLoginUserDTO.builder().appId(str).phone(str2).loginType(num);
        if (StringUtils.isNotBlank(str3)) {
            WxMaJscode2SessionResult sessionResult = this.miniAppService.getSessionResult(str, str3);
            log.info("根据loginCode获取wxSession= {}", JSON.toJSONString(sessionResult));
            loginType.openId(sessionResult.getOpenid()).unionId(sessionResult.getUnionid());
        }
        return loginType.build();
    }

    private TokenModel login(PlatformLoginUserDTO platformLoginUserDTO) {
        RLock lock = RedisFactory.getInstance().getRedisson().getLock(getUserLoginLockKey(platformLoginUserDTO.getAppId(), platformLoginUserDTO.getPhone()));
        try {
            try {
                boolean tryLock = lock.tryLock(5L, 10L, TimeUnit.SECONDS);
                if (!tryLock) {
                    log.error("用户登录注册获取分布式锁失败: appId={},phone={}", platformLoginUserDTO.getAppId(), platformLoginUserDTO.getPhone());
                    throw BusinessException.build(LoginResultCode.LOGIN_FAIL_GET_LOCK.getCode(), LoginResultCode.LOGIN_FAIL_GET_LOCK.getMsg());
                }
                PlatformUser platformUser = this.platformUserDetailService.getPlatformUser(platformLoginUserDTO.getAppId(), platformLoginUserDTO.getPhone());
                PlatformUser createNewUser = Objects.isNull(platformUser) ? this.platformUserDetailService.createNewUser(platformLoginUserDTO) : this.platformUserDetailService.updateUserWxParam(platformUser, platformLoginUserDTO);
                SecurityUtils.deregister(createNewUser.getUserName());
                saveLoginLog(createNewUser, platformLoginUserDTO.getLoginType());
                if (tryLock) {
                    lock.unlock();
                }
                return generateToken(createNewUser);
            } catch (InterruptedException e) {
                log.error("患者用户登录注册获取分布式锁失败.lockName={}.", lock.getName(), e);
                throw BusinessException.build(LoginResultCode.LOGIN_FAIL_GET_LOCK.getCode(), LoginResultCode.LOGIN_FAIL_GET_LOCK.getMsg());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                lock.unlock();
            }
            throw th;
        }
    }

    private void saveLoginLog(PlatformUser platformUser, Integer num) {
        PlatformLoginLog platformLoginLog = new PlatformLoginLog();
        platformLoginLog.setPlatformUserId(platformUser.getId());
        String ip = IpUtil.getIp(this.request);
        platformLoginLog.setIpAddress(ip);
        platformLoginLog.setIpCity(IpUtil.getCityInfo(ip));
        Date date = new Date();
        platformLoginLog.setLoginTime(date);
        platformLoginLog.setCreateTime(date);
        platformLoginLog.setLoginType(num);
        platformLoginLog.setLoginPhone(platformUser.getPhone());
        platformLoginLog.setAppId(platformUser.getAppId());
        platformLoginLog.setIsDelete(CommonConstant.UN_DELETE);
        this.platformLoginLogService.save(platformLoginLog);
    }

    private TokenModel generateToken(PlatformUser platformUser) {
        TokenModel tokenModel = new TokenModel();
        tokenModel.setTokenName(this.loginProperties.getTokenName());
        PlatformUserDetail loadUserByUsername = this.platformUserDetailService.loadUserByUsername(platformUser.getUserName());
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername, null, loadUserByUsername.getAuthorities()));
        LoginUserResp loginUserResp = new LoginUserResp();
        loginUserResp.setPlatformUserId(platformUser.getId());
        loginUserResp.setPhone(DesensitizationUtil.mobileEncrypt(platformUser.getPhone()));
        loginUserResp.setCreated(new Date());
        tokenModel.setLoginUserResp(loginUserResp);
        tokenModel.setToken(this.jwtTokenUtil.generateToken(loadUserByUsername, BeanUtil.beanToMap(loginUserResp)));
        return tokenModel;
    }

    public String getUserLoginLockKey(String str, String str2) {
        return StringUtils.joinWith(":", "zs-saas-crm-client-server", LoginConstant.USER_LOGIN_LOCK, str, str2);
    }

    public Boolean sendSmsCaptcha(String str, String str2) {
        String str3;
        boolean z;
        sendCaptchaLimitCheck(str, str2);
        if (!"PROD".equals(this.loginProperties.getEnvironment()) || this.loginProperties.getWhiteListPhone().contains(str2)) {
            str3 = LoginConstant.DEFAULT_CAPTCHA;
            z = true;
        } else {
            str3 = RandomStringUtils.randomNumeric(6);
            z = sendRealSmsCaptcha(str2, str3);
        }
        if (z) {
            RedisUtils.set(StringUtils.joinWith(":", "zs-saas-crm-client-server", "login", LoginConstant.SMS_CAPTCHA, str, str2), str3, this.loginProperties.getCaptchaTimeOut().intValue(), TimeUnit.SECONDS);
        }
        return Boolean.valueOf(z);
    }

