package cn.kinyun.scrm.page.auth.service.impl;

import cn.kinyun.customer.center.enums.ModuleType;
import cn.kinyun.customer.center.service.CcCustomerNumService;
import cn.kinyun.scrm.page.auth.dto.OAuthPageDto;
import cn.kinyun.scrm.page.auth.dto.SnsUserDto;
import cn.kinyun.scrm.page.auth.service.ShortUrlService;
import cn.kinyun.scrm.page.auth.service.WeworkOauthService;
import cn.kinyun.scrm.page.auth.utils.PageAuthRedisUtil;
import cn.kinyun.wework.sdk.api.WwOauth2Client;
import cn.kinyun.wework.sdk.entity.oauth2.UserDetail;
import cn.kinyun.wework.sdk.entity.oauth2.Userinfo;
import com.google.common.base.Preconditions;
import com.kuaike.common.errorcode.CommonErrorCode;
import com.kuaike.common.exception.BusinessException;
import com.kuaike.common.utils.JacksonUtil;
import com.kuaike.common.utils.MD5Utils;
import com.kuaike.scrm.common.dto.CurrentUserInfo;
import com.kuaike.scrm.common.enums.OauthShortUrlTypeEnum;
import com.kuaike.scrm.common.enums.WxOAuthScope;
import com.kuaike.scrm.common.utils.IdGen;
import com.kuaike.scrm.common.utils.LoginUtils;
import com.kuaike.scrm.dal.marketing.entity.OauthShortUrl;
import com.kuaike.scrm.dal.marketing.mapper.OauthShortUrlMapper;
import com.kuaike.scrm.dal.permission.entity.User;
import com.kuaike.scrm.dal.permission.mapper.UserMapper;
import com.kuaike.scrm.dal.wework.entity.WeworkContact;
import com.kuaike.scrm.dal.wework.entity.WeworkCorp;
import com.kuaike.scrm.dal.wework.entity.WeworkUser;
import com.kuaike.scrm.dal.wework.mapper.WeworkContactMapper;
import com.kuaike.scrm.dal.wework.mapper.WeworkCorpMapper;
import com.kuaike.scrm.dal.wework.mapper.WeworkUserMapper;
import com.kuaike.scrm.token.service.AgentTokenService;
import com.kuaike.scrm.token.service.CustomizedTokenService;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.text.MessageFormat;
import java.time.Duration;
import java.util.Base64;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.session.web.http.CookieSerializer;
import org.springframework.session.web.http.DefaultCookieSerializer;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cn/kinyun/scrm/page/auth/service/impl/WeworkOauthServiceImpl.class */
public class WeworkOauthServiceImpl implements WeworkOauthService {
    private static final Logger log = LoggerFactory.getLogger(WeworkOauthServiceImpl.class);

    @Value("${scrm.domain.root}")
    private String domain;

    @Value("${scrm.domain.protocol}${scrm.domain.scrm-manager}${woauth.callbackUrl}")
    private String callbackUrl;

    @Value("${scrm.domain.protocol}${scrm.domain.scrm-manager}${oauth.shortUrl}")
    private String oauthShortUrl;

    @Value("${scrm.domain.protocol}${scrm.domain.scrm-manager}${oauth.defaultUrl}")
    private String defaultUrl;

    @Autowired
    private IdGen idGen;

    @Autowired
    private OauthShortUrlMapper oauthShortUrlMapper;

    @Autowired
    private WeworkCorpMapper weworkCorpMapper;

    @Autowired
    private WeworkContactMapper weworkContactMapper;

    @Autowired
    private WeworkUserMapper weworkUserMapper;

    @Autowired
    private UserMapper userMapper;

    @Autowired
    private PageAuthRedisUtil pageAuthRedisUtil;

    @Autowired
    private ShortUrlService shortUrlService;

    @Autowired
    private AgentTokenService agentTokenService;

    @Autowired
    private CustomizedTokenService customizedTokenService;

    @Autowired
    private CcCustomerNumService ccCustomerNumService;

