package com.vincent.rsf.openApi.security.filter;

import com.vincent.rsf.openApi.entity.constant.Constants;
import com.vincent.rsf.openApi.security.service.AppAuthService;
import com.vincent.rsf.openApi.security.utils.TokenUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * AppId/Token 认证过滤器
 */
@Slf4j
@Component
@Order(1)
public class AppIdAuthenticationFilter extends OncePerRequestFilter {

    @Resource
    private AppAuthService appAuthService;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {

        String requestURI = request.getRequestURI();
        if (isAuthRequest(requestURI)) {
            filterChain.doFilter(request, response);
            return;
        }

        String authHeader = request.getHeader(Constants.HEADER_AUTHORIZATION);
        if (authHeader != null) {
            String token = TokenUtils.extractTokenFromHeader(authHeader);
            if (token != null && TokenUtils.validateTokenTime(token)) {
                String tokenAppId = TokenUtils.getAppIdFromToken(token);
                String tokenAppSecret = TokenUtils.getSecretFromToken(token);
                if (!StringUtils.hasText(tokenAppId) || !StringUtils.hasText(tokenAppSecret)
                        || !appAuthService.validateApp(tokenAppId, tokenAppSecret)) {
                    log.warn("Token验证失败");
                    sendErrorResponse(response, Constants.UNAUTHENTICATED_CODE, "认证失败，请提供有效的Token");
                    return;
                }
                request.setAttribute(Constants.REQUEST_ATTR_APP_ID, tokenAppId);
            } else {
                log.warn("Token验证失败或缺失");
                sendErrorResponse(response, Constants.UNAUTHENTICATED_CODE, "认证失败，请提供有效的Token");
                return;
            }
        } else {
            log.warn("缺少Token认证信息");
            sendErrorResponse(response, Constants.UNAUTHENTICATED_CODE, "认证失败，请提供有效的Token");
            return;
        }

        filterChain.doFilter(request, response);
    }

    private void sendErrorResponse(HttpServletResponse response, int code, String message) throws IOException {
        response.setStatus(code);
        response.setContentType("application/json;charset=UTF-8");
        PrintWriter writer = response.getWriter();
        writer.write("{\"code\": " + code + ", \"msg\": \"" + message + "\", \"data\": null}");
        writer.flush();
    }

    private boolean isAuthRequest(String requestURI) {
        return requestURI != null && requestURI.contains("/getToken");
    }

    @Override
    protected boolean shouldNotFilter(HttpServletRequest request) {
        String requestURI = request.getRequestURI();
        return requestURI == null
                || requestURI.contains("/auth/")
                || requestURI.contains("/public/")
                || requestURI.contains("/doc.html")
                || requestURI.contains("/swagger")
                || requestURI.contains("/webjars")
                || requestURI.contains("/v2/api-docs")
                || requestURI.contains("/v3/api-docs");
    }
}