package ldap_lib

import (
	"encoding/json"
	"fusenapi/model/gmodel"
	"fusenapi/utils/basic"
	"net/http"

	"github.com/zeromicro/go-zero/core/logx"
)

type LdapVerifyType string

const (
	API_PATH  LdapVerifyType = "api_path"
	MENU_PATH LdapVerifyType = "menu_path"
)

type LdapOptions struct {
	Type  LdapVerifyType
	Value string
}

// 验证权限
func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool {
	return true
	token := r.Header.Get("Ldap-Authorization")
	info, err := l.ParseJwtToken(token, l.jwtSecret)
	if err != nil {
		logx.Error("解析token失败", err, "----token:", token)
		return false
	}
	//查询ldap
	userInfo, err := l.GetLdapUserInfo(info.UserDN)
	if err != nil {
		logx.Error("获取ldap用户信息失败", err, "----user_dn:", info.UserDN)
	}
	if userInfo.Status != 1 {
		return false
	}
	if len(options) == 0 {
		return true
	}
	return true
}

// 验证权限组
func (l *Ldap) VerifyAuthorityGroup(r *http.Request, options ...LdapOptions) bool {
	token := r.Header.Get("Ldap-Authorization")
	info, err := l.ParseJwtToken(token, l.jwtSecret)
	if err != nil {
		logx.Error("解析token失败", err, "----token:", token)
		return false
	}
	//查询ldap
	userInfo, err := l.GetLdapUserInfo(info.UserDN)
	if err != nil {
		logx.Error("获取ldap用户信息失败", err, "----user_dn:", info.UserDN)
	}
	if userInfo.GroupId != 0 {
		return false
	}
	var groupId = userInfo.GroupId

	// var err error
	// var groupId = 6

	// 当前API路由
	path := r.URL.Path
	var infoLdapApis gmodel.LdapApis
	resLdapApis := l.MysqlConn.Model(gmodel.LdapApis{}).Where("path = ? AND method = ?", path, r.Method).Take(&infoLdapApis)
	if resLdapApis.Error != nil {
		err = resLdapApis.Error
		logx.Error("获取ldap用户信息权限组失败", err)
		return false
	}
	apiId := infoLdapApis.Id

	var infoLdapGroup gmodel.LdapGroup
	resLdapGroup := l.MysqlConn.Model(gmodel.LdapGroup{}).Where("id = ?", groupId).Take(&infoLdapGroup)
	if resLdapGroup.Error != nil {
		err = resLdapGroup.Error
		logx.Error("获取ldap用户信息权限组失败", err)
		return false
	}
	var apiMaps = make(map[int64]string, 100)
	var metadata []*GroupAuthMetadata
	if infoLdapGroup.Metadata != nil {
		err := json.Unmarshal(*infoLdapGroup.Metadata, &metadata)
		if err != nil {
			basic.CodeServiceErr.Message = "系统出错"
			return false
		}
		getAllApis(metadata, &apiMaps)
	}
	if _, ok := apiMaps[apiId]; ok {
		return true
	} else {
		return false
	}
}

func getAllApis(metadata []*GroupAuthMetadata, apiMaps *map[int64]string) {
	apiMapsData := *apiMaps
	for _, v := range metadata {
		if v.Type == "api" {
			apiMapsData[v.Id] = v.Name
		} else if v.Type == "group" {
			getAllApis(v.Metadata, apiMaps)
		} else {
			continue
		}
	}
}

type GroupAuthMetadata struct {
	Id       int64                `json:"id"`
	Name     string               `json:"name"`
	Type     string               `json:"type"`
	Metadata []*GroupAuthMetadata `json:"metadata"`
}