    @Autowired
    private WwOauth2Client wwOauth2Client;

    @Autowired
    private RedisTemplate<String, String> redisTemplate;

    @Value("${spring.redis.key.prefix}")
    private String redisKeyPrefix;

    @Override // cn.kinyun.scrm.page.auth.service.WeworkOauthService
    public String wrapUrl(Long l, String str, String str2, String str3, Integer num) {
        log.info("wrap url with params={}", str2);
        Preconditions.checkArgument(StringUtils.isNoneBlank(new CharSequence[]{str2}), "跳转url为空");
        OauthShortUrl queryShortUrlByOriginUrl = this.oauthShortUrlMapper.queryShortUrlByOriginUrl(str2);
        if (queryShortUrlByOriginUrl != null && StringUtils.isNotBlank(queryShortUrlByOriginUrl.getShortUrl())) {
            return MessageFormat.format(this.oauthShortUrl, queryShortUrlByOriginUrl.getShortUrl());
        }
        OAuthPageDto oAuthPageDto = new OAuthPageDto();
        oAuthPageDto.setUrl(str2);
        oAuthPageDto.setType(num);
        oAuthPageDto.setBizId(l);
        oAuthPageDto.setFrom(str);
        oAuthPageDto.setTo("");
        return getShortUrl(str, str3, oAuthPageDto);
    }

    @Override // cn.kinyun.scrm.page.auth.service.WeworkOauthService
    public String wrapUrl(Long l, String str, String str2, String str3) {
        return wrapUrl(l, str, str2, str3, Integer.valueOf(OauthShortUrlTypeEnum.MERCHANT_WRAP_URL.getValue()));
    }

    @Override // cn.kinyun.scrm.page.auth.service.WeworkOauthService
    public String callback(String str, String str2, String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        log.info("callback with code={}, state={}, param={}", new Object[]{str2, str3, str});
        OAuthPageDto decrypt = OAuthPageDto.decrypt(str);
        if (decrypt == null) {
            log.warn("Invalid param. value={}", str);
            return this.defaultUrl;
        }
        String url = decrypt.getUrl();
        log.info("redirectUrl={}", url);
        if (StringUtils.isBlank(str2)) {
            log.warn("Matching failed: code is empty. params={}", decrypt);
            return url;
        }
        Long bizId = decrypt.getBizId();
        WeworkCorp byBizId = this.weworkCorpMapper.getByBizId(bizId);
        if (byBizId == null) {
            log.warn("企业未授权, corpId={}", bizId);
            throw new BusinessException(CommonErrorCode.BUSINESS_ERROR, "企业未授权");
        }
        String corpId = byBizId.getCorpId();
        if (codeExist(str2)) {
            log.info("code is used, bizId: {}, code: {}", bizId, str2);
            return url;
        }
        Userinfo userinfo = this.wwOauth2Client.getUserinfo(corpId, str2);
        if (userinfo != null) {
            try {
            } catch (Exception e) {
                log.error("bind contactId and openId error: ", e);
            }
            if (StringUtils.isNotBlank(userinfo.getOpenId()) && StringUtils.isNotBlank(userinfo.getExternalUserId())) {
                if (userinfo.getExternalUserId().startsWith("wm")) {
                    this.ccCustomerNumService.bindContactIdAndOpenId(bizId, userinfo.getExternalUserId(), userinfo.getOpenId(), ModuleType.WEWORK_AUTH.getCode());
                }
                cacheUser(httpServletRequest, httpServletResponse, bizId, corpId, userinfo);
                return url;
            }
        }
        if (userinfo != null && StringUtils.isNotBlank(userinfo.getUserId()) && StringUtils.isNotBlank(userinfo.getUserTicket())) {
            url = saveWeworkUser(corpId, this.wwOauth2Client.getUserdetail(corpId, userinfo.getUserTicket())) ? urlAddOauthStatus(url, 1) : urlAddOauthStatus(url, 0);
        } else if (userinfo != null && StringUtils.isNotBlank(userinfo.getUserId())) {
            url = urlAddOauthStatus(url, 0);
        }
        cacheUser(httpServletRequest, httpServletResponse, bizId, corpId, userinfo);
        return url;
    }

