package kd.bos.eye.api.permission;

import com.sun.net.httpserver.HttpExchange;
import java.io.IOException;
import java.time.LocalDate;
import java.time.format.DateTimeFormatter;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import kd.bos.cache.DistributeSessionableCache;
import kd.bos.encrypt.Encrypters;
import kd.bos.eye.api.alarm.AlarmConfigHandler;
import kd.bos.eye.api.alarm.db.AlarmConfigDbHelper;
import kd.bos.eye.api.log.KDException;
import kd.bos.eye.api.oplog.OpLogManager;
import kd.bos.eye.api.oplog.OpLogger;
import kd.bos.eye.api.oplog.OpType;
import kd.bos.eye.api.permission.dao.UserDao;
import kd.bos.eye.api.permission.entity.User;
import kd.bos.eye.api.permission.entity.UserRequest;
import kd.bos.eye.api.sso.SsoClients;
import kd.bos.eye.auth.EyeAuther;
import kd.bos.eye.auth.RequestTypeEnum;
import kd.bos.eye.auth.SessionStore;
import kd.bos.eye.config.EyeConfigKeys;
import kd.bos.eye.httpserver.AbstractHttpHandler;
import kd.bos.eye.util.ApiResponse;
import kd.bos.eye.util.ExchangeVueUtils;
import kd.bos.eye.util.MonitorLoginUtils;
import kd.bos.eye.util.PBKDF2Util;
import kd.bos.government.metadata.db.DBHelper;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.util.JSONUtils;
import kd.bos.util.StringUtils;

/* loaded from: input_file:kd/bos/eye/api/permission/UserHandler.class */
public class UserHandler extends AbstractHttpHandler {
    private static final OpLogger opLogger = OpLogManager.getLogger();
    private static final Log log = LogFactory.getLog(UserHandler.class);

