package middleware

import (
	"baize_scaffold/gateway/gw/config"
	"fmt"
	"net/http"

	"github.com/pkg/errors"

	"git.sxidc.com/go-framework/baize/framework/core/api/response"
	"git.sxidc.com/go-framework/baize/framework/gateway"
	"git.sxidc.com/service-supports/fslog"
	"github.com/dgrijalva/jwt-go/request"
)

func Authentication() gateway.Handler {
	return func(requestBuilder *gateway.RequestBuilder) {
		c := requestBuilder.ApiContext()
		respFunc := response.SendMapResponse

		token, err := request.AuthorizationHeaderExtractor.ExtractToken(c.Request)
		if err != nil {
			fslog.Error(err)
			respFunc(c, http.StatusUnauthorized, map[string]any{
				"accessToken": "",
			}, errors.New("token错误"))
			c.Abort()
			return
		}

		requestBuilder.Post(&gateway.PostRequest{
			Url: config.GetGatewayConfig().ServicesConfig.UMBaseUrl + "/utm/api/v1/checkToken",
			Body: map[string]any{
				"token": token,
			},
		}).ResponseSuccessCallback(func(c *gateway.RequestBuilderContext) {
			userID, ok := c.GetResultMapValue("userId").(string)
			if !ok {
				fslog.Error(err)
				respFunc(c.ApiContext(), http.StatusUnauthorized, map[string]any{
					"accessToken": "",
				}, errors.New("用户ID获取错误"))
				c.ApiContext().Abort()
			}
		}).Request()

		currentTenant, err := ngumInner.GetUserCurrentTenant(umCheckResult.UserID)
		if err != nil {
			fslog.Error(err)
			respFunc(c, http.StatusUnauthorized, map[string]any{
				"code":        ErrGetCurOrg.Code(),
				"accessToken": "",
			}, ErrGetCurOrg)
			c.Abort()
			return
		}

		tangentSimpleUserInfo := new(mbum_resp.TangentUserProfileInfo)
		tenantStatus := new(ngtm_resp.TenantStatus)
		if currentTenant.ID != "" {
			tenantStatus, err = ngtmInner.GetTenantStatus(currentTenant.ID)
			if err != nil {
				fslog.Error(err)
				respFunc(c, http.StatusUnauthorized, map[string]any{
					"code":        ErrGetCurOrg.Code(),
					"accessToken": "",
				}, ErrGetCurOrgUserInfo)
				c.Abort()
				return
			}

			tangentSimpleUserInfo, err = ngumInner.GetTenantUserProfileSimpleByID(currentTenant.ID, umCheckResult.UserID)
			if err != nil {
				fslog.Error(err)
				respFunc(c, http.StatusUnauthorized, map[string]any{
					"code":        ErrGetCurOrg.Code(),
					"accessToken": "",
				}, ErrGetCurOrgUserInfo)
				c.Abort()
				return
			}
		}

		// 2.使用新的uas 直接根据用户id和访问资源信息判断是否有权限。
		authInfo, err := uasV1.Authentication(&uasV1Req.AuthenticationJsonBody{
			TenantID:       currentTenant.ID,
			UserID:         umCheckResult.UserID,
			Namespace:      global.Namespace,
			Resource:       c.FullPath(),
			Action:         c.Request.Method,
			IsExpireStatus: tenantStatus.IsExpireStatus,
		})
		if err != nil {
			fslog.Error(err)
			respFunc(c, http.StatusUnauthorized, map[string]any{
				"code":        ErrAuth.Code(),
				"accessToken": "",
			}, ErrAuth)
			c.Abort()
			return
		}

		if authInfo != nil && !authInfo.Pass {
			fslog.Error(fmt.Errorf("path:%s,method:%s", c.Request.URL.Path, c.Request.Method))
			respFunc(c, http.StatusUnauthorized, map[string]any{
				"code":        ErrNoPermission.Code(),
				"accessToken": "",
			}, ErrNoPermission)
			c.Abort()
			return
		}

		// 组合角色
		roles := make([]RoleInfo, 0)
		for _, sysRole := range authInfo.SysRoles {
			roles = append(roles, RoleInfo{
				ID:   sysRole.ID,
				Name: sysRole.Name,
			})

		}
		for _, tangentRole := range authInfo.TenantRoles {
			roles = append(roles, RoleInfo{
				ID:   tangentRole.ID,
				Name: tangentRole.Name,
			})
		}

		c.SetUserInfo(&UserInfoWithRoles{
			ID:                 umCheckResult.UserID,
			UserName:           umCheckResult.UserName,
			Updated:            umCheckResult.Updated,
			ProfileName:        tangentSimpleUserInfo.Name,
			OrgInfo:            currentTenant,
			RoleInfos:          roles,
			TangentUserProfile: tangentSimpleUserInfo,
		})

		c.SetTenantInfo(currentTenant)

		c.Next()
	}
}