    private String urlAddOauthStatus(String str, int i) {
        return StringUtils.isBlank(str) ? str : str.indexOf(63) > -1 ? str + "&oauthStatus=" + i : str + "?oauthStatus=" + i;
    }

    private boolean codeExist(String str) {
        return !this.redisTemplate.opsForValue().setIfAbsent(new StringBuilder().append(this.redisKeyPrefix).append(":code:").append(str).toString(), str, 5L, TimeUnit.MINUTES).booleanValue();
    }

    private boolean saveWeworkUser(String str, UserDetail userDetail) {
        boolean z = false;
        log.info("save user private info, corpId:{}, detail:{}", str, userDetail);
        if (userDetail == null) {
            log.warn("user detail is null");
            return false;
        }
        WeworkUser queryWeworkUserInfo = this.weworkUserMapper.queryWeworkUserInfo(str, userDetail.getUserId());
        if (queryWeworkUserInfo == null) {
            log.warn("unknown wework_user, corpId:{}, userId:{}", str, userDetail.getUserId());
            return false;
        }
        boolean z2 = false;
        if (StringUtils.isNotBlank(userDetail.getName()) && !Objects.equals(userDetail.getName(), queryWeworkUserInfo.getName())) {
            queryWeworkUserInfo.setName(userDetail.getName());
            z2 = true;
        }
        if (userDetail.getGender() != null && userDetail.getGender().intValue() != 0 && !Objects.equals(userDetail.getGender(), queryWeworkUserInfo.getGender())) {
            queryWeworkUserInfo.setGender(userDetail.getGender());
            z2 = true;
        }
        if (StringUtils.isNotBlank(userDetail.getMobile()) && !Objects.equals(userDetail.getMobile(), queryWeworkUserInfo.getMobile())) {
            queryWeworkUserInfo.setMobile(userDetail.getMobile());
            z2 = true;
        }
        if (StringUtils.isNotBlank(userDetail.getAvatar()) && !Objects.equals(userDetail.getAvatar(), queryWeworkUserInfo.getAvatar())) {
            queryWeworkUserInfo.setAvatar(userDetail.getAvatar());
            z2 = true;
        }
        if (StringUtils.isNotBlank(userDetail.getQrCode()) && !Objects.equals(userDetail.getQrCode(), queryWeworkUserInfo.getQrCode())) {
            queryWeworkUserInfo.setQrCode(userDetail.getQrCode());
            z2 = true;
        }
        if (StringUtils.isNotBlank(userDetail.getQrCode())) {
            String vCode = getVCode(userDetail.getQrCode());
            if (StringUtils.isNotBlank(vCode) && !Objects.equals(vCode, queryWeworkUserInfo.getVcode())) {
                queryWeworkUserInfo.setVcode(vCode);
                z2 = true;
            }
            z = true;
        }
        if (StringUtils.isNotBlank(userDetail.getEmail()) && !Objects.equals(userDetail.getEmail(), queryWeworkUserInfo.getEmail())) {
            queryWeworkUserInfo.setEmail(userDetail.getEmail());
            z2 = true;
        }
        if (StringUtils.isNotBlank(userDetail.getAddress()) && !Objects.equals(userDetail.getAddress(), queryWeworkUserInfo.getAddress())) {
            queryWeworkUserInfo.setAddress(userDetail.getAddress());
            z2 = true;
        }
        if (z2) {
            this.weworkUserMapper.updateByPrimaryKeySelective(queryWeworkUserInfo);
            boolean z3 = false;
            User selectUserByWeworkUserIdAndCorpId = this.userMapper.selectUserByWeworkUserIdAndCorpId(queryWeworkUserInfo.getWeworkUserId(), queryWeworkUserInfo.getCorpId());
            if (selectUserByWeworkUserIdAndCorpId == null) {
                log.warn("exist user is null, weworkUserId: {}", queryWeworkUserInfo.getWeworkUserId());
                return z;
            }
            if (StringUtils.isBlank(selectUserByWeworkUserIdAndCorpId.getName()) || !selectUserByWeworkUserIdAndCorpId.getName().equals(queryWeworkUserInfo.getName())) {
                selectUserByWeworkUserIdAndCorpId.setName(queryWeworkUserInfo.getName());
                z3 = true;
            }
            if (StringUtils.isBlank(selectUserByWeworkUserIdAndCorpId.getMobile()) || !selectUserByWeworkUserIdAndCorpId.getMobile().equals(queryWeworkUserInfo.getMobile())) {
                selectUserByWeworkUserIdAndCorpId.setMobile(queryWeworkUserInfo.getMobile());
                z3 = true;
            }
            if (StringUtils.isBlank(selectUserByWeworkUserIdAndCorpId.getAvatar()) || !selectUserByWeworkUserIdAndCorpId.getAvatar().equals(queryWeworkUserInfo.getAvatar())) {
                selectUserByWeworkUserIdAndCorpId.setAvatar(queryWeworkUserInfo.getAvatar());
                z3 = true;
            }
            if (z3) {
                this.userMapper.updateByPrimaryKey(selectUserByWeworkUserIdAndCorpId);
            }
        }
        return z;
    }

