package auth

import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"net/http"

	"github.com/golang-jwt/jwt"
	"github.com/google/uuid"
	"github.com/zeromicro/go-zero/core/logx"
)

type UserInfo struct {
	UserId int64 `json:"userid"`
}

// 获取登录信息
func GetUserInfoFormCtx(ctx context.Context) UserInfo {
	uid, err := ctx.Value("userid").(json.Number).Int64()
	if err != nil {
		logx.Error("parse uid form context err:", err.Error())
		return UserInfo{}
	}
	return UserInfo{UserId: uid}
}

// 获取登录信息
func GetUserInfoFormMapClaims(claims jwt.MapClaims) (*UserInfo, error) {
	if userid, ok := claims["userid"]; ok {
		uid, ok := userid.(float64)
		if !ok {
			err := errors.New(fmt.Sprint("parse uid form context err:", userid))
			logx.Error("parse uid form context err:", err)
			return nil, err
		}

		return &UserInfo{UserId: int64(uid)}, nil
	} else {
		err := errors.New(`userid not in claims`)
		logx.Error(`userid not in claims`)
		return nil, err
	}
}

func GenerateJwtToken(accessSecret string, accessExpire, nowSec int64, userid int) (string, error) {
	claims := make(jwt.MapClaims)
	claims["exp"] = nowSec + accessExpire
	claims["iat"] = nowSec
	claims["userid"] = userid
	if userid == 0 {
		u, err := uuid.NewUUID()
		if err != nil {
			logx.Error(err)
			return "", err
		}
		claims["guestid"] = u.String() // TODO: 未完成
	}
	token := jwt.New(jwt.SigningMethodHS256)
	token.Claims = claims
	return token.SignedString([]byte(accessSecret))
}

func ParseJwtToken(w http.ResponseWriter, r *http.Request, AccessSecret *string) (*UserInfo, error) {
	// 解析jwtToken
	claims, err := getJwtClaims(r, AccessSecret)
	// 如果解析出错，则返回未授权的JSON响应并记录错误消息
	if err != nil {
		// httpx.OkJsonCtx(r.Context(), w, &basic.Response{
		// 	Code:    401,
		// 	Message: "unauthorized",
		// })
		// logx.Info("unauthorized:", err.Error())
		return nil, err
	}

	// 从Token里获取对应的信息
	userinfo, err := GetUserInfoFormMapClaims(claims)
	// 如果获取用户信息出错，则返回未授权的JSON响应并记录错误消息
	if err != nil {
		// httpx.OkJsonCtx(r.Context(), w, &basic.Response{
		// 	Code:    401,
		// 	Message: "unauthorized",
		// })
		// logx.Info("unauthorized:", err.Error())
		return nil, err
	}
	return userinfo, err
}

func getJwtClaims(r *http.Request, AccessSecret *string) (jwt.MapClaims, error) {
	AuthKey := r.Header.Get("Authorization")
	if len(AuthKey) <= 50 {
		return nil, errors.New(fmt.Sprint("Error parsing token, len:", len(AuthKey)))
	}

	token, err := jwt.Parse(AuthKey, func(token *jwt.Token) (interface{}, error) {
		// 检查签名方法是否为 HS256
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
		}
		// 返回用于验证签名的密钥
		return []byte(*AccessSecret), nil
	})
	if err != nil {
		return nil, errors.New(fmt.Sprint("Error parsing token:", err))
	}

	// 验证成功返回
	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
		return claims, nil
	}

	return nil, errors.New(fmt.Sprint("Invalid token", err))
}