    private boolean sendRealSmsCaptcha(String str, String str2) {
        EventSmsWrapper eventSmsWrapper;
        EventBean eventBean = new EventBean();
        eventBean.setBusinessId(this.loginProperties.getLoginSmsBusinessId());
        eventBean.setNodeCode(this.loginProperties.getLoginSmsEvenNode());
        EventSms eventSms = new EventSms();
        eventSms.setMobile(str);
        HashMap hashMap = new HashMap();
        hashMap.put("code", str2);
        eventSms.setParams(hashMap);
        eventBean.setSmsList(Collections.singletonList(eventSms));
        log.info("sendEventSms调用消息中心发送短信开始 req={}", JSON.toJSONString(eventBean));
        try {
            Result<EventResult> eventPush = this.msgEventClient.eventPush(eventBean);
            if (!LoginConstant.MSG_CENTER_SUCCESS_CODE.equals(Integer.valueOf(eventPush.getStatus()))) {
                log.error("sendEventSms调用消息中心发送短信失败 req={}，resp={}", JSON.toJSONString(eventBean), JSON.toJSONString(eventPush));
                return false;
            }
            log.info("sendEventSms调用消息中心发送短信结束 req={}，resp={}", JSON.toJSONString(eventBean), JSON.toJSONString(eventPush));
            List<EventSmsWrapper> smsList = eventPush.getData().getSmsList();
            return (CollectionUtil.isEmpty((Collection<?>) smsList) || (eventSmsWrapper = smsList.get(0)) == null || !eventSmsWrapper.getIsSuccess().booleanValue()) ? false : true;
        } catch (Exception e) {
            log.error("sendEventSms调用消息中心发送短信异常 req={}", JSON.toJSONString(eventBean), e);
            throw BusinessException.build(LoginResultCode.SEND_MSG_FAIL.getCode(), LoginResultCode.SEND_MSG_FAIL.getMsg());
        }
    }

    private void sendCaptchaLimitCheck(String str, String str2) {
        String joinWith = StringUtils.joinWith(":", "zs-saas-crm-client-server", "login", LoginConstant.CAPTCHA_LOCK, str, str2);
        if (RedisUtils.get(joinWith) != null) {
            log.error("账户获取验证码过于频繁，已被锁定：phone= {}", str2);
            throw BusinessException.build(LoginResultCode.FREQUENT_OPERATION.getCode(), LoginResultCode.FREQUENT_OPERATION.getMsg());
        }
        String joinWith2 = StringUtils.joinWith(":", "zs-saas-crm-client-server", "login", LoginConstant.CAPTCHA_LIMIT, str, str2);
        try {
            boolean isAllowed = this.redisRateLimitUtil.isAllowed(joinWith2, this.loginProperties.getInterval().intValue(), this.loginProperties.getMaximum().intValue());
            log.info("验证码限流验证： phone= {}, rateKey= {}, isAllowed= {}", str2, joinWith2, Boolean.valueOf(isAllowed));
            if (isAllowed) {
                return;
            }
            RedisUtils.set(joinWith, 1, this.loginProperties.getLockTime().intValue());
            throw BusinessException.build(LoginResultCode.FREQUENT_OPERATION.getCode(), LoginResultCode.FREQUENT_OPERATION.getMsg());
        } catch (InterruptedException e) {
            log.error("短信验证码限流功能异常", (Throwable) e);
            throw new BusinessException("短信验证码限流功能异常", new Object[0]);
        }
    }

    public TokenModel loginByCaptcha(String str, SmsLoginReq smsLoginReq) {
        checkCaptcha(str, smsLoginReq.getPhone(), smsLoginReq.getSmsCaptcha());
        TokenModel login = login(buildPlatformLoginUser(str, smsLoginReq.getPhone(), smsLoginReq.getLoginCode(), LoginConstant.LOGIN_TYPE_SMS));
        deleteLoginCaptchaCache(str, smsLoginReq.getPhone());
        return login;
    }

    private void checkCaptcha(String str, String str2, String str3) {
        String string = RedisUtils.getString(StringUtils.joinWith(":", "zs-saas-crm-client-server", "login", LoginConstant.SMS_CAPTCHA, str, str2));
        if (StringUtils.isBlank(string)) {
            throw BusinessException.build(LoginResultCode.INVALID_CAPTCHA.getCode(), LoginResultCode.INVALID_CAPTCHA.getMsg());
        }
        if (string.equals(str3)) {
            return;
        }
        log.error("登录验证码验证失败: phone= {}, cacheCaptcha= {}, captcha= {}", str2, string, str3);
        throw BusinessException.build(LoginResultCode.ERROR_CAPTCHA.getCode(), LoginResultCode.ERROR_CAPTCHA.getMsg());
    }

    private void deleteLoginCaptchaCache(String str, String str2) {
        RedisUtils.del(StringUtils.joinWith(":", "zs-saas-crm-client-server", "login", LoginConstant.SMS_CAPTCHA, str, str2));
    }

    public Boolean loginOut() {
        String currentUsername = SecurityUtils.getCurrentUsername();
        if (StringUtils.isBlank(currentUsername)) {
            log.info("用户无登录信息，退出登录失败");
            return false;
        }
        log.info("用户: 【{}】退出登录", currentUsername);
        SecurityUtils.deregisterDevice(currentUsername, this.request.getHeader(this.loginProperties.getTokenName()));
        return true;
    }

    public Boolean bannedUser() {
        UserDetails currentUser = SecurityUtils.getCurrentUser();
        if (Objects.isNull(currentUser)) {
            log.info("用户无登录信息，注销失败");
            return false;
        }
        log.info("用户注销: user= {}", JSON.toJSONString(currentUser));
        this.platformUserDetailService.bannedUser(SecurityUtils.getCurrentUserId());
        SecurityUtils.deregister(currentUser.getUsername());
        return true;
    }
}
