package com.terra.proxy.util;

import cn.hutool.core.codec.Base64;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.terra.proxy.bean.CustomerToken;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpStatus;

import java.util.Date;
import java.util.Map;

public class TokenUtils {
    // token密钥
    private static String secret = "f4e2e52034348f86b67cde581c0f9eb5[lanbase]";

    public static CustomerToken decToken(String token) throws Exception {
        // 校验token
        if (StringUtils.isBlank(token)) {
            throw new Exception("未传入token");
        }

        Claims claims;
        try {
            claims = getClaimByToken(token);
        } catch (ExpiredJwtException e) {
            throw new Exception("token已过期");
        } catch (Exception e) {
            // e.printStackTrace();
            throw new Exception("token无效");
        }
        if (claims == null) {

            throw new Exception("无效的token");
        }
        if (isTokenExpired(claims.getExpiration())) {
            throw new Exception("token已失效");
        }
        String msg = claims.getSubject();

        CustomerToken cutToken = CustomerToken.fromString(msg);
        return cutToken;
    }

    public static Result validate(CustomerToken cutToken, String clientIp,
                                  String refererUrl) {
        Result r;
        if (cutToken.getIsPubzy()) {
            r = Result.ok(cutToken.getSubzyids());
        } else {
            String appId = cutToken.getAppId();
            // 无appId属通过浏览器直接访问的情况：校验 clientIp 与 Token里面的IP地址是否匹配，
            if (StringUtils.isBlank(appId) || StringUtils.equals("0", appId)) {
                // TODO
            } else {
                if (!clientIp.equalsIgnoreCase((String) cutToken.getClientIp())) {
                    if (StringUtils.isBlank(refererUrl)
                            || !refererUrl
                            .startsWith((String) cutToken.getAppUrl())) {
                        return Result.error(HttpStatus.SC_UNAUTHORIZED, "未授权的应用系统");
                    }
                }
            }
        }

        r = Result.ok(cutToken.getSubzyids());
        return r;
    }

    /**
     * 验证token
     *
     * @param token
     * @param requestUrl
     * @param clientIp
     * @param refererUrl
     * @return
     */
    public static Result tokenValidate(String token, String requestUrl,
                                       String clientIp, String refererUrl) {
        if (StringUtils.isBlank(token)) {
            return Result.error(HttpStatus.SC_UNAUTHORIZED, "未传入token");
        }
        Claims claims;
        try {
            claims = getClaimByToken(token);
        } catch (ExpiredJwtException e) {
            return Result.error(HttpStatus.SC_UNAUTHORIZED, "token已过期");
        } catch (Exception e) {
            return Result.error(HttpStatus.SC_UNAUTHORIZED, "token无效");
        }
        if (claims == null) {
            return Result.error(HttpStatus.SC_UNAUTHORIZED, "无效的token");
        }
        if (isTokenExpired(claims.getExpiration())) {
            return Result.error(HttpStatus.SC_UNAUTHORIZED, "token已失效");
        }
        String msg = claims.getSubject();
        Map<String, Object> map = JSON.parseObject(msg);
        if (StringUtils.isNotBlank(clientIp)) {
            if (!clientIp.equalsIgnoreCase((String) map.get("clientIp"))) {
                return Result.error(HttpStatus.SC_UNAUTHORIZED, "未授权的客户端");
            }
            if (StringUtils.isBlank(requestUrl)
                    || !requestUrl.startsWith((String) map.get("resourceUrl"))) {
                return Result.error(HttpStatus.SC_UNAUTHORIZED, "无权限访问请求的资源");
            }
        } else {
            if (StringUtils.isBlank(refererUrl)
                    || !refererUrl.startsWith((String) map.get("appUrl"))) {
                return Result.error(HttpStatus.SC_UNAUTHORIZED, "未授权的应用系统");
            }
        }

        Result r = Result.ok(msg);
        return r;
    }

    /**
     * token是否过期
     *
     * @param expiration
     * @return
     */
    public static boolean isTokenExpired(Date expiration) {
        return expiration.before(new Date());
    }

    /**
     * 解析token
     *
     * @param token
     * @return
     */
    public static Claims getClaimByToken(String token) {
        try {
            return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
        } catch (Exception e) {
            return null;
        }
    }

    /**
     * 解析token
     *
     * @param token
     * @return
     */
    public static CustomerToken getTokenInfo(String token) {
        try {
            String[] array = token.split("\\.");
            String t = Base64.decodeStr(array[1]);
            JSONObject jobj = JSONObject.parseObject(t, JSONObject.class);
            CustomerToken cutToken = CustomerToken.fromString(jobj.getString("sub"));
            return cutToken;

        } catch (Exception e) {
            return null;
        }
    }

    public static void main(String[] args) {
        CustomerToken tokenInfo1 = getTokenInfo("eyJ0eXBlIjoiSldUIiwiYWxnIjoiSFM1MTIifQ.eyJzdWIiOiJzZXJ2ZGwiLCJpYXQiOjE2MTU1MzE4NTksImV4cCI6MTY0NjYzNTg1OX0.eSGL-W5p76mjs9rvecxvXqE-BSy1MFcUyIcAFjwTw4ZMV70COlNwf-p-I3HmeVAG6IFZuwwKGdDv6H7NtMTBWw");
        System.out.println(tokenInfo1);

    }
}