package org.springblade.auth.handle;

import com.alibaba.nacos.common.utils.StringUtils;
import io.jsonwebtoken.Claims;
import org.springblade.auth.utils.TokenUtil;
import org.springblade.core.jwt.JwtUtil;
import org.springblade.core.launch.constant.TokenConstant;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;

/**
 * token 校验过滤器
 */
@Configuration
public class TokenFilterHandle extends OncePerRequestFilter {


	@Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
		throws ServletException, IOException {
		String auth = request.getHeader("Blade-Auth");
		if (StringUtils.isBlank(auth)) {
			// 无授权处理
			unAuthResponse(response);
			return;
		}

		String token = JwtUtil.getToken(auth);
		Claims claims = JwtUtil.parseJWT(token);
		if (!StringUtils.isBlank(token) && null!=claims) {
			//判断 Token 状态
			String tenantId = String.valueOf(claims.get(TokenConstant.TENANT_ID));
			String userId = String.valueOf(claims.get(TokenConstant.USER_ID));
			String account = String.valueOf(claims.get(TokenConstant.ACCOUNT));
			String accessToken = JwtUtil.getAccessToken(tenantId, userId, token);
			if (token.equalsIgnoreCase(accessToken)) {
				UsernamePasswordAuthenticationToken authenticationToken
					= new UsernamePasswordAuthenticationToken(account, null);
				authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
				SecurityContextHolder.getContext().setAuthentication(authenticationToken);
			}else {
				// 无授权处理
				unAuthResponse(response);
				return;
			}
		}else {
			// 无授权处理
			unAuthResponse(response);
			return;
		}

		filterChain.doFilter(request, response);
	}

	/**
	 * 无授权处理
	 * @param response
	 * @throws IOException
	 */
	private void unAuthResponse(HttpServletResponse response) throws IOException {
		response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
		response.setContentType("application/json;charset=UTF-8");
		PrintWriter writer = new PrintWriter(new OutputStreamWriter(response.getOutputStream(), "UTF-8"));
		writer.write("{\"status\": 401,\n" + "\"error\": \"Unauthorized\"\n" + "}");
		writer.flush();
	}
}