package com.nms.swspkmas_standalone.shiro.realm;

import cn.hutool.core.util.StrUtil;
import com.nms.swspkmas_standalone.entity.User;
import com.nms.swspkmas_standalone.exception.ApiException;
import com.nms.swspkmas_standalone.service.UserService;
import com.nms.swspkmas_standalone.shiro.token.JwtToken;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashSet;
import java.util.Objects;
import java.util.Set;

/**
 * @Author ling.quan
 * @Date 2022/2/17 16:31
 * @Desciption jwtRealm:这个自定义的realm就比较关键了。它实现了认证和授权的两个方法。
 * 认证的方法里面，我们获取到JwtToken类的token后，获取token里面的参数信息（暂时只有username），然后查询“数据库”判断，没有则返回错误信息，即抛出异常，让subject.login(token)所在的方法捕获到异常进行处理。认证通过，即用户名所对应的对象存在，则返回SimpleAuthenticationInfo对象，让请求能够继续请求loginController
 * 授权的方法中，则是获取到token携带的的username信息来查询其拥有的权限，然后进行设置即可，至此，我们的shiro作用就发挥得差不多了
 * [realm是由shiroConfig中的securityManager调用的]
 *
 */

public class JwtRealm extends AuthorizingRealm {

    @Autowired
    private UserService userService;

    /**
     * 限定这个 Realm 只处理我们自定义的 JwtToken
     */
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JwtToken;
    }

    /**
     * 此处的 SimpleAuthenticationInfo 可返回任意值，密码校验时不会用到它
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
            throws AuthenticationException {
        JwtToken jwtToken = (JwtToken) authcToken;
        if (jwtToken.getPrincipal() == null) {
            throw new AccountException("JWT token参数异常！");
        }
        // 从 JwtToken 中获取当前用户
        String username = jwtToken.getPrincipal().toString();

        if (StrUtil.isBlank(username)) {
            throw new UnknownAccountException("未登录！");
        }

        // 获取当前用户
        User currentUser = userService.getByUserName(username);

        if (currentUser == null) {
            throw new ApiException("用户不存在！");
        }

        ByteSource.Util.bytes("nms");
        return new SimpleAuthenticationInfo(currentUser, username, getName());
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        // 获取当前用户
        User currentUser = (User) SecurityUtils.getSubject().getPrincipal();
        // UserEntity currentUser = (UserEntity) principals.getPrimaryPrincipal();
        Set roleSet=new HashSet();
        roleSet.add("");
        info.setRoles(roleSet);
        return info;
    }

}