package com.gkhy.assess.framework.shiro.service;

import com.gkhy.assess.common.constant.CacheConstant;
import com.gkhy.assess.common.enums.ApproveStatusEnum;
import com.gkhy.assess.common.enums.UserIdentityEnum;
import com.gkhy.assess.common.enums.UserStatusEnum;
import com.gkhy.assess.common.utils.JwtTokenUtil;
import com.gkhy.assess.common.utils.RedisUtils;
import com.gkhy.assess.system.domain.SysUser;
import com.gkhy.assess.system.service.SysUserService;
import com.gkhy.assess.system.utils.ShiroUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import java.time.LocalDateTime;

@Component
public class SysLoginService  {
    @Autowired
    private SysUserService sysUserService;
    @Autowired
    private SysPasswordService passwordService;
    @Autowired
    private RedisUtils redisUtils;
    @Autowired
    private HttpServletRequest request;

    public SysUser login(String username, String password,Integer identity) {
        SysUser sysUser=sysUserService.getUserByUsernamePhone(username,identity);
        validUser(sysUser);
        passwordService.validate(sysUser,password);
        recordLoginInfo(sysUser.getId());
        return sysUser;
    }

    public void validUser(SysUser sysUser){
        if(sysUser==null) {
            throw new AuthenticationException("用户不存在");
        }
        String uri=request.getRequestURI();
        if(uri.startsWith("/api/system")){
            if(UserIdentityEnum.EXPERT.getCode().equals(sysUser.getIdentity())){
                throw new AuthenticationException("专家用户无权登录后台");
            }
        }else if(uri.startsWith("/api/app/")){
            if(!UserIdentityEnum.EXPERT.getCode().equals(sysUser.getIdentity())){
                throw new AuthenticationException("只有专家用户才能登录APP");
            }
        }
        if(UserStatusEnum.DELETED.getCode().equals(sysUser.getDelFlag())){
            throw new AuthenticationException("用户已被删除");
        }
        if(UserStatusEnum.DISABLE.getCode().equals(sysUser.getStatus())){
            throw new AuthenticationException("用户已被停用");
        }
//        if(UserIdentityEnum.AGENCY.getCode().equals(sysUser.getIdentity())){
//            if(!ApproveStatusEnum.APPROVED.getCode().equals(sysUser.getState())){
//                throw new AuthenticationException("机构账户审批还未通过");
//            }
//        }
    }

    public SysUser validJwtToken(String jwtToken){

        String username= JwtTokenUtil.getUsername(jwtToken);
        Integer identity=JwtTokenUtil.getIdentity(jwtToken);
        if(StringUtils.isEmpty(username)||identity==null){
            throw new AuthenticationException("token非法无效!");
        }
        SysUser sysUser=sysUserService.getUserByUsernamePhone(username,identity);
        validUser(sysUser);
        if(!JwtTokenUtil.verify(jwtToken,username,sysUser.getPassword(),identity)){
            throw new AuthenticationException("token非法无效!");
        }
        if(!jwtTokenRefresh(jwtToken,username,sysUser.getPassword(),identity)){
            throw new AuthenticationException("您的账号登录过期，请重新登录!");
        }
     //   setRolePermission(sysUser);
        return sysUser;
    }

    /**
     * JWTToken刷新生命周期 （实现： 用户在线操作不掉线功能）
     * 1、登录成功后将用户的JWT生成的Token作为k、v存储到cache缓存里面(这时候k、v值一样)，缓存有效期设置为Jwt有效时间的2倍
     * 2、当该用户再次请求时，通过JWTFilter层层校验之后会进入到doGetAuthenticationInfo进行身份验证
     * 3、当该用户这次请求jwt生成的token值已经超时，但该token对应cache中的k还是存在，则表示该用户一直在操作只是JWT的token失效了，程序会给token对应的k映射的v值重新生成JWTToken并覆盖v值，该缓存生命周期重新计算
     * 4、当该用户这次请求jwt在生成的token值已经超时，并在cache中不存在对应的k，则表示该用户账户空闲超时，返回用户信息已失效，请重新登录。
     * 注意： 前端请求Header中设置Authorization保持不变，校验有效性以缓存中的token为准。
     *       用户过期时间 = Jwt有效时间 * 2。
     *
     * @param username
     * @param passWord
     * @return
     */
    public boolean jwtTokenRefresh(String jwtToken, String username, String passWord, Integer identity){
        String tokenKey=redisUtils.generateKey(CacheConstant.SYS_USER_TOKEN+":"+JwtTokenUtil.md5Encode(jwtToken));
      //  String userKey=redisUtils.generateKey(CacheConstant.SYS_USER_TOKEN+":"+username+"_"+identity);
        String cacheToken= (String) redisUtils.get(tokenKey);
        if(StringUtils.isNotEmpty(cacheToken)){
            // 校验token有效性
            if(!JwtTokenUtil.isNeedUpdate(cacheToken,username,passWord,identity)){
                String newToken=JwtTokenUtil.sign(username,passWord,identity);
                // 设置超时时间
                redisUtils.set(tokenKey,newToken,JwtTokenUtil.EXPIRATION*2/1000);
               // redisUtils.expire(userKey,(JwtTokenUtil.EXPIRATION*2/1000)+2);
            }
            return true;
        }
        return false;
    }


    public void recordLoginInfo(Long userId){
        SysUser user=new SysUser();
        user.setId(userId);
        user.setLoginIp(ShiroUtils.getIp());
        user.setLoginDate(LocalDateTime.now());
        sysUserService.updateById(user);

    }
}