package Sso

import (
	"dsBaseWeb/Model"
	"dsBaseWeb/Utils/CommonUtil"
	"dsBaseWeb/Utils/ConfigUtil"
	"dsBaseWeb/Utils/LogUtil"
	"dsBaseWeb/Utils/RedisUtil"
	"encoding/base64"
	"github.com/gin-gonic/gin"
	"github.com/valyala/fasthttp"
	"net/http"
	"strings"
)

//模块的路由配置
func Routers(r *gin.RouterGroup) {
	rr := r.Group("/sso")
	//配置接口
	rr.GET("/CheckSsoCode", CheckSsoCode)
	rr.GET("/Logout", Logout)
	return
}

/**
功能：清除缓存中的access_token
*/
func Logout(c *gin.Context) {
	accessToken := c.Query("access_token")
	RedisUtil.DEL(accessToken)
	c.JSON(200, Model.Res{
		Success: true,
		Message: "操作成功！",
	})
}

func CheckSsoCode(c *gin.Context) {
	//获取统一认证返回的code
	code := c.Query("code")
	//获取最终访问的地址，并baes64解密
	reqCallBackURLBytes, _ := base64.StdEncoding.DecodeString(c.Query("oauth_callback"))
	reqCallBackURL := string(reqCallBackURLBytes)

	host := c.Request.Host

	ssoServer := ""
	clientId := ""
	clientSecret := ""
	redirectURI := ""

	ipStart := strings.Split(host, ".")[0]
	isIntranetIPBool := false
	isIntranetIPArr := strings.Split(ConfigUtil.IntranetIP, ",")

	for i := 0; i < len(isIntranetIPArr); i++ {
		if ipStart == isIntranetIPArr[i] {
			isIntranetIPBool = true
		}
	}

	if isIntranetIPBool { //true为内网
		ssoServer = ConfigUtil.SsoServerNw
		clientId = ConfigUtil.ClientIdNw
		clientSecret = ConfigUtil.ClientSecretNw
		redirectURI = ConfigUtil.RedirectURINw
	} else {
		ssoServer = ConfigUtil.SsoServerWw
		clientId = ConfigUtil.ClientIdWw
		clientSecret = ConfigUtil.ClientSecretWw
		redirectURI = ConfigUtil.RedirectURIWw
	}

	//拼统一认证验证code接口地址
	checkCodeUrl := ssoServer + ConfigUtil.AuthTokenURI
	//拼统一认证验证code接口需要的参数
	args := &fasthttp.Args{}
	args.Add("code", code)
	args.Add("client_id", clientId)
	args.Add("client_secret", clientSecret)
	args.Add("grant_type", ConfigUtil.GrantType)
	args.Add("redirect_uri", redirectURI)

	//用POST调用统一认证验证code接口
	statusCode, resp, err := fasthttp.Post(nil, checkCodeUrl, args)
	if err != nil {
		LogUtil.Error("错误信息: ", err.Error())
		LogUtil.Error("statusCode: ", CommonUtil.ConvertIntToString(statusCode))
		return
	}

	//统一认证返回的信息
	respMap := CommonUtil.ConvertJsonStringToMap(string(resp))

	if respMap["code"].(float64) != 200 {
		LogUtil.Error("错误信息: ", respMap["msg"].(string))
		return
	}

	accessToken := respMap["access_token"].(string)
	personId := respMap["person_id"].(string)
	identityId := CommonUtil.ConvertInt32ToString(int32(respMap["identity_id"].(float64)))
	//生成token，在拦截中会进行校验，防止cookie被篡改
	token := CommonUtil.MD5([]byte(personId + "_" + identityId + "_dsideal4r5t6y7u"))

	//写cookie
	c.SetCookie(ConfigUtil.AccessTokenKey, accessToken, 0, "/", "", false, true)
	c.SetCookie("person_id", personId, 0, "/", "", false, true)
	c.SetCookie("identity_id", identityId, 0, "/", "", false, true)
	c.SetCookie("token", token, 0, "/", "", false, true)

	//将返回的access_token写入到redis
	RedisUtil.SET(accessToken, "1")
	RedisUtil.EXPIRE(accessToken)

	//跳转到最终访问的地址
	c.Redirect(http.StatusMovedPermanently, reqCallBackURL)
}