    private String getVCode(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        Matcher matcher = Pattern.compile("vcode=([a-z0-9]+)").matcher(str);
        if (matcher.find()) {
            return matcher.group(1);
        }
        return null;
    }

    private String getShortUrl(String str, String str2, OAuthPageDto oAuthPageDto) {
        Preconditions.checkArgument(oAuthPageDto != null, "params is null");
        Preconditions.checkArgument(oAuthPageDto.getType() != null, "type is null");
        Preconditions.checkArgument(StringUtils.isNoneBlank(new CharSequence[]{oAuthPageDto.getUrl()}), "url is empty");
        String buildOAuthUrl = buildOAuthUrl(str, null, oAuthPageDto);
        log.info("build oauth url, originUrl: {}, oauthUrl: {}", oAuthPageDto.getUrl(), buildOAuthUrl);
        String num = this.idGen.getNum();
        if (StringUtils.isNotBlank(str2)) {
            if (this.oauthShortUrlMapper.getByShortUrl(str2) == null) {
                num = str2;
            } else {
                log.warn("短链接已存在:{}", str2);
            }
        }
        this.shortUrlService.recordShortUrl(str, oAuthPageDto.getType(), oAuthPageDto.getUrl(), buildOAuthUrl, num);
        String format = MessageFormat.format(this.oauthShortUrl, num);
        log.info("generate shortUrl: {}", format);
        return format;
    }

    private String buildOAuthUrl(String str, Integer num, OAuthPageDto oAuthPageDto) {
        String str2 = this.callbackUrl + "?v=" + oAuthPageDto.encrypt();
        try {
            str2 = URLEncoder.encode(str2, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            log.error("unsupported encoding", e);
        }
        StringBuilder sb = new StringBuilder(128);
        sb.append("https://open.weixin.qq.com/connect/oauth2/authorize?response_type=code&appid=").append(str).append("&redirect_uri=").append(str2);
        if (num == null) {
            sb.append("&scope=").append(WxOAuthScope.SNSAPI_USERINFO.getValue());
        } else {
            sb.append("&scope=").append(WxOAuthScope.SNSAPI_PRIVATEINFO.getValue()).append("&agentid=").append(num);
        }
        sb.append("&state=").append(str).append("#wechat_redirect");
        return sb.toString();
    }

