package token

import (
	"errors"
	"fmt"
	"mtp2_if/config"
	"mtp2_if/global/e"
	"mtp2_if/rediscli"
	"net/http"
	"strings"

	"github.com/gin-gonic/gin"
)

// TouristToken 游客Token
var TouristToken string = "c886a057f3d820d4dbc41473686c7c2d"

// CheckToken Token校验
func CheckToken(loginid string, token string) error {
	key := fmt.Sprintf("monitor:online_loginid::%s", loginid)
	field := "Token"

	realToken, err := rediscli.GetRedisClient().HGet(key, field).Result()
	if err != nil {
		return err
	}

	if realToken != token {
		return errors.New("token is invalid")
	}

	return nil
}

// Auth Token校验中间件
func Auth() gin.HandlerFunc {
	return func(c *gin.Context) {
		if config.SerCfg.GetDebugMode() {
			c.Next()
			return
		}

		var code int
		var data interface{}

		code = e.SUCCESS
		token := c.GetHeader("Authorization")
		if token == "" {
			// Token缺失
			code = e.ERROR_AUTH_CHECK_TOKEN_MISSING
		} else {
			// 获取loginid
			s := strings.Split(token, "_")
			loginid := s[0]
			if err := CheckToken(loginid, token); err != nil {
				// Token错误
				code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
			}
		}

		// Token检验失败
		if code != e.SUCCESS {
			c.JSON(http.StatusUnauthorized, gin.H{
				"code": code,
				"msg":  e.GetMsg(code),
				"data": data,
			})

			c.Abort()
			return
		}

		// FIXME: - 针对POST接口，应判断传入TOKEN对应的用户是否正确（比如判断UserID或AccountID是否对得上等），后期处理

		// Token检验成功
		c.Next()
	}
}

// AuthByHsby 游客鉴权
func AuthByHsby() gin.HandlerFunc {
	return func(c *gin.Context) {
		// 包含accountID、accountIDs、userID和userIDs等参数需要走正常鉴权
		accountID := c.Query("accountID")
		accountIDs := c.Query("accountIDs")
		userID := c.Query("userID")
		userIDs := c.Query("userIDs")
		if len(accountID) != 0 || len(accountIDs) != 0 || len(userID) != 0 || len(userIDs) != 0 {
			if config.SerCfg.GetDebugMode() {
				c.Next()
				return
			}

			var code int
			var data interface{}

			code = e.SUCCESS
			token := c.GetHeader("Authorization")
			if token == "" {
				// Token缺失
				code = e.ERROR_AUTH_CHECK_TOKEN_MISSING
			} else {
				// 获取loginid
				s := strings.Split(token, "_")
				loginid := s[0]
				if err := CheckToken(loginid, token); err != nil {
					// Token错误
					code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
				}
			}

			// Token检验失败
			if code != e.SUCCESS {
				c.JSON(http.StatusUnauthorized, gin.H{
					"code": code,
					"msg":  e.GetMsg(code),
					"data": data,
				})

				c.Abort()
				return
			}

			// FIXME: - 针对POST接口，应判断传入TOKEN对应的用户是否正确（比如判断UserID或AccountID是否对得上等），后期处理

			// Token检验成功
			c.Next()
			return
		}

		var code int
		var data interface{}

		code = e.SUCCESS
		token := c.GetHeader("Authorization")
		if token == "" {
			// Token缺失
			code = e.ERROR_AUTH_CHECK_TOKEN_MISSING
		} else {
			if token != TouristToken {
				// Token错误
				code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
			}
		}

		// Token检验失败
		if code != e.SUCCESS {
			c.JSON(http.StatusUnauthorized, gin.H{
				"code": code,
				"msg":  e.GetMsg(code),
				"data": data,
			})

			c.Abort()
			return
		}

		// Token检验成功
		c.Next()
	}
}