package me.yukitale.cryptoexchange.exchange.controller.api;

import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.validation.Valid;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import me.yukitale.cryptoexchange.captcha.CachedCaptcha;
import me.yukitale.cryptoexchange.captcha.CaptchaService;
import me.yukitale.cryptoexchange.exchange.model.user.User;
import me.yukitale.cryptoexchange.exchange.payload.request.Login2FARequest;
import me.yukitale.cryptoexchange.exchange.payload.request.LoginRequest;
import me.yukitale.cryptoexchange.exchange.payload.request.RegisterRequest;
import me.yukitale.cryptoexchange.exchange.payload.response.UserInfoResponse;
import me.yukitale.cryptoexchange.exchange.repository.user.UserRepository;
import me.yukitale.cryptoexchange.exchange.security.jwt.JwtUtils;
import me.yukitale.cryptoexchange.exchange.security.service.UserDetailsImpl;
import me.yukitale.cryptoexchange.exchange.service.EmailService;
import me.yukitale.cryptoexchange.exchange.service.UserService;
import me.yukitale.cryptoexchange.panel.admin.model.other.AdminEmailSettings;
import me.yukitale.cryptoexchange.panel.admin.repository.other.AdminEmailSettingsRepository;
import me.yukitale.cryptoexchange.panel.worker.model.Domain;
import me.yukitale.cryptoexchange.panel.worker.repository.DomainRepository;
import me.yukitale.cryptoexchange.utils.DataValidator;
import me.yukitale.cryptoexchange.utils.GoogleUtil;
import me.yukitale.cryptoexchange.utils.JsonUtil;
import me.yukitale.cryptoexchange.utils.ServletUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.util.Pair;
import org.springframework.http.ResponseCookie;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.view.RedirectView;
import org.thymeleaf.spring6.processor.SpringInputGeneralFieldTagProcessor;

@RequestMapping({"/api/auth"})
@CrossOrigin(origins = {"*"}, maxAge = 3600)
@RestController
/* loaded from: input_file:BOOT-INF/classes/me/yukitale/cryptoexchange/exchange/controller/api/AuthApiController.class */
public class AuthApiController {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private AdminEmailSettingsRepository adminEmailSettingsRepository;

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private DomainRepository domainRepository;

    @Autowired
    private UserService userService;

    @Autowired
    private EmailService emailService;

    @Autowired
    private CaptchaService captchaService;

    @Autowired
    private JwtUtils jwtUtils;

    @PostMapping({"/login-2fa"})
    public ResponseEntity<?> loginUser(HttpServletRequest httpServletRequest, @Valid @RequestBody Login2FARequest login2FARequest) {
        try {
            Pair<String, String> emailAndPasswordFromJwtToken = this.jwtUtils.getEmailAndPasswordFromJwtToken(login2FARequest.getToken());
            String first = emailAndPasswordFromJwtToken.getFirst();
            String second = emailAndPasswordFromJwtToken.getSecond();
            User orElse = this.userRepository.findByEmail(first.toLowerCase()).orElse(this.userRepository.findByUsername(first).orElse(null));
            return orElse == null ? ResponseEntity.badRequest().body("user_not_found") : !orElse.getPassword().equals(second) ? ResponseEntity.badRequest().body("wrong_password") : !login2FARequest.getCode().equals(GoogleUtil.getTOTPCode(orElse.getTwoFactorCode())) ? ResponseEntity.badRequest().body("wrong_code") : authenticate(httpServletRequest, orElse, second);
        } catch (Exception e) {
            return ResponseEntity.badRequest().body("error");
        }
    }

    private ResponseEntity<?> resolveError(String str, final String str2) {
        final Optional<CachedCaptcha> refreshAndGetCaptcha = this.captchaService.refreshAndGetCaptcha(str);
        if (refreshAndGetCaptcha.isEmpty()) {
            return ResponseEntity.badRequest().body("bad_captcha");
        }
        return ResponseEntity.badRequest().body(JsonUtil.writeJson(new HashMap<String, String>() { // from class: me.yukitale.cryptoexchange.exchange.controller.api.AuthApiController.1
            {
                put("error", str2);
                put("captcha_update", ((CachedCaptcha) refreshAndGetCaptcha.get()).getBase64());
            }
        }));
    }

