bocloud.sms/bocloud.sms.service/src/main/java/com/bocloud/sms/service/TrxServiceImpl.java

package com.bocloud.sms.service;

import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpResponse;
import cn.hutool.http.HttpUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.bocloud.sms.entity.AppEntity;
import com.bocloud.sms.entity.Role;
import com.bocloud.sms.entity.User;
import com.bocloud.sms.enums.YkInf;
import com.bocloud.sms.interfaces.TrxService;
import com.bocloud.sms.model.*;
import com.bocloud.sms.repository.RoleRepository;
import com.bocloud.sms.repository.UserRepository;
import com.bocloud.sms.service.utils.QxUtils;
import com.bocloud.sms.service.utils.Sha256Util;
import com.bocloud.sms.service.utils.YkUtils;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import com.megatron.common.encrypt.AESEncryptor;
import com.megatron.common.encrypt.Encryptor;
import com.megatron.common.model.GeneralResult;
import com.megatron.common.model.RequestContext;
import jakarta.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Service;
import org.springframework.util.ObjectUtils;

import java.lang.reflect.Type;
import java.util.*;
import java.util.stream.Collectors;

@Slf4j
@Service
@RequiredArgsConstructor
public class TrxServiceImpl implements TrxService {
    @Value("${trx.address:https://109.64.24.225}")
    private String trxUrl;
    @Autowired
    private UserServiceImpl userServiceImpl;
    @Autowired
    private UserRepository userRepository;
    private final YkUtils ykUtils;
    private final QxUtils qxUtils;
    @Autowired
    private RoleRepository roleRepository;
    private final StringRedisTemplate redisTemplate;

    // 获取天融信随机字符串
    @Override
    public GeneralResult getRandomstr(String ngxCookie) {
        String url = trxUrl + "/getRandomStr";
        Map<String, String> paramsMap = new HashMap<>();
        paramsMap.put("isToken", "false");
        paramsMap.put("ngx_cookie", ngxCookie);
        JSONObject result = new JSONObject();
        try {
            HttpRequest httpRequest = HttpRequest.get(url)
                    .addHeaders(paramsMap);
            httpRequest.cookie("ngx_cookie=" + ngxCookie);
            log.info("调用天融信获取随机字符串接口, url:" + httpRequest.getUrl() + "请求头：" + JSONObject.toJSONString(httpRequest.headers()));
            log.info("调用天融信获取随机字符串接口, 请求信息:" + JSONObject.toJSONString(httpRequest));
            HttpResponse response = httpRequest.execute();
            result = JSONObject.parseObject(response.body());
            if ("-1".equals(result.getString("result"))) {
                return new GeneralResult(false, "获取随机数失败" + result.getString("errmsg"));
            }
        } catch (Exception e) {
            log.error("调用天融信获取随机字符串失败", e);
            return new GeneralResult(false, "获取随机数失败" + e.getMessage());
        }
        return new GeneralResult(true, result.getString("result"), "获取随机数成功");
    }

    @Override
    public GeneralResult getSoftRandomstr(String ngxCookie, String account) {
        String url = trxUrl + "/getRandomStr";
        Map<String, String> paramsMap = new HashMap<>();
        paramsMap.put("isToken", "false");
        paramsMap.put("ngx_cookie", ngxCookie);
        JSONObject result;
        try {
            HttpRequest httpRequest = HttpRequest.get(url)
                    .addHeaders(paramsMap);
            httpRequest.cookie("ngx_cookie=" + ngxCookie + ";account=" + account);
            log.info("调用天融信获取软随机字符串接口, url:" + httpRequest.getUrl() + "请求头：" + JSONObject.toJSONString(httpRequest.headers()));
            log.info("调用天融信获取随机字符串接口, 请求信息:" + JSONObject.toJSONString(httpRequest));
            HttpResponse response = httpRequest.execute();
            result = JSONObject.parseObject(response.body());
            if ("-1".equals(result.getString("result"))) {
                return new GeneralResult(false, "获取随机数失败" + result.getString("errmsg"));
            }
        } catch (Exception e) {
            log.error("调用天融信获取随机字符串失败", e);
            return new GeneralResult(false, "获取随机数失败" + e.getMessage());
        }
        return new GeneralResult(true, result.getString("result"), "获取随机数成功");
    }


