package com.lunhan.xxx.host.api;

import com.lunhan.xxx.common.config.SysConfig;
import com.lunhan.xxx.common.enums.EResultCode;
import com.lunhan.xxx.common.exceptions.BusinessException;
import com.lunhan.xxx.common.jwt.JWTUtil;
import com.lunhan.xxx.common.jwt.LoginUserDTO;
import com.lunhan.xxx.common.util.IPUtils;
import com.lunhan.xxx.common.util.LocalDateTimeUtil;
import com.lunhan.xxx.common.util.RandVerifyCode;
import com.lunhan.xxx.common.util.StringUtil;
import com.lunhan.xxx.entity.enums.EUserType;
import org.apache.commons.lang3.BooleanUtils;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;


@Component
public class TokenFilter implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
        String method = request.getMethod();
        if ("options".equalsIgnoreCase(method)) {

            return true;
        }
        Long now = LocalDateTimeUtil.nowTimeStamp();
        String reqId = now + RandVerifyCode.complexCode(6);
        ApiRequestLogDTO req = new ApiRequestLogDTO();
        req.setRequestTime(now);
        req.setRequestId(reqId);
        req.setRequestIP(IPUtils.getIpAddress(request));
        String urlParams = request.getQueryString();
        if (StringUtil.isNotNullOrEmpty(urlParams)) {
            urlParams = "?" + urlParams;
        }
        req.setPath(request.getRequestURI() + urlParams);
        req.setMethod(method);
        req.setRequestData("");
//            Map<String, String> mapHeaders = new HashMap<>();
//            Enumeration<String> headerNames = request.getHeaderNames();
//            String key = headerNames.nextElement();
//            while (StringUtil.isNotNullOrEmpty(key)) {
//                mapHeaders.put(key, request.getHeader(key));
//                key = headerNames.nextElement();
//            }
        req.setRequestHeaders("");
        String token = request.getHeader(SysConfig.getTokenHeader());
        req.setRequestToken(token);
        HttpRequestLogPool.setRequestInfo(req);

        List<Class<?>> listHas = new ArrayList<>();
        if (handler instanceof HandlerMethod) {
            HandlerMethod methodHandle = (HandlerMethod) handler;
            Class<?> clazz = ((HandlerMethod) handler).getBeanType();

            NonLogin nonLogin = methodHandle.getMethodAnnotation(NonLogin.class);
            // 如果方法拥有跳过登陆验权的注解，则返回成功
            if (Objects.nonNull(nonLogin)) {
                return true;
            }
            nonLogin = AnnotationUtils.findAnnotation(clazz, NonLogin.class);
            // 如果此方法所属类拥有跳过登陆验权的注解，则返回成功
            if (Objects.nonNull(nonLogin)) {
                return true;
            }

            MustAdmin mustAdmin = methodHandle.getMethodAnnotation(MustAdmin.class);
            if (Objects.nonNull(mustAdmin)) {
                listHas.add(MustAdmin.class);
            }
            mustAdmin = AnnotationUtils.findAnnotation(clazz, MustAdmin.class);
            if (Objects.nonNull(mustAdmin)) {
                listHas.add(MustAdmin.class);
            }
        }
        if (Objects.isNull(token)) {
            throw new BusinessException(EResultCode.UNAUTHORIZED, "token未传入");
        }

        // 验证token
        LoginUserDTO user = JWTUtil.getUser(token);
        // 超级管理员拥有所有权限
        if (Objects.equals(user.getUserType(), EUserType.ADMIN.getValue())) {
            return true;
        }
        if (
                listHas.contains(MustAdmin.class) && (
                    BooleanUtils.isFalse(Objects.equals(user.getUserType(), EUserType.ADMIN.getValue())) &&
                    BooleanUtils.isFalse(Objects.equals(user.getUserType(), EUserType.ADMIN_USER.getValue())) &&
                    BooleanUtils.isFalse(Objects.equals(user.getUserType(), EUserType.CUSTOMER.getValue()) && Objects.equals(user.getIsChild(), 0))
                )
        ) {
            throw new BusinessException(EResultCode.FORBIDDEN, "没有权限");
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {

    }
}