    @PostMapping({DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL})
    public ResponseEntity<?> loginUser(HttpServletRequest httpServletRequest, @Valid @RequestBody LoginRequest loginRequest) {
        String id = httpServletRequest.getSession().getId();
        Optional<CachedCaptcha> captcha = this.captchaService.getCaptcha(id);
        if (captcha.isEmpty()) {
            return ResponseEntity.badRequest().body("bad_captcha");
        }
        if (!captcha.get().getAnswer().equals(loginRequest.getCaptcha())) {
            return resolveError(id, "wrong_captcha");
        }
        User orElse = this.userRepository.findByEmail(loginRequest.getEmail().toLowerCase()).orElse(this.userRepository.findByUsername(loginRequest.getEmail()).orElse(null));
        if (orElse == null) {
            return resolveError(id, "user_not_found");
        }
        if (!orElse.getPassword().equals(loginRequest.getPassword())) {
            return resolveError(id, "wrong_password");
        }
        if (orElse.isTwoFactorEnabled()) {
            return ResponseEntity.ok("jwt_two_factor: " + this.jwtUtils.generateTokenFromEmailAndPassword(orElse.getEmail(), orElse.getPassword()));
        }
        this.captchaService.removeCaptchaCache(id);
        return authenticate(httpServletRequest, orElse, loginRequest.getPassword());
    }

    @PostMapping({"/forgot-password"})
    public ResponseEntity<?> forgotPassword(HttpServletRequest httpServletRequest, @RequestBody Map<String, String> map) {
        String id = httpServletRequest.getSession().getId();
        Optional<CachedCaptcha> captcha = this.captchaService.getCaptcha(id);
        if (captcha.isEmpty()) {
            return ResponseEntity.badRequest().body("bad_captcha");
        }
        if (!captcha.get().getAnswer().equals(String.valueOf(map.get("captcha")))) {
            return resolveError(id, "wrong_captcha");
        }
        String lowerCase = String.valueOf(map.get(SpringInputGeneralFieldTagProcessor.EMAIL_INPUT_TYPE_ATTR_VALUE)).toLowerCase();
        if (!DataValidator.isEmailValided(lowerCase)) {
            return resolveError(id, "user_not_found");
        }
        if (this.emailService.hasEmailPasswordRecovery(lowerCase)) {
            return resolveError(id, "already_exists");
        }
        User orElse = this.userRepository.findByEmail(lowerCase).orElse(null);
        if (orElse == null) {
            return resolveError(id, "user_not_found");
        }
        if (!orElse.isEmailConfirmed()) {
            return resolveError(id, "email_not_confirmed");
        }
        this.emailService.createEmailPasswordRecovery(orElse);
        this.captchaService.removeCaptchaCache(id);
        return ResponseEntity.ok("success");
    }

    private ResponseEntity<UserInfoResponse> authenticate(HttpServletRequest httpServletRequest, User user, String str) {
        Authentication authenticate = this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(user.getEmail().toLowerCase(), str));
        SecurityContextHolder.getContext().setAuthentication(authenticate);
        UserDetailsImpl userDetailsImpl = (UserDetailsImpl) authenticate.getPrincipal();
        ResponseCookie generateJwtCookie = this.jwtUtils.generateJwtCookie(userDetailsImpl);
        List list = (List) userDetailsImpl.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toList());
        user.setAuthCount(user.getAuthCount() + 1);
        this.userRepository.save(user);
        this.userService.createAction(user, httpServletRequest, "Authorized");
        return ResponseEntity.ok().header("Set-Cookie", generateJwtCookie.toString()).body(new UserInfoResponse(userDetailsImpl.getId(), userDetailsImpl.getUsername(), userDetailsImpl.getEmail().toLowerCase(), list));
    }