    @Override // kd.bos.eye.httpserver.AbstractHttpHandler
    protected void handle0(HttpExchange httpExchange) throws IOException {
        UserRequest userRequest;
        Map<String, String> map = SessionStore.get().get(getToken(httpExchange));
        ApiResponse apiResponse = new ApiResponse();
        UserDao userDao = new UserDao();
        HashMap hashMap = new HashMap(4);
        if (map.get("logintype").equals(SsoClients.COSMICEYE.getName())) {
            hashMap.put("isConfiged", AlarmConfigHandler.FALSE_STR);
            hashMap.put("isNewUser", AlarmConfigHandler.FALSE_STR);
            hashMap.put("isFirstLogin", map.get("isFirstLogin"));
            hashMap.put("isExpirePassword", AlarmConfigHandler.FALSE_STR);
            User user = new User();
            user.setUserName("admin");
            hashMap.put("userInfo", user);
            apiResponse.setCode(0);
            apiResponse.setData(hashMap);
            writeJson(JSONUtils.toString(apiResponse), httpExchange);
            return;
        }
        if (!DBHelper.dbIsConfigured()) {
            hashMap.put("isConfiged", AlarmConfigHandler.FALSE_STR);
            apiResponse.setCode(0);
            apiResponse.setData(hashMap);
            writeJson(JSONUtils.toString(apiResponse), httpExchange);
            return;
        }
        try {
            userRequest = (UserRequest) ExchangeVueUtils.parseJsonFromPost(httpExchange, UserRequest.class);
        } catch (Exception e) {
            log.error("query user error: ", e);
            apiResponse.setCode(-1);
            apiResponse.setMsg("user exception, message: " + e.getMessage());
        }
        if (userRequest == null) {
            return;
        }
        String requestType = userRequest.getRequestType();
        String property = System.getProperty(EyeConfigKeys.KEY_USER);
        if (!EyeAuther.checkPermission(httpExchange, "user:" + userRequest.getUserName(), requestType)) {
            throw new KDException("No permission!");
        }
        if (RequestTypeEnum.USER_LIST_IS_DUPLICATE.getRequestType().equals(requestType)) {
            hashMap.put("isDuplicateUser", Boolean.valueOf(userDao.isDuplicateUser(userRequest)));
        } else if (RequestTypeEnum.USER_LIST_INFO.getRequestType().equals(requestType)) {
            String str = map.get("user");
            if (checkDebugModeEdit(str)) {
                hashMap.put("isNewUser", AlarmConfigHandler.FALSE_STR);
                hashMap.put("isDebugMode", "true");
                User user2 = new User();
                user2.setUserName(str);
                hashMap.put("userInfo", user2);
                apiResponse.setCode(0);
                apiResponse.setData(hashMap);
                writeJson(JSONUtils.toString(apiResponse), httpExchange);
                return;
            }
            User userByName = userDao.getUserByName(str);
            hashMap.put("isNewUser", userByName.getUserPassword().endsWith(PBKDF2Util.NEW_USER_SUFFIX) ? "true" : AlarmConfigHandler.FALSE_STR);
            userByName.setUserPassword(null);
            hashMap.put("userInfo", userByName);
            hashMap.put("isFirstLogin", map.get("isFirstLogin"));
            hashMap.put("isExpirePassword", map.get("isExpired"));
            hashMap.put("isConfiged", "true");
        } else {
            if (RequestTypeEnum.USER_LIST_ADD.getRequestType().equals(requestType)) {
                String userName = userRequest.getUserName();
                if (userName.length() < 6 || userName.length() > 32) {
                    throw new KDException("The length of username is limited 6-32!");
                }
                userRequest.setUserPassword(MonitorLoginUtils.getDecryptPassword(userRequest.getUserName(), userRequest.getUserPassword()));
                userDao.addUser(userRequest);
            }
            if (RequestTypeEnum.USER_LIST_EDIT.getRequestType().equals(requestType)) {
                String userName2 = userRequest.getUserName();
                if (StringUtils.isEmpty(userRequest.getUserPassword())) {
                    userDao.editUser(userRequest);
                } else {
                    String decryptPassword = MonitorLoginUtils.getDecryptPassword(userName2, userRequest.getUserPassword());
                    String decryptPassword2 = MonitorLoginUtils.getDecryptPassword(userName2, userRequest.getUserOldPassword());
                    Encrypters.decode(System.getProperty(EyeConfigKeys.KEY_PD));
                    boolean checkPassword = checkPassword(map, userName2, decryptPassword2);
                    boolean checkPassword2 = checkPassword(map, userName2, decryptPassword);
                    boolean isDisableChangePassword = isDisableChangePassword(userName2);
                    if (!checkPassword2 && checkPassword && !isDisableChangePassword) {
                        userRequest.setUserPassword(decryptPassword);
                        if ("true".equals(map.get("isExpired"))) {
                            userRequest.setExpireDate(DateTimeFormatter.ofPattern("yyyy-MM-dd").format(LocalDate.now().plusDays(180L)));
                        }
                        userDao.editUserPassword(userRequest);
                    }
                    hashMap.put("isUsedPassword", Boolean.valueOf(checkPassword2));
                    hashMap.put("oldPasswordIsTrue", Boolean.valueOf(checkPassword));
                    hashMap.put("isDisableChangePassword", Boolean.valueOf(isDisableChangePassword));
                }
            }
            if (RequestTypeEnum.USER_LIST_DELETE.getRequestType().equals(requestType)) {
                if (userRequest.getUserName().equals(property)) {
                    hashMap.put("cantDel", "true");
                } else {
                    userDao.deleteUser(userRequest);
                }
            }
            if (RequestTypeEnum.USER_LIST_EDIT_PASSWORD.getRequestType().equals(requestType)) {
                String userName3 = userRequest.getUserName();
                String decryptPassword3 = MonitorLoginUtils.getDecryptPassword(userName3, userRequest.getUserPassword());
                boolean checkPassword3 = checkPassword(map, userName3, decryptPassword3);
                if (!checkPassword3) {
                    userRequest.setUserPassword(decryptPassword3);
                    userDao.editUserPassword(userRequest);
                }
                hashMap.put("isUsedPassword", Boolean.valueOf(checkPassword3));
            }
            List<User> userList = userDao.getUserList();
            List<String> roleList = userDao.getRoleList();
            if ("true".equals(map.get("isFirstLogin"))) {
                userList = (List) userList.stream().filter(user3 -> {
                    return user3.getUserName().equals(map.get("user"));
                }).collect(Collectors.toList());
            }
            if (!property.equals(map.get("user"))) {
                userList = (List) userList.stream().filter(user4 -> {
                    return !user4.getUserName().equals(property);
                }).collect(Collectors.toList());
            }
            hashMap.put("isFirstLogin", map.get("isFirstLogin"));
            hashMap.put("isExpirePassword", map.get("isExpired"));
            hashMap.put("userList", userList);
            hashMap.put("roleList", roleList);
            hashMap.put("isConfiged", "true");
        }
        apiResponse.setCode(0);
        apiResponse.setData(hashMap);
        addOpLog(httpExchange, requestType, userRequest);
        writeJson(JSONUtils.toString(apiResponse), httpExchange);
    }

