package org.apache.dolphinscheduler.api.controller;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Parameters;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.dolphinscheduler.api.configuration.OAuth2Configuration;
import org.apache.dolphinscheduler.api.enums.Status;
import org.apache.dolphinscheduler.api.exceptions.ApiException;
import org.apache.dolphinscheduler.api.security.Authenticator;
import org.apache.dolphinscheduler.api.security.impl.AbstractSsoAuthenticator;
import org.apache.dolphinscheduler.api.service.SessionService;
import org.apache.dolphinscheduler.api.service.UsersService;
import org.apache.dolphinscheduler.api.utils.Result;
import org.apache.dolphinscheduler.common.enums.UserType;
import org.apache.dolphinscheduler.common.utils.JSONUtils;
import org.apache.dolphinscheduler.common.utils.OkHttpUtils;
import org.apache.dolphinscheduler.dao.entity.Session;
import org.apache.dolphinscheduler.dao.entity.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({""})
@Tag(name = "LOGIN_TAG")
@RestController
/* loaded from: input_file:org/apache/dolphinscheduler/api/controller/LoginController.class */
public class LoginController extends BaseController {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(LoginController.class);

    @Autowired
    private SessionService sessionService;

    @Autowired
    private Authenticator authenticator;

    @Autowired(required = false)
    private OAuth2Configuration oAuth2Configuration;

    @Autowired
    private UsersService usersService;

    @PostMapping({"/login"})
    @ApiException(Status.USER_LOGIN_FAILURE)
    @Operation(summary = "login", description = "LOGIN_NOTES")
    @Parameters({@Parameter(name = "userName", description = "USER_NAME", required = true, schema = @Schema(implementation = String.class)), @Parameter(name = "userPassword", description = "USER_PASSWORD", required = true, schema = @Schema(implementation = String.class))})
    public Result login(@RequestParam("userName") String str, @RequestParam("userPassword") String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (StringUtils.isEmpty(str)) {
            return error(Integer.valueOf(Status.USER_NAME_NULL.getCode()), Status.USER_NAME_NULL.getMsg());
        }
        String clientIpAddress = getClientIpAddress(httpServletRequest);
        if (StringUtils.isEmpty(clientIpAddress)) {
            return error(Integer.valueOf(Status.IP_IS_EMPTY.getCode()), Status.IP_IS_EMPTY.getMsg());
        }
        Result<Map<String, String>> authenticate = this.authenticator.authenticate(str, str2, clientIpAddress);
        if (authenticate.getCode().intValue() != Status.SUCCESS.getCode()) {
            return authenticate;
        }
        httpServletResponse.setStatus(200);
        for (Map.Entry<String, String> entry : authenticate.getData().entrySet()) {
            Cookie cookie = new Cookie(entry.getKey(), entry.getValue());
            cookie.setHttpOnly(true);
            httpServletResponse.addCookie(cookie);
        }
        return authenticate;
    }

    @ApiException(Status.NOT_SUPPORT_SSO)
    @GetMapping({"/login/sso"})
    @Operation(summary = "sso login", description = "SSO_LOGIN_NOTES")
    public Result ssoLogin(HttpServletRequest httpServletRequest) {
        if (!(this.authenticator instanceof AbstractSsoAuthenticator)) {
            return Result.success();
        }
        String uuid = UUID.randomUUID().toString();
        HttpSession session = httpServletRequest.getSession();
        if (session.getAttribute("sso.login.user.state") == null) {
            session.setAttribute("sso.login.user.state", uuid);
        }
        return Result.success(((AbstractSsoAuthenticator) this.authenticator).getSignInUrl(uuid));
    }

    @PostMapping({"/signOut"})
    @ApiException(Status.SIGN_OUT_ERROR)
    @Operation(summary = "signOut", description = "SIGN_OUT_NOTES")
    public Result signOut(@Parameter(hidden = true) @RequestAttribute("session.user") User user, HttpServletRequest httpServletRequest) {
        getClientIpAddress(httpServletRequest);
        this.sessionService.expireSession(user.getId());
        httpServletRequest.removeAttribute("session.user");
        return success();
    }

