package com.cfwx.rox.web.sysmgr.controller.base;

import com.cfwx.multichannel.userinterface.redis.RedisService;
import com.cfwx.rox.web.common.ConfigProperties;
import com.cfwx.rox.web.common.Constants;
import com.cfwx.rox.web.common.controller.BaseController;
import com.cfwx.rox.web.common.model.entity.Orga;
import com.cfwx.rox.web.common.model.entity.User;
import com.cfwx.rox.web.common.model.vo.CurrentUser;
import com.cfwx.rox.web.common.model.vo.RespVo;
import com.cfwx.rox.web.common.util.LogInJsRSAUtil;
import com.cfwx.rox.web.common.util.MD5;
import com.cfwx.rox.web.common.util.PasswordCoder;
import com.cfwx.rox.web.log.service.IOperateLogService;
import com.cfwx.rox.web.sysmgr.model.bo.UserLoginBo;
import com.cfwx.rox.web.sysmgr.service.IAuthorityService;
import com.cfwx.rox.web.sysmgr.service.IOrganizationService;
import com.cfwx.rox.web.sysmgr.service.IRoleService;
import com.cfwx.rox.web.sysmgr.service.ISystemParameterService;
import com.cfwx.rox.web.sysmgr.service.IUserService;
import com.cfwx.rox.web.sysmgr.util.VerifyCodeUtils;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.util.Random;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping({"/login"})
@Controller
/* loaded from: input_file:com/cfwx/rox/web/sysmgr/controller/base/LoginController.class */
public class LoginController extends BaseController {

    @Autowired
    private IUserService userService;

    @Autowired
    private IOrganizationService organizationService;

    @Autowired
    private IOperateLogService operateLogService;

    @Autowired
    private IRoleService roleService;

    @Autowired
    private IAuthorityService authorityService;

    @Autowired
    private ISystemParameterService systemParameterService;

    @RequestMapping({"/loginIndex"})
    public String toLogin(HttpServletRequest httpServletRequest) {
        httpServletRequest.setAttribute("modulus", httpServletRequest.getServletContext().getAttribute("login_modulus"));
        httpServletRequest.setAttribute("exponent", httpServletRequest.getServletContext().getAttribute("login_exponent"));
        httpServletRequest.getSession().removeAttribute("currentUser");
        return ConfigProperties.getStringValue("/login/loginIndex");
    }

    @RequestMapping(value = {"/loginSubmit"}, method = {RequestMethod.POST})
    @ResponseBody
    public RespVo doLogin(UserLoginBo userLoginBo, HttpServletRequest httpServletRequest) {
        RespVo respVo = new RespVo();
        HttpSession session = httpServletRequest.getSession();
        Integer num = (Integer) session.getAttribute("userSubmitCount");
        Integer valueOf = Integer.valueOf(num == null ? 0 : num.intValue());
        session.setAttribute("userSubmitCount", Integer.valueOf(valueOf.intValue() + 1));
        String str = (String) session.getAttribute("userLoginVerifyCode");
        respVo.setResult(Integer.valueOf(valueOf.intValue() + 1));
        String verifyCode = userLoginBo.getVerifyCode();
        if ((valueOf.intValue() >= 3 || StringUtils.isNotEmpty(verifyCode)) && (StringUtils.isEmpty(verifyCode) || StringUtils.isEmpty(str) || !str.equalsIgnoreCase(verifyCode))) {
            respVo.setCode(3);
            respVo.setMessage("验证码不正确");
            return respVo;
        }
        if (StringUtils.isNotBlank(userLoginBo.getPassword())) {
            String str2 = null;
            try {
                PrivateKey privateKey = (PrivateKey) httpServletRequest.getServletContext().getAttribute("login_privateKey");
                if (null != privateKey) {
                    str2 = LogInJsRSAUtil.decryptString(privateKey, userLoginBo.getPassword());
                }
            } catch (Exception e) {
                this.logger.info("<== RSA解密，异常", e);
                e.printStackTrace();
            }
            if (null == str2 || "".equals(str2)) {
                this.logger.info("<== RSA解密，失败");
                respVo.setCode(-1);
                respVo.setMessage("登录失败");
                return respVo;
            }
            userLoginBo.setPassword(str2);
        }
        User findByLoginName = this.userService.findByLoginName(userLoginBo.getLoginName());
        if (findByLoginName == null || !PasswordCoder.validatePassword(findByLoginName.getPassword(), userLoginBo.getPassword())) {
            respVo.setCode(-1);
            respVo.setMessage("用户名或密码错误");
            return respVo;
        }
        if (findByLoginName.getAvailable() != Constants.AVAILABLE_TRUE) {
            respVo.setCode(-1);
            respVo.setMessage("用户不可用，禁止登录");
            return respVo;
        }
        Orga loadById = this.organizationService.loadById(findByLoginName.getOrgaId());
        if (loadById != null && loadById.getStatus() != Constants.AVAILABLE_TRUE) {
            respVo.setCode(-1);
            respVo.setMessage("用户机构被不可用，禁止登录");
            return respVo;
        }
        Integer checkPasswordLose = this.userService.checkPasswordLose(findByLoginName);
        if (checkPasswordLose != Constants.PASSWORD_STATUS_OK) {
            respVo.setCode(2);
            respVo.setMessage(checkPasswordLose + "");
            return respVo;
        }
        respVo.setCode(0);
        session.setAttribute("userSubmitCount", 0);
        CurrentUser currentUser = new CurrentUser();
        currentUser.setUser(findByLoginName);
        currentUser.setOrga(loadById);
        currentUser.setRoles(this.roleService.getRolesListByUserId(findByLoginName.getId()));
        currentUser.setAuthorities(this.authorityService.listZTreeAuthorityRoles(currentUser.getRoles()));
        httpServletRequest.getSession().setAttribute("currentUser", currentUser);
        this.systemParameterService.setSessionTime(httpServletRequest);
        this.operateLogService.saveOperateLog("系统管理", "登录页面", currentUser.getUser().getLoginName(), httpServletRequest.getRemoteAddr(), 9, "[{0}]用户登录[{2}]", new Object[]{currentUser.getUser().getLoginName(), currentUser.getUser().getLoginName(), "成功"});
        RedisService redisService = new RedisService();
        String md5s = MD5.md5s("USERTOKEN" + currentUser.getUser().getId());
        if (redisService.get(md5s) != null) {
            redisService.del(md5s);
        }
        String md5s2 = MD5.md5s(generatToken());
        redisService.set(md5s, md5s2);
        respVo.setMessage(md5s + "-" + md5s2);
        return respVo;
    }

    private String generatToken() {
        String str = "TOKEN";
        for (int i = 0; i < 8; i++) {
            str = str + new Random().nextInt(10);
        }
        return str;
    }

    @RequestMapping({"/getVerifyCode"})
    @ResponseBody
    public void verifyCode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String generateVerifyCode = VerifyCodeUtils.generateVerifyCode(4);
        httpServletRequest.getSession().setAttribute("userLoginVerifyCode", generateVerifyCode);
        FileInputStream fileInputStream = new FileInputStream(VerifyCodeUtils.getTempFile(httpServletRequest.getSession().getServletContext().getRealPath("/") + Constants.WEB_DIR_TEMPVCODE, generateVerifyCode));
        byte[] bArr = new byte[fileInputStream.available()];
        fileInputStream.read(bArr);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        outputStream.write(bArr);
        outputStream.flush();
        outputStream.close();
        fileInputStream.close();
    }
}