    @PostMapping({"/register"})
    public ResponseEntity<?> registerUser(@Valid @RequestBody RegisterRequest registerRequest, HttpServletRequest httpServletRequest, @RequestHeader("host") String str) {
        String id = httpServletRequest.getSession().getId();
        Optional<CachedCaptcha> captcha = this.captchaService.getCaptcha(id);
        if (captcha.isEmpty()) {
            return ResponseEntity.badRequest().body("bad_captcha");
        }
        if (!captcha.get().getAnswer().equals(registerRequest.getCaptcha())) {
            return resolveError(id, "wrong_captcha");
        }
        String lowerCase = registerRequest.getEmail().toLowerCase();
        if (!DataValidator.isEmailValided(lowerCase)) {
            return resolveError(id, "email_not_valid");
        }
        String username = registerRequest.getUsername();
        if (!DataValidator.isUsernameValided(username)) {
            return resolveError(id, "username_not_valid");
        }
        String password = registerRequest.getPassword();
        if (password.length() < 8 || password.length() > 64) {
            return resolveError(id, "password_not_valid");
        }
        if (this.userRepository.existsByEmail(lowerCase)) {
            return resolveError(id, "email_already_taken");
        }
        if (this.userRepository.existsByUsernameIgnoreCase(registerRequest.getUsername())) {
            return resolveError(id, "username_already_taken");
        }
        String lowerCase2 = str.toLowerCase();
        String promocode = (registerRequest.getPromocode() == null || registerRequest.getPromocode().isEmpty() || registerRequest.getPromocode().equals("0")) ? null : registerRequest.getPromocode();
        long refId = registerRequest.getRefId() <= 0 ? -1L : registerRequest.getRefId();
        String platform = ServletUtil.getPlatform(httpServletRequest);
        String ipAddress = ServletUtil.getIpAddress(httpServletRequest);
        Domain orElse = this.domainRepository.findByName(lowerCase2).orElse(null);
        User user = null;
        boolean z = false;
        boolean z2 = false;
        if (orElse != null && orElse.isEmailEnabled() && orElse.isEmailValid()) {
            if (orElse.isEmailRequiredEnabled()) {
                this.emailService.createEmailRegistration(orElse, lowerCase, username, password, lowerCase2, platform, ipAddress, promocode, refId);
                z = true;
                z2 = true;
            } else {
                user = this.userService.createUser(orElse, lowerCase, username, password, lowerCase2, platform, ipAddress, promocode, refId, false);
                this.emailService.createEmailConfirmation(orElse, lowerCase, lowerCase2, user);
                z2 = true;
            }
        } else if (orElse == null) {
            AdminEmailSettings findFirst = this.adminEmailSettingsRepository.findFirst();
            if (findFirst.isEnabled() && findFirst.isValid()) {
                if (findFirst.isRequiredEnabled()) {
                    this.emailService.createEmailRegistration(null, lowerCase, username, password, lowerCase2, platform, ipAddress, promocode, refId);
                    z = true;
                    z2 = true;
                } else {
                    user = this.userService.createUser(null, lowerCase, username, password, lowerCase2, platform, ipAddress, promocode, refId, false);
                    this.emailService.createEmailConfirmation(null, lowerCase, lowerCase2, user);
                    z2 = true;
                }
            }
        }
        if (!z2) {
            user = this.userService.createUser(orElse, lowerCase, username, password, lowerCase2, platform, ipAddress, promocode, refId, true);
        }
        this.captchaService.removeCaptchaCache(id);
        return z ? ResponseEntity.ok("email_confirm") : authenticate(httpServletRequest, user, password);
    }

    @GetMapping({"/logout"})
    public RedirectView logoutUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals(this.jwtUtils.getJwtCookie())) {
                    cookie.setValue("");
                    cookie.setPath("/");
                    cookie.setMaxAge(0);
                    httpServletResponse.addCookie(cookie);
                }
            }
        }
        httpServletRequest.getSession().invalidate();
        return new RedirectView("/signin");
    }
}
