package kd.bos.eye.api.login;

import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import java.io.IOException;
import java.time.LocalDateTime;
import java.util.HashMap;
import kd.bos.bundle.BosRes;
import kd.bos.db.DB;
import kd.bos.eye.api.cage.CageHandlerConstants;
import kd.bos.eye.api.oplog.OpLogEntity;
import kd.bos.eye.api.oplog.OpLogManager;
import kd.bos.eye.api.oplog.OpLogUtil;
import kd.bos.eye.api.oplog.OpLogger;
import kd.bos.eye.api.oplog.OpType;
import kd.bos.eye.api.permission.dao.UserDao;
import kd.bos.eye.api.permission.entity.User;
import kd.bos.eye.api.permission.entity.UserRequest;
import kd.bos.eye.auth.EyeAuther;
import kd.bos.eye.auth.SessionStore;
import kd.bos.eye.config.EyeConfigKeys;
import kd.bos.eye.util.ApiResponse;
import kd.bos.eye.util.ExchangeVueUtils;
import kd.bos.eye.util.MonitorLoginUtils;
import kd.bos.eye.util.PBKDF2Util;
import kd.bos.government.metadata.db.DBHelper;
import kd.bos.instance.Instance;
import kd.bos.thread.ThreadTruck;
import kd.bos.util.JSONUtils;
import kd.bos.util.StringUtils;

/* loaded from: input_file:kd/bos/eye/api/login/LoginApiHandler.class */
public class LoginApiHandler implements HttpHandler {
    private static final OpLogger opLogger = OpLogManager.getLogger();
    public static final LoginApiHandler instance = new LoginApiHandler();
    private static final String AUTH_TOKEN = "Auth_Token";

    private String xssClean(String str) {
        if (str != null) {
            return str.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll("\"", "&quot;").replaceAll("'", "&ocirc;");
        }
        return null;
    }

    public void handle(HttpExchange httpExchange) throws IOException {
        try {
            ThreadTruck.put(EyeConfigKeys.SESSION_DB_KEY, true);
            String property = System.getProperty("monitor.verifyCode.enable", "true");
            String property2 = System.getProperty(EyeConfigKeys.KEY_USER);
            boolean parseBoolean = Boolean.parseBoolean(property);
            ApiResponse apiResponse = new ApiResponse();
            String str = null;
            try {
                UserRequeset userRequeset = (UserRequeset) ExchangeVueUtils.parsePostJson(httpExchange, UserRequeset.class);
                String xssClean = xssClean(userRequeset.getUsername());
                String xssClean2 = xssClean(userRequeset.getPassword());
                if (StringUtils.isEmpty(xssClean)) {
                    apiResponse.setCode(1);
                    apiResponse.setData(null);
                    apiResponse.setMsg(BosRes.get("bos-eye", "LoginHandler_0", "用户名为空", new Object[0]));
                } else if (StringUtils.isEmpty(xssClean2)) {
                    apiResponse.setCode(1);
                    apiResponse.setData(null);
                    apiResponse.setMsg(BosRes.get("bos-eye", "LoginHandler_1", "密码为空", new Object[0]));
                } else if (!parseBoolean || VerifyCodeHandler.checkVerifyCode(getVerifyCode(httpExchange), userRequeset.getLoginId())) {
                    String decryptPassword = MonitorLoginUtils.getDecryptPassword(xssClean, xssClean2);
                    if (!EyeAuther.checkUser(xssClean, decryptPassword) || EyeAuther.isLocked(xssClean)) {
                        apiResponse.setMsg(BosRes.get("bos-eye", "LoginHandler_3", "用户不存在或者密码错误", new Object[0]));
                        apiResponse.setCode(1);
                        int errorTimes = getErrorTimes(xssClean);
                        apiResponse.setData(Integer.valueOf(errorTimes));
                        boolean isForbidden = EyeAuther.isForbidden(xssClean);
                        if (isForbidden) {
                            apiResponse.setMsg(BosRes.get("bos-eye", "LoginHandler_5", "用户：{0}登录错误次数达到{1}次，账户被锁定，请30分钟后再试", new Object[]{xssClean, Integer.valueOf(errorTimes)}));
                        }
                        changeTips(isForbidden, apiResponse, xssClean, errorTimes);
                        opLogger.opLog(addLoginLog(httpExchange, xssClean, false));
                    } else {
                        HashMap hashMap = new HashMap();
                        if (property2.equals(xssClean) || !EyeAuther.isExpirePassword(xssClean)) {
                            str = writeSession(xssClean, decryptPassword);
                            Integer integer = Integer.getInteger(EyeConfigKeys.KEY_HTTPSERVER_PORT);
                            hashMap.put("clusterName", Instance.getClusterName());
                            hashMap.put("webPort", integer);
                            hashMap.put("circuitbreaker", System.getProperty("circuitbreaker.type", "armor").toLowerCase());
                            hashMap.put("traceType", System.getProperty("gov.trace.reporter.type", "sword").toLowerCase());
                            apiResponse.setMsg(CageHandlerConstants.KEY_HANDLER_SUCCESS_RESPONSE_MSG);
                            apiResponse.setCode(0);
                            apiResponse.setData(hashMap);
                            editUserPassword(xssClean, decryptPassword);
                            opLogger.opLog(addLoginLog(httpExchange, xssClean, true));
                        } else {
                            apiResponse.setMsg(BosRes.get("bos-eye", "LoginHandler_6", "用户密码已过期", new Object[0]));
                            apiResponse.setCode(1);
                        }
                    }
                } else {
                    apiResponse.setCode(1);
                    apiResponse.setData(Integer.valueOf(getErrorTimes(xssClean)));
                    apiResponse.setMsg(BosRes.get("bos-eye", "LoginHandler_4", "验证码错误", new Object[0]));
                }
            } catch (Exception e) {
                apiResponse.setCode(-1);
                apiResponse.setMsg("login exception, message: " + e.getMessage());
            }
            writeJson(JSONUtils.toString(apiResponse), httpExchange, str);
            ThreadTruck.current().close();
        } catch (Throwable th) {
            ThreadTruck.current().close();
            throw th;
        }
    }

