package xyz.raylab.authorizationserver.auth.domain.service;

import org.springframework.stereotype.Service;
import xyz.raylab.authorizationserver.auth.domain.AuthStateManager;
import xyz.raylab.authorizationserver.auth.domain.model.AuthCredential;
import xyz.raylab.authorizationserver.auth.domain.model.AuthLoginUser;
import xyz.raylab.authorizationserver.auth.domain.model.AuthenticationToken;
import xyz.raylab.authorizationserver.auth.interfaces.AuthenticationTokenProvider;
import xyz.raylab.authorizationserver.interfaces.SystemUserService;
import xyz.raylab.authorizationserver.interfaces.entity.SystemUser;
import xyz.raylab.support.exception.Assert;
import xyz.raylab.support.util.PasswordEncoder;

@Service("authServiceOfAuth")
/* loaded from: input_file:xyz/raylab/authorizationserver/auth/domain/service/AuthServiceImpl.class */
public class AuthServiceImpl implements AuthService {
    private final SystemUserService systemUserService;
    private final AuthenticationTokenProvider authenticationTokenProvider;
    private final AuthStateManager authStateManager;
    private static final String INVALID_USER_MSG = "无效的用户名或密码";

    public AuthServiceImpl(SystemUserService systemUserService, AuthenticationTokenProvider authenticationTokenProvider, AuthStateManager authStateManager) {
        this.systemUserService = systemUserService;
        this.authenticationTokenProvider = authenticationTokenProvider;
        this.authStateManager = authStateManager;
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.service.AuthService
    public SystemUser validate(AuthCredential authCredential) {
        Assert.DOMAIN_VALIDATION.notNull(authCredential, "认证凭证不能为空");
        SystemUser findByUsername = this.systemUserService.findByUsername(authCredential.getUsername());
        Assert.DOMAIN_VALIDATION.notNull(findByUsername, INVALID_USER_MSG);
        Assert.DOMAIN_VALIDATION.isTrue(findByUsername.isEnabled(), INVALID_USER_MSG);
        Assert.DOMAIN_VALIDATION.isTrue(PasswordEncoder.passwordEncoder().matches(authCredential.getPassword(), findByUsername.getPassword()), INVALID_USER_MSG);
        return findByUsername;
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.service.AuthService
    public AuthenticationToken login(AuthCredential authCredential) {
        SystemUser validate = validate(authCredential);
        AuthenticationToken generate = this.authenticationTokenProvider.generate(authCredential);
        Assert.DOMAIN_VALIDATION.notNull(generate, INVALID_USER_MSG);
        this.authStateManager.save(generate, AuthLoginUser.build(validate, this.systemUserService.findPermissions(validate.getId())));
        return generate;
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.service.AuthService
    public AuthenticationToken refresh(String str) {
        Assert.DOMAIN_VALIDATION.hasText(str, "刷新令牌不能为空");
        AuthenticationToken refresh = this.authenticationTokenProvider.refresh(str);
        Assert.DOMAIN_VALIDATION.notNull(refresh, "无效的刷新令牌");
        this.authStateManager.update(refresh);
        return refresh;
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.service.AuthService
    public void logout(String str) {
        Assert.DOMAIN_VALIDATION.hasText(str, "令牌不能为空");
        Assert.DOMAIN.isTrue(this.authenticationTokenProvider.revoke(str), "注销失败");
        this.authStateManager.destroy(str);
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.service.AuthService
    public void updateLoginUser(String str) {
        if (this.authStateManager.isLogged(str)) {
            SystemUser findByUsername = this.systemUserService.findByUsername(str);
            this.authStateManager.update(AuthLoginUser.build(findByUsername, this.systemUserService.findPermissions(findByUsername.getId())));
        }
    }
}
