package xyz.raylab.authorizationserver.auth.infrastructure;

import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONReader;
import java.time.Duration;
import java.util.List;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.stereotype.Component;
import xyz.raylab.authorizationserver.auth.domain.AuthStateManager;
import xyz.raylab.authorizationserver.auth.domain.model.AuthenticationToken;
import xyz.raylab.support.auth.DefaultLoginUser;
import xyz.raylab.support.auth.LoginUser;
import xyz.raylab.support.util.Assert;
import xyz.raylab.support.util.StringUtils;

@Component
/* loaded from: input_file:xyz/raylab/authorizationserver/auth/infrastructure/AuthStateManagerImpl.class */
public class AuthStateManagerImpl implements AuthStateManager {
    private final StringRedisTemplate redisTemplate;
    private final JwtDecoder jwtDecoder;
    private static final String USER_TOKEN = "a:s:u:%s:t";
    private static final String TOKEN = "a:s:t:%s";
    private static final String TOKEN_USER = "a:s:t:%s:u";
    private static final String REFRESH_TOKEN_TOKEN = "a:s:rt:%s:t";
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthStateManagerImpl.class);

    @Autowired
    public AuthStateManagerImpl(StringRedisTemplate stringRedisTemplate, JwtDecoder jwtDecoder) {
        this.redisTemplate = stringRedisTemplate;
        this.jwtDecoder = jwtDecoder;
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.AuthStateManager
    public void save(AuthenticationToken authenticationToken, LoginUser loginUser) {
        Assert.notNull(authenticationToken, "认证令牌不能为空");
        Assert.notNull(loginUser, "登录用户不能为空");
        String username = loginUser.getUsername();
        Duration ofSeconds = Duration.ofSeconds(authenticationToken.getRemainingExpiresIn().longValue());
        String accessToken = authenticationToken.getAccessToken();
        ValueOperations opsForValue = this.redisTemplate.opsForValue();
        String str = (String) opsForValue.get(formatUserTokenKey(username));
        if (StringUtils.isNotBlank(str)) {
            this.redisTemplate.delete(List.of(formatTokenKey(str), formatTokenUserKey(str)));
        }
        opsForValue.set(formatUserTokenKey(username), accessToken, ofSeconds);
        opsForValue.set(formatTokenKey(accessToken), JSON.toJSONString(authenticationToken), ofSeconds);
        opsForValue.set(formatTokenUserKey(accessToken), JSON.toJSONString(loginUser), ofSeconds);
        opsForValue.set(formatRefreshTokenTokenKey(authenticationToken.getRefreshToken()), accessToken, ofSeconds);
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.AuthStateManager
    public boolean isLogged(String str) {
        Assert.hasText(str, "用户名不能为空");
        return Boolean.TRUE.equals(this.redisTemplate.hasKey(formatUserTokenKey(str)));
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.AuthStateManager
    public LoginUser getLoginUser(String str) {
        tokenNotNull(str);
        String str2 = (String) this.redisTemplate.opsForValue().get(formatTokenUserKey(str));
        if (StringUtils.isNotBlank(str2)) {
            return (LoginUser) JSON.parseObject(str2).to(DefaultLoginUser.class, new JSONReader.Feature[0]);
        }
        return null;
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.AuthStateManager
    public AuthenticationToken getTokenByUsername(String str) {
        Assert.hasText(str, "用户名不能为空");
        return (AuthenticationToken) Optional.ofNullable((String) this.redisTemplate.opsForValue().get(formatUserTokenKey(str))).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).map(this::getToken).orElse(null);
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.AuthStateManager
    public AuthenticationToken getTokenByRefreshToken(String str) {
        Assert.hasText(str, "刷新令牌不能为空");
        return getToken((String) this.redisTemplate.opsForValue().get(formatRefreshTokenTokenKey(str)));
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.AuthStateManager
    public AuthenticationToken getToken(String str) {
        tokenNotNull(str);
        return (AuthenticationToken) Optional.ofNullable((String) this.redisTemplate.opsForValue().get(formatTokenKey(str))).filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).map(str2 -> {
            return (AuthenticationToken) JSON.parseObject(str2).to(AuthenticationToken.class, new JSONReader.Feature[0]);
        }).orElse(null);
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.AuthStateManager
    public void update(AuthenticationToken authenticationToken) {
        Assert.notNull(authenticationToken, "认证令牌不能为空");
        String str = (String) this.redisTemplate.opsForValue().get(formatUserTokenKey(parseTokenUsername(authenticationToken.getAccessToken())));
        Assert.hasText(str, "认证状态已失效，请重新认证");
        save(authenticationToken, getLoginUser(str));
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.AuthStateManager
    public void update(LoginUser loginUser) {
        Assert.notNull(loginUser, "登录用户不能为空");
        AuthenticationToken tokenByUsername = getTokenByUsername(loginUser.getUsername());
        Assert.notNull(tokenByUsername, "认证状态已失效，请重新认证");
        save(tokenByUsername, loginUser);
    }

    @Override // xyz.raylab.authorizationserver.auth.domain.AuthStateManager
    public void destroy(String str) {
        tokenNotNull(str);
        this.redisTemplate.delete(List.of(formatUserTokenKey(parseTokenUsername(str)), formatTokenKey(str), formatTokenUserKey(str), formatRefreshTokenTokenKey((String) Optional.ofNullable(getToken(str)).map((v0) -> {
            return v0.getRefreshToken();
        }).orElse(null))));
    }

    private void tokenNotNull(String str) {
        Assert.notNull(str, "令牌不能为空");
    }

    private String formatUserTokenKey(String str) {
        return String.format(USER_TOKEN, str);
    }

    private String formatTokenKey(String str) {
        return String.format(TOKEN, str);
    }

    private String formatTokenUserKey(String str) {
        return String.format(TOKEN_USER, str);
    }

    private String formatRefreshTokenTokenKey(String str) {
        return String.format(REFRESH_TOKEN_TOKEN, str);
    }

    private String parseTokenUsername(String str) {
        if (!StringUtils.isNotBlank(str)) {
            return null;
        }
        try {
            return (String) this.jwtDecoder.decode(str).getClaim("sub");
        } catch (JwtException e) {
            LOGGER.error("解析accessToken异常", e);
            return null;
        }
    }
}
