package top.dcenter.ums.security.social.controller;

import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.view.RedirectView;
import top.dcenter.ums.security.core.enums.ErrorCodeEnum;
import top.dcenter.ums.security.core.exception.ParameterErrorException;
import top.dcenter.ums.security.social.callback.RedirectUrlHelperServiceImpl;

@ResponseBody
/* loaded from: input_file:top/dcenter/ums/security/social/controller/SocialController.class */
public class SocialController {
    private static final Logger log = LoggerFactory.getLogger(SocialController.class);
    private final RedirectUrlHelperServiceImpl redirectUrlHelper;

    public SocialController(RedirectUrlHelperServiceImpl redirectUrlHelperServiceImpl) {
        this.redirectUrlHelper = redirectUrlHelperServiceImpl;
    }

    @GetMapping({"/auth/callback"})
    @ConditionalOnProperty(prefix = "security.social", name = {"filter-processes-url"}, havingValue = "/auth/callback")
    public RedirectView authCallbackRouter(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("state");
        String queryString = httpServletRequest.getQueryString();
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String id = httpServletRequest.getSession(true).getId();
        String requestURI = httpServletRequest.getRequestURI();
        log.info("统一回调地址路由: ip={}, sid={}, uri={}, state={}, queryString={}", new Object[]{remoteAddr, id, requestURI, parameter, queryString});
        if (StringUtils.isNotBlank(parameter)) {
            String decodeRedirectUrl = this.redirectUrlHelper.decodeRedirectUrl(parameter);
            if (StringUtils.isNotBlank(decodeRedirectUrl)) {
                if (decodeRedirectUrl.matches("^(([a-zA-z]+://)?[^/]+)+/.*$")) {
                    log.error("统一回调地址路由-state被篡改: ip={}, sid={}, uri={}, state={}, queryString={}, redirectUrl={}", new Object[]{remoteAddr, id, requestURI, parameter, queryString, decodeRedirectUrl});
                    throw new ParameterErrorException(ErrorCodeEnum.REDIRECT_URL_PARAMETER_ILLEGAL, decodeRedirectUrl, id);
                }
                if (StringUtils.isNotBlank(decodeRedirectUrl)) {
                    return new RedirectView(String.format("%s%s%s%s%s%s%s%s%s", decodeRedirectUrl, "?", "code", "=", httpServletRequest.getParameter("code"), "&", "state", "=", parameter), true);
                }
                log.error("统一回调地址路由-state被篡改: ip={}, sid={}, uri={}, state={}, queryString={}, redirectUrl={}", new Object[]{remoteAddr, id, requestURI, parameter, queryString, decodeRedirectUrl});
                throw new ParameterErrorException(ErrorCodeEnum.REDIRECT_URL_PARAMETER_ERROR, decodeRedirectUrl, id);
            }
        }
        log.warn("统一回调地址路由-state为空: ip={}, sid={}, uri={}, state={}, queryString={}", new Object[]{remoteAddr, id, requestURI, parameter, queryString});
        throw new ParameterErrorException(ErrorCodeEnum.TAMPER_WITH_REDIRECT_URL_PARAMETER, parameter, id);
    }
}