    @Override
    public GeneralResult getAuthToken(TrxAuthModel trxAuthModel) {
        String url = trxUrl + "/userAuthen";
        Map<String, Object> paramsMap = new HashMap<>();
        paramsMap.put("cookie", trxAuthModel.getClientHello());

        List<Map<String, Object>> authenList = new ArrayList<>();
        Map<String, Object> userMap = new HashMap<>();
        userMap.put("loginName", trxAuthModel.getLoginName());
        userMap.put("passwd", trxAuthModel.getPassword());
        authenList.add(userMap);

        Map<String, Object> md5Map = new HashMap<>();
        md5Map.put("certMd5", trxAuthModel.getServerHello());
        md5Map.put("value", "");
        md5Map.put("hashType", "");
        authenList.add(md5Map);

        Map<String, Object> passcodeMap = new HashMap<>();
        passcodeMap.put("passcode", "");
        authenList.add(passcodeMap);

        Map<String, Object> dfCodeMap = new HashMap<>();
        dfCodeMap.put("df_code", "");
        authenList.add(dfCodeMap);

        Map<String, Object> ipMap = new HashMap<>();
        ipMap.put("client_ip", trxAuthModel.getClientIp());
        authenList.add(ipMap);
        paramsMap.put("Authen", authenList);

        JSONObject result = new JSONObject();
        GeneralResult<Map<String, Object>> login = new GeneralResult<>();
        try {
            HttpRequest httpRequest = HttpRequest.post(url)
                    .header("isToken", "false")
                    .body(JSONObject.toJSONString(paramsMap));
            log.info("调用天融信用户登录接口, 请求信息:" + JSONObject.toJSONString(httpRequest));
            HttpResponse response = httpRequest.execute();
            result = JSONObject.parseObject(response.body());
            if (!"0".equals(result.getString("result"))) {
                return new GeneralResult(false, "用户登录天融信失败" + result.getString("errmsg"));
            }
            String trxToken = result.getString("token");
            String userId = result.getString("userId");

            // 处理ukey登录用户
            log.info("开始uKey登录用户入库, userId:" + userId);
            saveUserByTrx(userId);
            log.info("uKey登录用户入库结束");
            // 登录
            log.info("开始uKey登录用户登录云管平台");
            User user = userRepository.getByUserId(userId);
            Encryptor encryptor = new AESEncryptor();
            String password = encryptor.encrypt(userId + "CMP", null);
            login = userServiceImpl.login(user.getAccount(), password, null, null, true);
            login.getData().put("trxToken", trxToken);
            log.info("uKey登录用户登录云管平台结束");
        } catch (Exception e) {
            log.error("用户登录失败：", e);
            return new GeneralResult(false, "用户登录失败" + e.getMessage());
        }
        return login;
    }

    @Override
    public GeneralResult getpwdAuthen(TrxAuthModel trxAuthModel) {
        String url = trxUrl + "/pwdAuthen";
        String s1 = Sha256Util.sha256(trxAuthModel.getPassword());
        log.info("密码s1   sha256值:" + s1);
        String rs1 = Sha256Util.sha256(trxAuthModel.getRandoms() + s1);
        log.info("密码rs1  sha256值:" + rs1);

