package middleware

import (
	"demo/internal/dao"
	"demo/internal/model/do"
	"demo/internal/model/entity"
	"github.com/gogf/gf/v2/frame/g"
	"github.com/gogf/gf/v2/net/ghttp"
	"github.com/gogf/gf/v2/os/gtime"
	"net/http"
)

// HandlerAuth 接入剑鱼后台现有的权限控制
func HandlerAuth(r *ghttp.Request) {
	token_ := r.Request.URL.Query().Get("_token")
	// todo  待优化
	// 验证token有效
	da := dao.AdminToken
	orm := da.Ctx(r.Context())
	token := entity.AdminToken{}
	err := orm.Where(da.Columns().Token, token_).Scan(&token)
	if err != nil || gtime.Now().After(token.ExpireTime) {
		r.Response.WriteStatus(http.StatusForbidden)
		return
	}
	user := entity.AdminUser{}
	// 验证用户有效
	err = dao.AdminUser.Ctx(r.Context()).Where(dao.AdminUser.Columns().Id, token.AdminUserId).Scan(&user)
	if err != nil || user.Status == 2 {
		r.Response.WriteStatus(http.StatusForbidden)
		return
	}
	r.SetCtxVar("admin_user_id", token.AdminUserId)
	// 获得请求id 验证请求有效
	adminReq := entity.AdminRequest{}
	// todo 因为这是 restful风格的接口 ，和剑鱼后台原有的权限判断不一致，所以在不调整表结构的情况下使用原call字段 充当请求方式字段  在页面是`类型配置`输入框
	// 后边有时间可以看一下怎么调整一下
	err = dao.AdminRequest.Ctx(r.Context()).Where(do.AdminRequest{Action: r.Router.Uri, Call: r.Method}).Scan(&adminReq)
	if err != nil {
		r.Response.WriteStatus(http.StatusBadRequest)
		return
	}
	exist, err := orm.Raw("SELECT * FROM cadmin.admin_user_relate aur ,admin_user_group_relate augr ,admin_request_relate arr where arr.admin_request_id=? and aur.admin_user_id=? and augr.admin_user_group_id=aur.admin_user_group_id and augr.admin_auth_id=arr.admin_auth_id ", adminReq.Id, token.AdminUserId).Exist()
	if err != nil || !exist {
		r.Response.WriteStatus(http.StatusNotImplemented)
		return
	}
	// token续期
	//在验证过token是否过期后为token续期
	renew := token.ExpireTime.AddDate(0, 0, -1)
	if renew.Before(gtime.Now()) {
		_, err = orm.Data(da.Columns().ExpireTime, token.ExpireTime.AddDate(0, 0, 2)).Where(da.Columns().Id, token.Id).Update()
		if err != nil {
			g.Log().Error(r.Context(), "token 续期失败", err)
		}
	}
	r.Middleware.Next()
}