package user

import (
	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt/v5"
	"net/http"
	"product/backend/models"
	"product/backend/moo/db"
	"product/backend/moo/log"
	"strings"
	"time"
)

func AuthJWT(ctx *gin.Context) {
	if strings.HasPrefix(ctx.Request.RequestURI, "/assets") {
		return
	}
	if strings.HasPrefix(ctx.Request.RequestURI, "/open/") {
		return
	}
	if ctx.Request.RequestURI == "/user/login" {
		return
	}

	ss := ctx.GetHeader("Authorization")
	ss = strings.Replace(ss, "Bearer ", "", -1)
	if ss == "" {
		log.Error("jwt token is empty")
		ctx.JSON(http.StatusOK, gin.H{
			"code":    1,
			"message": "token 错误",
		})
		ctx.Abort()
		return
	}

	token, err := jwt.ParseWithClaims(ss, &jwt.RegisteredClaims{}, func(token *jwt.Token) (interface{}, error) {
		return models.UserSigningKey, nil
	}, jwt.WithLeeway(5*time.Second))

	if err != nil {
		log.Error(err)
		ctx.JSON(http.StatusOK, gin.H{
			"code":    1,
			"message": "token 错误",
		})
		ctx.Abort()
		return
	}

	claims, ok := token.Claims.(*jwt.RegisteredClaims)
	if !ok {
		log.Error("token type error")
		ctx.JSON(http.StatusOK, gin.H{
			"code":    1,
			"message": "token 错误",
		})
		ctx.Abort()
		return
	}

	user := models.User{}
	if err := db.DB.First(&user, claims.ID).Error; err != nil {
		log.Error(err)
		ctx.JSON(http.StatusOK, gin.H{
			"code":    1,
			"message": "用户错误",
		})
		ctx.Abort()
		return
	}

	//if user.AuthToken != ss {
	//	log.Error("user token changed")
	//	ctx.JSON(http.StatusOK, gin.H{
	//		"code":    1,
	//		"message": "用户错误",
	//	})
	//	ctx.Abort()
	//	return
	//}

	_ = db.DB.Model(&user).Association("Role").Find(&user.Role)

	ctx.Set("user", user)

	//ctx.Next()
}

func PrivCheck(ctx *gin.Context) {
	if strings.HasPrefix(ctx.Request.RequestURI, "/assets") {
		return
	}
	if strings.HasPrefix(ctx.Request.RequestURI, "/open/") {
		return
	}
	if ctx.Request.RequestURI == "/user/login" {
		return
	}

	userValue, exists := ctx.Get("user")
	if !exists {
		log.Error("no auth")
		ctx.JSON(http.StatusOK, gin.H{
			"code":    1,
			"message": "用户错误",
		})
		ctx.Abort()
		return
	}
	user := userValue.(models.User)
	if user.RoleID == 1 {
		// super admin
		return
	}

	privs := user.Role.Privs

	need := strings.TrimLeft(ctx.Request.URL.Path, "/") + "/" + strings.ToLower(ctx.Request.Method)

	if !strings.Contains(privs, need) {
		log.Error("no priv")
		ctx.JSON(http.StatusOK, gin.H{
			"code":    1,
			"message": "权限错误",
		})
		ctx.Abort()
		return
	}
}