    private boolean checkDebugModeEdit(String str) {
        return System.getProperty(EyeConfigKeys.KEY_USER).equals(str) && "debug".equals(System.getProperty(EyeConfigKeys.DEBUG_MODEL));
    }

    private boolean isDisableChangePassword(String str) {
        DistributeSessionableCache cache = SessionStore.get().getCache();
        String str2 = "monitor-change-password-" + str;
        String str3 = (String) cache.get(str2, str);
        if (StringUtils.isEmpty(str3)) {
            cache.put(str2, str, AlarmConfigDbHelper.ONE_STR);
            return false;
        }
        int intValue = Integer.getInteger("monitor.login.errorTimes", 8).intValue();
        int parseInt = Integer.parseInt(str3);
        if (parseInt >= intValue) {
            return true;
        }
        if (parseInt != intValue - 1) {
            cache.put(str2, str, String.valueOf(parseInt + 1));
            return false;
        }
        cache.put(str2, str, String.valueOf(intValue));
        cache.expireAfter(str2, 86400);
        return false;
    }

    private boolean checkPassword(Map<String, String> map, String str, String str2) {
        return ("true".equals(map.get("isFirstLogin")) && str.equals(System.getProperty(EyeConfigKeys.KEY_USER))) ? str2.equals(Encrypters.decode(System.getProperty(EyeConfigKeys.KEY_PD))) : EyeAuther.checkUser(str, str2);
    }

    private void addOpLog(HttpExchange httpExchange, String str, UserRequest userRequest) {
        if ("0".equals(str)) {
            opLogger.opLog(httpExchange, OpType.ADD, "用户配置", "新增" + userRequest.getUserName() + "用户");
        }
        if (AlarmConfigDbHelper.ONE_STR.equals(str)) {
            opLogger.opLog(httpExchange, OpType.OPEN, "用户配置", "查看用户配置");
        }
        if ("2".equals(str)) {
            opLogger.opLog(httpExchange, OpType.EDIT, "用户配置", "修改" + userRequest.getUserName() + "用户配置: 角色=" + userRequest.getUserRole() + " 描述=" + userRequest.getUserDescription() + " 密码到期时间=" + userRequest.getExpireDate());
        }
        if ("3".equals(str)) {
            opLogger.opLog(httpExchange, OpType.DELETE, "用户配置", "删除" + userRequest.getUserName() + "用户");
        }
        if ("6".equals(str)) {
            opLogger.opLog(httpExchange, OpType.EDIT, "用户配置", "修改" + userRequest.getUserName() + "用户密码");
        }
    }
}