        Map<String, Object> paramsMap = new HashMap<>();
        paramsMap.put("cookie", trxAuthModel.getClientHello());
        paramsMap.put("confusn_pwd", rs1);
        paramsMap.put("client_ip", trxAuthModel.getClientIp());
        JSONObject result = new JSONObject();
        GeneralResult<Map<String, Object>> login = new GeneralResult<>();
        try {
            HttpRequest httpRequest = HttpRequest.post(url)
                    .header("isToken", "false")
                    .body(JSONObject.toJSONString(paramsMap));
            log.info("调用天融信用户软key登录接口, 请求信息:" + JSONObject.toJSONString(httpRequest));
            HttpResponse response = httpRequest.execute();
            result = JSONObject.parseObject(response.body());
            if (!"0".equals(result.getString("result"))) {
                return new GeneralResult(false, "用户登录天融信失败" + result.getString("errmsg"));
            }
            String trxToken = result.getString("token");
            String userId = result.getString("user_id");

            // 处理ukey登录用户
            log.info("开始软Key登录用户入库, userId:" + userId);
            saveUserByTrx(userId);
            log.info("软Key登录用户入库结束");
            // 登录
            log.info("开始软Key登录用户登录云管平台");
            User user = userRepository.getByUserId(userId);
            Encryptor encryptor = new AESEncryptor();
            String password = encryptor.encrypt(userId + "CMP", null);
            login = userServiceImpl.login(user.getAccount(), password, null, null, true);
            login.getData().put("trxToken", trxToken);
            log.info("软Key登录用户登录云管平台结束");
        } catch (Exception e) {
            log.error("用户登录失败：", e);
            return new GeneralResult(false, "用户登录失败" + e.getMessage());
        }
        return login;

    }

    private void saveUserByTrx(String userId) {
        User user = userRepository.getByUserId(userId);
        // 根据userId获取运控系统用户信息
        JSONObject params = new JSONObject();
        params.put("userId", userId);
        //请求运控系统获取用户信息
        YkUserModel ykUser = JSONArray.parseArray(ykUtils.call(YkInf.queryAllUser, params, String.class), YkUserModel.class).get(0);
        // 处理邮箱
        Random random = new Random();
        // 生成指定长度的随机数字字符串
        StringBuilder emailStr = new StringBuilder(9);
        for (int i = 0; i < 9; i++) {
            emailStr.append(random.nextInt(10)); // 生成 0 到 9 之间的随机数字
        }
        String email = emailStr.toString() + "@163.com";
        if (ObjectUtils.isEmpty(user)) {
            log.info("开始新增天融信登录用户，userId: " + userId);
            // 新增  以userId作为account 并添加注释
            UserBean userBean = new UserBean();
            userBean.setPassword(userId + "CMP");
            userBean.setSex(true);
            userBean.setIsManager(true);
            userBean.setUserId(userId);
            userBean.setRemark("天融信登录添加用户");
            // 设置运控用户信息
            userBean.setAccount(ykUser.getLoginName());
            userBean.setName(ykUser.getUserName());
            userBean.setMobile(ykUser.getMobile());
            userBean.setEmail(ykUser.getEmail() == null ? email : ykUser.getEmail());
            userBean.setUserId(userId);
            RequestContext context = new RequestContext();
            context.setTarget(1L);
            context.setCatalog(RequestContext.Catalog.Manager);
            userServiceImpl.create(userBean, context);
            /**
             * 云管授权当前用户全部角色
             * 1，获取云管角色列表
             * 2，授权
             * */
            User userByUserId = userRepository.getByUserId(userId);
            List<Long> roleIds = roleRepository.list().stream().map(Role::getId).collect(Collectors.toList());
            userServiceImpl.accredit(userByUserId.getId(), roleIds, context);
            log.info("完成新增天融信登录用户，userId: " + userId);
        } else {
            // 修改
            log.info("开始修改天融信登录用户，userId: " + userId);
            UserBean userBean = new UserBean();
            userBean.setId(user.getId());
            userBean.setSex(true);
            userBean.setIsManager(true);
            userBean.setUserId(userId);
            userBean.setRemark("天融信登录添加用户");
            // 设置运控用户信息
            userBean.setAccount(ykUser.getLoginName());
            userBean.setName(ykUser.getUserName());
            userBean.setMobile(ykUser.getMobile());
            userBean.setEmail(ykUser.getEmail() == null ? email : ykUser.getEmail());
            RequestContext context = new RequestContext();
            context.setTarget(1L);
            context.setCatalog(RequestContext.Catalog.Manager);
            userServiceImpl.modify(user.getId(), userBean, context);
            log.info("完成修改天融信登录用户，userId: " + userId);
        }
    }