    private OpLogEntity addLoginLog(HttpExchange httpExchange, String str, boolean z) {
        OpLogEntity opLogEntity = new OpLogEntity();
        opLogEntity.setId(DB.genLongId("T_MONITOR_OPLOG"));
        opLogEntity.setUserName(str);
        opLogEntity.setOpTime(LocalDateTime.now());
        opLogEntity.setClientIp(OpLogUtil.getRemoteHost(httpExchange));
        opLogEntity.setOpType(OpType.EXECUTE.getTypeDescription());
        opLogEntity.setOpObject("登录");
        if (z) {
            opLogEntity.setDescription("登录成功");
        } else {
            opLogEntity.setDescription("登录失败");
        }
        return opLogEntity;
    }

    private int getErrorTimes(String str) {
        String str2 = (String) SessionStore.get().getCache().get("monitor-forbidden-account-" + str, str);
        if (StringUtils.isEmpty(str2)) {
            return 0;
        }
        return Integer.parseInt(str2);
    }

    private void changeTips(boolean z, ApiResponse apiResponse, String str, int i) {
        if (z) {
            apiResponse.setMsg(BosRes.get("bos-eye", "LoginHandler_5", "用户：{0}登录错误次数达到{1}次，账户被锁定，请30分钟后再试", new Object[]{str, Integer.valueOf(i)}));
        }
    }

    private String writeSession(String str, String str2) {
        return EyeAuther.newToken(str, str2);
    }

    protected void writeJson(String str, HttpExchange httpExchange, String str2) throws IOException {
        byte[] bytes = str.getBytes("UTF-8");
        httpExchange.getResponseHeaders().set("Content-Type", "text/json; charset=UTF-8");
        if (StringUtils.isNotEmpty(str2)) {
            httpExchange.getResponseHeaders().add("Set-Cookie", getSafetyToken(str2));
            httpExchange.getResponseHeaders().add(EyeAuther.CSRF_TOKEN, EyeAuther.getCsrfToken(str2));
        }
        httpExchange.sendResponseHeaders(202, bytes.length);
        httpExchange.getResponseBody().write(bytes);
        httpExchange.close();
    }

    private String getSafetyToken(String str) {
        return Boolean.getBoolean("monitor.add.securehttponly.enable") ? "Auth_Token=" + str + ";path=/;secure;HttpOnly" : "Auth_Token=" + str + ";path=/";
    }

    private String getVerifyCode(HttpExchange httpExchange) {
        String first = httpExchange.getRequestHeaders().getFirst("Cookie");
        if (!StringUtils.isNotEmpty(first)) {
            return "ERROR";
        }
        for (String str : first.split(";")) {
            if (str.contains("verifyCode")) {
                return str.split("=")[1];
            }
        }
        return "ERROR";
    }

    private void editUserPassword(String str, String str2) {
        UserDao userDao;
        User userByName;
        String property = System.getProperty(EyeConfigKeys.DEBUG_MODEL);
        if (!DBHelper.dbIsConfigured() || "debug".equals(property) || (userByName = (userDao = new UserDao()).getUserByName(str)) == null || PBKDF2Util.isEncryptByPbkdf2(userByName.getUserPassword())) {
            return;
        }
        UserRequest userRequest = new UserRequest();
        userRequest.setId(userByName.getId());
        userRequest.setUserName(userByName.getUserName());
        userRequest.setUserPassword(str2);
        userRequest.setExpireDate(userByName.getExpireDate());
        userRequest.setUserDescription(userByName.getUserDescription());
        userRequest.setUserRole(userByName.getUserRole());
        userRequest.setUserSource(userByName.getUserSource());
        userDao.editUser(userRequest);
    }
}