    private void cacheUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Long l, String str, Userinfo userinfo) {
        WeworkUser queryWeworkUserInfo;
        log.info("cache corpId:{}, userinfo:{}", str, userinfo);
        String userId = userinfo.getUserId();
        String openId = userinfo.getOpenId();
        String MD5 = StringUtils.isNotBlank(userId) ? MD5Utils.MD5(str + "," + userId) : MD5Utils.MD5(str + "," + openId);
        SnsUserDto snsUserDto = new SnsUserDto();
        snsUserDto.setType(1);
        snsUserDto.setBusinessCustomerId(l);
        snsUserDto.setAppId(str);
        snsUserDto.setOpenId(openId);
        snsUserDto.setUserId(userId);
        snsUserDto.setDeviceId(userinfo.getDeviceId());
        snsUserDto.setExternalUserId(userinfo.getExternalUserId());
        if (StringUtils.isNotBlank(userinfo.getExternalUserId())) {
            WeworkContact queryWeworkContact = this.weworkContactMapper.queryWeworkContact(l, str, userinfo.getExternalUserId());
            if (queryWeworkContact != null) {
                snsUserDto.setNickname(queryWeworkContact.getName());
                snsUserDto.setHeadImgUrl(queryWeworkContact.getAvatar());
                snsUserDto.setSex(queryWeworkContact.getGender());
            }
        } else if (StringUtils.isNotBlank(userId) && (queryWeworkUserInfo = this.weworkUserMapper.queryWeworkUserInfo(str, userId)) != null) {
            snsUserDto.setNickname(queryWeworkUserInfo.getName());
            snsUserDto.setHeadImgUrl(queryWeworkUserInfo.getAvatar());
            snsUserDto.setSex(queryWeworkUserInfo.getGender());
        }
        this.pageAuthRedisUtil.setSnsUser(MD5, JacksonUtil.obj2Str(snsUserDto), Duration.ofSeconds(3600L));
        log.info("domain:{}, token:{}", this.domain, MD5);
        DefaultCookieSerializer defaultCookieSerializer = new DefaultCookieSerializer();
        defaultCookieSerializer.setCookieName("SNS_USERINFO_TOKEN");
        defaultCookieSerializer.setCookieMaxAge(3600);
        defaultCookieSerializer.setCookiePath("/");
        defaultCookieSerializer.setDomainName(this.domain);
        defaultCookieSerializer.setUseHttpOnlyCookie(true);
        defaultCookieSerializer.setUseBase64Encoding(true);
        defaultCookieSerializer.writeCookieValue(new CookieSerializer.CookieValue(httpServletRequest, httpServletResponse, MD5));
    }

    @Override // cn.kinyun.scrm.page.auth.service.WeworkOauthService
    public SnsUserDto user(String str) {
        log.info("query sns userinfo with token={}", str);
        if (StringUtils.isBlank(str)) {
            return null;
        }
        try {
            str = new String(Base64.getDecoder().decode(str));
        } catch (Exception e) {
            log.error("Decode token failed", e);
        }
        String snsUser = this.pageAuthRedisUtil.getSnsUser(str);
        if (StringUtils.isBlank(snsUser) || "null".equals(snsUser)) {
            return null;
        }
        SnsUserDto snsUserDto = null;
        try {
            snsUserDto = (SnsUserDto) JacksonUtil.str2Obj(snsUser, SnsUserDto.class);
        } catch (IOException e2) {
            log.error("反序列化失败, data={}", snsUser, e2);
        }
        return snsUserDto;
    }

    @Override // cn.kinyun.scrm.page.auth.service.WeworkOauthService
    public String getOAuthUrl(String str) {
        CurrentUserInfo currentUser = LoginUtils.getCurrentUser();
        String corpId = currentUser.getCorpId();
        Long bizId = currentUser.getBizId();
        Integer agentId = this.customizedTokenService.getAgentId(corpId);
        OAuthPageDto oAuthPageDto = new OAuthPageDto();
        if (StringUtils.isNotBlank(str)) {
            oAuthPageDto.setUrl(str);
        } else {
            oAuthPageDto.setUrl(this.defaultUrl);
        }
        oAuthPageDto.setBizId(bizId);
        return buildOAuthUrl(corpId, agentId, oAuthPageDto);
    }
}
