package com.xzx.gc.interceptor;

import cn.hutool.crypto.SecureUtil;
import cn.hutool.json.JSONUtil;
import com.xzx.gc.common.annotations.PassToken;
import com.xzx.gc.common.constant.Constants;
import com.xzx.gc.common.exception.RestException;
import com.xzx.gc.common.utils.*;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;


/**
 * token验证拦截器
 *
 * @author zan.zhong
 * @date 2018-07-08 20:41
 */
@Slf4j
@Component
public class AuthInterceptor implements HandlerInterceptor {

    //接口超时时间60s
    private static final int timeLimit = 60;

    @Autowired
    private TokenUtil tokenUtil;

    @Autowired
    private BusinessUtil businessUtil;

    @Autowired
    private RedisUtil redisUtil;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse httpServletResponse, Object object) throws Exception {

        log.debug("进行通用拦截器：{}",request.getRequestURI());

        /**********请求参数***********************/
        String token = request.getHeader("token");
        String timestamp = request.getHeader("timestamp");
        String nonce = request.getHeader("nonce");
        String sign = request.getHeader("sign");
        String version = request.getHeader("version");
        String mobilePhone = request.getHeader("mobilePhone");
        String userId = request.getHeader("userId");
        String clientType = request.getHeader("clientType");
        String authKey = request.getHeader("authKey");
        //ip地址
        String ip=IpUtils.getIpAddr(request);

        LogUtils.setTraceId(LogUtils.TRACE_USER_ID,userId==null?"匿名":userId);


        /********请求参数END***********************/


        /********************忽略的请求********************/

        if(SpringUtil.isDev()&&"true".equals(request.getHeader("swagger"))){
            return  true;
        }


        // 如果不是映射到方法直接通过或者是否有passtoken注释，有则跳过认证
        if (!(object instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) object;
        Method method = handlerMethod.getMethod();
        if (method.isAnnotationPresent(PassToken.class)) {
            PassToken passToken = method.getAnnotation(PassToken.class);
            if (passToken.required()) {
                return true;
            }
        }

        /**************请求头参数非空验证********************/
        validHead(ip,token, timestamp, nonce, sign, version, mobilePhone, userId, clientType,authKey);

        /***请求时间验证**************/
        if (System.currentTimeMillis() - Long.parseLong(timestamp) > (timeLimit * 1000)) {
            throw new RestException(-1, "网络中断，请重新刷新页面");
        }

        /***********签名验证*********************/
        validSign(ip,token, timestamp, nonce, sign, clientType,version,authKey);

        /*********************重复请求验证************************/
        validNonce(ip,nonce, version, mobilePhone, userId);

        /**token验证*/
        validToken(token, version, mobilePhone, userId);

        /*********传递信息**************/
        request.setAttribute("userId",userId);

        return true;
    }

    private void validNonce(String ip,String nonce, String version, String mobilePhone, String userId) {
        String nonceKey=null;
            nonceKey = Constants.REDIS_USER_KEY + "signNonce:"+userId;
        String list = redisUtil.get(nonceKey);
        if (StringUtils.isBlank(list)) {
            List<String> nonceList = new ArrayList<>();
            nonceList.add(nonce);
            redisUtil.setex(nonceKey,JSONUtil.toJsonStr(nonceList),timeLimit);
        } else {
            List<String> objects = JSONUtil.parseArray(list).toList(String.class);
            if (!objects.contains(nonce)) {
                objects.add(nonce);
                redisUtil.setex(nonceKey,JSONUtil.toJsonStr(objects),timeLimit);
            } else {
                LogUtils.writeIp(ip,"重复的请求");
                throw new RestException(-1,"您操作过快，请稍后再试");
            }
        }
    }

    private void validSign(String ip,String token, String timestamp, String nonce, String sign, String clientType,String version,String authKey) {
        String newTokenString="";
        String newSign="";
        if(businessUtil.isAuth(version)){
            newTokenString = token + timestamp + nonce + "v1.1" + clientType +authKey+ Constants.SIGN_SECRET_NEW;
            newSign=sign;
        }else {
             newTokenString = token + timestamp + nonce + "v1.1" + clientType + Constants.SIGN_SECRET;
             newSign = SecureUtil.md5(newTokenString).toUpperCase();
        }
        if (!newSign.equals(sign)) {
            LogUtils.writeIp(ip,"签名不一致");
            throw new RestException(-2,"签名不一致");
        }
    }

    private void validHead(String ip,String token, String timestamp, String nonce, String sign, String version, String mobilePhone, String userId, String clientType,String authKey) {
        if (StringUtils.isEmpty(token)) {
            LogUtils.writeIp(ip,"请求头缺失token参数");
            throw new RestException(-2, "请求头参数不正确");
        }else if( StringUtils.isEmpty(timestamp)){
            LogUtils.writeIp(ip,"请求头缺失timestamp参数");
            throw new RestException(-2, "请求头参数不正确");
        }else if(StringUtils.isEmpty(nonce)){
            LogUtils.writeIp(ip,"请求头缺失nonce参数");
            throw new RestException(-2, "请求头参数不正确");
        }else if(StringUtils.isEmpty(sign) ){
            LogUtils.writeIp(ip,"请求头缺失sign参数");
            throw new RestException(-2, "请求头参数不正确");
        }else if(StringUtils.isEmpty(version) ){
            LogUtils.writeIp(ip,"请求头缺失version参数");
            throw new RestException(-2, "请求头参数不正确");
        }else if(StringUtils.isEmpty(clientType)){
            LogUtils.writeIp(ip,"请求头缺失clientType参数");
            throw new RestException(-2, "请求头参数不正确");
        }else if(StringUtils.isBlank(userId)){
            LogUtils.writeIp(ip,"请求头缺失userId参数");
            throw new RestException(-2,"请求头参数不正确");
        }else if (businessUtil.isAuth(version)) {
            if(StringUtils.isBlank(authKey)){
                LogUtils.writeIp(ip,"请求头缺失authKey参数");
                throw new RestException(-2,"请求头参数不正确");
            }
        }
    }

    private void validToken(String token, String version, String mobilePhone, String userId) {
            //验证token是否过期
            if (tokenUtil.isExpire(userId)) {
                throw new RestException(-2,"您的登录已经过期，请重新登录");
            }
            //验证token正确性
            if(tokenUtil.verifier(token, userId)==-2){
                if(!SpringUtil.isDev())
                    throw new RestException(-2, "您的登录已经过期，请重新登录");
            }
            //更新token有效时间
            tokenUtil.updateTokenExpire(userId);
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
//        //添加版本头用于更新
//        Object versionServiceImpl = SpringUtil.getBean("versionServiceImpl");
//        VersionInfo versionInfo=ReflectUtil.invoke(versionServiceImpl, "find");
//        if(versionInfo!=null){
//            httpServletResponse.addHeader("updateFlag",Convert.toStr(versionInfo.getUpdateFlag()));
//            httpServletResponse.addHeader("forceUpdateFlag",Convert.toStr(versionInfo.getForceUpdateFlag()));
//            httpServletResponse.addHeader("apkVersion",versionInfo.getApkMd5());
//        }
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
            LogUtils.clearTraceId();
    }
}