    //确认天融信token是否有效
    public GeneralResult getTokenOnline(String trxToken) {
        try {
            String url = trxUrl + "/tokenOnline";
            JSONObject result = JSONObject.parseObject(HttpUtil.post(url, trxToken, 10000));
            log.info("确认天融信token是否有效接口返回信息：" + JSONObject.toJSONString(result));
            if (!"0".equals(result.getString("result"))) {
                return new GeneralResult(false, "当前token无效" + result.getString("errmsg"));
            }
        } catch (Exception e) {
            log.error("获取天融信token状态失败：", e);
            return new GeneralResult(false, "获取天融信token状态失败" + e.getMessage());
        }
        return new GeneralResult(true, "当前token有效");
    }


    // 登出天融信 (下线)
    @Override
    public GeneralResult logout(TrxAuthModel trxAuthModel) {
        String url = trxUrl + "/offlineToken";
        Map<String, Object> paramsMap = new HashMap<>();
        paramsMap.put("token", trxAuthModel.getTrxToken());
        paramsMap.put("client_ip", trxAuthModel.getClientIp());
        HttpRequest httpRequest = HttpRequest.post(url)
                .header("isToken", "false")
                .body(JSONObject.toJSONString(paramsMap));
        log.info("调用天融信下线接口, 请求信息:" + JSONObject.toJSONString(httpRequest));
        HttpResponse response = httpRequest.execute();
        JSONObject result = JSONObject.parseObject(response.body());
        if (!"0".equals(result.getString("result"))) {
            return new GeneralResult(false, "下线失败" + result.getString("msg"));
        }
        return new GeneralResult(true, "下线成功");
    }

    // 获取运控系统应用列表
    public List<AppEntity> queryAppList(String userToken, String userId) {
        // 获取运控系统应用列表
        String sysAppList = redisTemplate.opsForValue().get("SYS_APP_LIST");
        Gson gson = new Gson();
        Type listType = new TypeToken<List<AppEntity>>() {
        }.getType();
        List<AppEntity> appList = gson.fromJson(sysAppList, listType);

        List<AppPerm> permList = JSONArray.parseArray(qxUtils.queryApp(userToken, userId), AppPerm.class);

        if (CollectionUtil.isEmpty(permList)) return appList;

        List<String> appIds = new ArrayList<>(permList.size());

        permList.stream().forEach(appPerm -> appIds.add(appPerm.getId()));

        appList.stream().forEach(app -> {
            if (appIds.contains(app.getAppId())) {
                app.setEnable(false);
            }
        });

        return appList;
    }

    // 获取天融信用户在权限系统的门户应用的菜单
    public List<AppModule> queryQxCategoryList(String userToken, String userId) {
        List<AppModule> appModules = JSONArray.parseArray(qxUtils.queryAppModules(userToken, userId), AppModule.class);
        log.info("获取用户在指定应用中可操作的功能模块信息结果:" + JSONObject.toJSONString(appModules));
        return appModules;
    }

    public String getRequestIpAddress(HttpServletRequest request) {
        String ip = request.getHeader("X-Forwarded-For");
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("X-Real-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getHeader("WL-Proxy-Client-IP");
        }
        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
            ip = request.getRemoteAddr();
        }
        String[] parts = ip.split(":");
        return parts[0];
    }

}