package Handler

import (
	"bufio"
	"dsSso/Const/DefaultConst"
	"dsSso/Handler/CheckHandler"
	"dsSso/Utils/CommonUtil"
	"dsSso/Utils/ConfigUtil"
	"dsSso/Utils/SsoUtil"
	"fmt"
	"github.com/gin-gonic/gin"
	"io"
	"net/http"
	"os"
	"strings"
)

//白名单数组
var WhiteArray []string

//特权放行的IP段
var passIpRange = []string{"10.10.24.", "127.0.0."}

// 初始化白名单
func init() {
	f, err := os.Open("./Config/White.txt")
	if err != nil {
		fmt.Println("没有找到白名单文件！")
	}
	buf := bufio.NewReader(f)

	var shouldBreak = false
	for {
		line, err := buf.ReadString('\n')
		if err != nil || io.EOF == err {
			shouldBreak = true
		}
		line = strings.TrimSpace(line)
		if strings.Index(line, "#") < 0 && len(line) > 0 {
			WhiteArray = append(WhiteArray, line)
		}
		if shouldBreak {
			break
		}
	}
}

/**
功能：将权限校验的东西放在这里进行
作者：黄海
时间：2020-01-22
*/
func AuthorizeHandler() gin.HandlerFunc {
	return func(c *gin.Context) {
		var resultStruct CheckHandler.ResultStruct
		//检查参数的合法性
		result, resultStruct := CheckHandler.IsLegal(c)
		if !result {
			c.JSON(http.StatusOK, gin.H{
				"success":       false,
				"InterfaceName": resultStruct.InterfaceName,
				"HttpType":      resultStruct.HttpType,
				"Parameter":     resultStruct.Parameter,
				"Message":       resultStruct.Message,
			})
			c.Abort()
		}
		//是否需要放行
		var isWhiteRequestUrl = false
		//定义一个白名单,如果在白名单中，直接放行
		for i := 0; i < len(WhiteArray); i++ {
			if strings.Index(c.Request.RequestURI, WhiteArray[i]) >= 0 {
				//放行~
				isWhiteRequestUrl = true
				break
			}
		}
		if isWhiteRequestUrl {
			c.Next()
		} else {
			//如果是内部地址，可以随意~
			var clientIp = CommonUtil.RemoteIp(c.Request)
			var arrIp = strings.Split(clientIp, ".")
			var prefixIp = arrIp[0] + "." + arrIp[1] + "." + arrIp[2] + "."
			if CommonUtil.InArray(prefixIp, passIpRange) {
				c.Next()
				return
			}
			//从cookie中读取回来identity_id和person_id
			var identityId = DefaultConst.IdentityId
			var personId = DefaultConst.PersonId
			cookie, e := c.Request.Cookie(ConfigUtil.AccessToken)
			//是不是可以通行
			var canPass = true
			if e == nil {
				identityId, personId, _ = SsoUtil.AnalyzeSessionId(cookie.Value)
				if identityId != "0" || personId != "0" {
					//不是统一认证管理员，拒绝
					canPass = false
				}
			} else {
				//没有登录，拒绝
				canPass = false
			}
			if !canPass {
				c.JSON(301, gin.H{
					"success": false,
					"Message": "您不是合法的统一认证管理员，请求被禁止！",
				})
				c.Abort()
			}
			//检查通过
			c.Next()
		}
	}
}