    @DeleteMapping({"cookies"})
    public void clearCookieSessionId(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        for (Cookie cookie : httpServletRequest.getCookies()) {
            cookie.setMaxAge(0);
            cookie.setValue((String) null);
            httpServletResponse.addCookie(cookie);
        }
        httpServletResponse.setStatus(200);
    }

    @GetMapping({"oauth2-provider"})
    @Operation(summary = "getOauth2Provider", description = "GET_OAUTH2_PROVIDER")
    public Result<List<OAuth2Configuration.OAuth2ClientProperties>> oauth2Provider() {
        return this.oAuth2Configuration == null ? Result.success(new ArrayList()) : Result.success((List) this.oAuth2Configuration.getProvider().values().stream().map(oAuth2ClientProperties -> {
            OAuth2Configuration.OAuth2ClientProperties oAuth2ClientProperties = new OAuth2Configuration.OAuth2ClientProperties();
            oAuth2ClientProperties.setAuthorizationUri(oAuth2ClientProperties.getAuthorizationUri());
            oAuth2ClientProperties.setRedirectUri(oAuth2ClientProperties.getRedirectUri());
            oAuth2ClientProperties.setClientId(oAuth2ClientProperties.getClientId());
            oAuth2ClientProperties.setProvider(oAuth2ClientProperties.getProvider());
            oAuth2ClientProperties.setIconUri(oAuth2ClientProperties.getIconUri());
            return oAuth2ClientProperties;
        }).collect(Collectors.toList()));
    }

    @GetMapping({"redirect/login/oauth2"})
    @Operation(summary = "redirectToOauth2", description = "REDIRECT_TO_OAUTH2_LOGIN")
    public void loginByAuth2(@RequestParam String str, @RequestParam String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        OAuth2Configuration.OAuth2ClientProperties oAuth2ClientProperties = this.oAuth2Configuration.getProvider().get(str2);
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("Accept", "application/json");
            HashMap hashMap2 = new HashMap(16);
            hashMap2.put("client_secret", oAuth2ClientProperties.getClientSecret());
            HashMap hashMap3 = new HashMap();
            hashMap3.put("client_id", oAuth2ClientProperties.getClientId());
            hashMap3.put("code", str);
            hashMap3.put("grant_type", "authorization_code");
            hashMap3.put("redirect_uri", String.format("%s?provider=%s", oAuth2ClientProperties.getRedirectUri(), str2));
            String nodeString = JSONUtils.getNodeString(OkHttpUtils.post(oAuth2ClientProperties.getTokenUri(), hashMap, hashMap3, hashMap2), "access_token");
            HashMap hashMap4 = new HashMap();
            hashMap4.put("Accept", "application/json");
            HashMap hashMap5 = new HashMap();
            hashMap5.put("access_token", nodeString);
            hashMap4.put("Authorization", "Bearer " + nodeString);
            String nodeString2 = JSONUtils.getNodeString(OkHttpUtils.get(oAuth2ClientProperties.getUserInfoUri(), hashMap4, hashMap5), "login");
            User userByUserName = this.usersService.getUserByUserName(nodeString2);
            if (userByUserName == null) {
                userByUserName = this.usersService.createUser(UserType.GENERAL_USER, nodeString2, null);
            }
            Session createSessionIfAbsent = this.sessionService.createSessionIfAbsent(userByUserName);
            httpServletResponse.setStatus(302);
            httpServletResponse.sendRedirect(String.format("%s?sessionId=%s&authType=%s", oAuth2ClientProperties.getCallbackUrl(), createSessionIfAbsent.getId(), "oauth2"));
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            httpServletResponse.setStatus(302);
            httpServletResponse.sendRedirect(String.format("%s?authType=%s&error=%s", oAuth2ClientProperties.getCallbackUrl(), "oauth2", "oauth2 auth error"));
        }
    }
}
