package org.beast.hand.http.passport.filter;

import java.net.URI;
import java.util.Map;
import java.util.Objects;
import org.beast.data.message.ReturnResult;
import org.beast.hand.http.resolver.AppResolver;
import org.beast.hand.http.support.BeastWebExchangeUtils;
import org.beast.hand.http.support.SNSUserTokenHelper;
import org.beast.security.core.SNSType;
import org.beast.security.core.UserToken;
import org.beast.user.client.UserCenterClient;
import org.beast.user.client.UserWebClient;
import org.beast.user.client.dto.SNSAuthorizeUriCreateInput;
import org.beast.user.core.AuthenticationKey;
import org.beast.user.data.dto.AppSNSUserTokenVerifyInput;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpCookie;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.web.reactive.function.server.ServerRequest;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/beast/hand/http/passport/filter/AppUserWithSNSUserAuthenticateFilter.class */
public abstract class AppUserWithSNSUserAuthenticateFilter extends UserWebAuthenticateFilter {
    private static final Logger log = LoggerFactory.getLogger(AppUserWithSNSUserAuthenticateFilter.class);
    protected UserCenterClient userClient;
    protected UserWebClient userWebClient;
    protected AuthenticationKey authenticationKey;

    public AppUserWithSNSUserAuthenticateFilter(AuthenticationKey authenticationKey) {
        super(new AppResolver() { // from class: org.beast.hand.http.passport.filter.AppUserWithSNSUserAuthenticateFilter.1
        });
        this.authenticationKey = authenticationKey;
    }

    @Override // org.beast.hand.http.passport.filter.UserWebAuthenticateFilter, org.beast.hand.http.passport.filter.AbstractAppAuthenticateFilter
    public Mono<UserToken> authenticate(String str, ServerWebExchange serverWebExchange) {
        HttpCookie httpCookie = (HttpCookie) serverWebExchange.getRequest().getCookies().getFirst("sns-u-token");
        if (Objects.isNull(httpCookie)) {
            return Mono.error(new InsufficientAuthenticationException("SNSUserToken is missing"));
        }
        String value = httpCookie.getValue();
        try {
            SNSUserTokenHelper.decode(value);
            AppSNSUserTokenVerifyInput appSNSUserTokenVerifyInput = new AppSNSUserTokenVerifyInput();
            appSNSUserTokenVerifyInput.setKey(this.authenticationKey);
            appSNSUserTokenVerifyInput.setToken(value);
            ReturnResult verifySNSUserToken = this.userClient.verifySNSUserToken(str, appSNSUserTokenVerifyInput);
            if (!verifySNSUserToken.hasError()) {
                return super.authenticate(str, serverWebExchange);
            }
            if (verifySNSUserToken.isError("USR_ERR_SNS_USER_TOKEN_INVALID")) {
                return Mono.error(new InsufficientAuthenticationException("SNSUserToken verify error"));
            }
            log.info("token: {} verify exception, error: {}", value, verifySNSUserToken.getError());
            return Mono.error(new InsufficientAuthenticationException("SNSUserToken verify exception"));
        } catch (Exception e) {
            return Mono.error(new InsufficientAuthenticationException("SNSUserToken is invalid"));
        }
    }

    public URI createSNSAuthenticateUri(String str, String str2) {
        SNSAuthorizeUriCreateInput sNSAuthorizeUriCreateInput = new SNSAuthorizeUriCreateInput();
        sNSAuthorizeUriCreateInput.setKey(this.authenticationKey);
        sNSAuthorizeUriCreateInput.setType(SNSType.WECHAT_OFFIACCOUNT);
        sNSAuthorizeUriCreateInput.setRedirectUri(str2);
        return URI.create((String) this.userWebClient.authorizeUri(str, sNSAuthorizeUriCreateInput).orElseThrow());
    }

    @Override // org.beast.hand.http.passport.filter.UserWebAuthenticateFilter
    public abstract String getAuthenticateUriTemplate(String str, ServerRequest serverRequest);

    @Override // org.beast.hand.http.passport.filter.UserWebAuthenticateFilter
    public URI getAuthenticateUri(String str, ServerRequest serverRequest) {
        URI expand = BeastWebExchangeUtils.expand(getAuthenticateUriTemplate(str, serverRequest), serverRequest.exchange(), Map.of("key", this.authenticationKey.toString()));
        if (BeastWebExchangeUtils.hasAnotherScheme(expand)) {
            String scheme = expand.getScheme();
            if ("callback".equals(scheme)) {
                expand = createSNSAuthenticateUri(str, expand.getSchemeSpecificPart());
            } else if ("redirect".equals(scheme)) {
                expand = URI.create(expand.getSchemeSpecificPart());
            }
        }
        if (expand.getHost() == null) {
            throw new IllegalStateException("Invalid Uri: " + expand.toString());
        }
        return expand;
    }

    public void setUserClient(UserCenterClient userCenterClient) {
        this.userClient = userCenterClient;
    }

    public void setUserWebClient(UserWebClient userWebClient) {
        this.userWebClient = userWebClient;
    }
}
