using System;
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
using WebAPI.Models;
using WebAPI.Utility;

public class JwtAuthorizeAttribute : AuthorizationFilterAttribute
{
    private json objjson = new json();
    private SQLHelper.ClsCN oCN = new SQLHelper.ClsCN();
    private Pub_Class.ClsXt_SystemParameter oSystemParameter = new Pub_Class.ClsXt_SystemParameter();
    private string campanyName = "";

    public JwtAuthorizeAttribute()
    {
        if (oSystemParameter.ShowBill(ref DBUtility.ClsPub.sErrInfo))
        {
            campanyName = oSystemParameter.omodel.WMS_CampanyName;
        }
    }


    // 同步鉴权
    public override void OnAuthorization(HttpActionContext actionContext)
    {
        try
        {
            // 检查匿名访问
            if (IsAnonymousAllowed(actionContext)) return;

            // 获取Token
            var token = GetTokenFromHeader(actionContext);
            if (string.IsNullOrEmpty(token))
            {
                HandleUnauthorized(actionContext);
                return;
            }
            
            // 验证Token 
            // 可以增加更细粒度的控制，添加 根据组织ID 判断（问题: 公司名不能使用中文，可能需要添加英文字段）
            var principal = JWTHelper.ValidateToken(token);
            if (principal == null)
            {
                HandleUnauthorized(actionContext);
                return;
            }

            // 验证是否拥有访问模块的权限
            // 有两种判断方式 一种是通过角色去判断，一种是通过用户去判断 目前暂时不做区分，后续可增加系统参数来进行区分
            

            // 设置用户
            actionContext.RequestContext.Principal = principal;
        }
        catch (Exception e)
        {
            HandleError(actionContext, e.Message);
        }
    }

    // 异步鉴权
    public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
    {
        OnAuthorization(actionContext);

        return Task.FromResult(0);
    }

    // 是否允许匿名访问(控制器级别和动作级别都可用)
    private bool IsAnonymousAllowed(HttpActionContext context)
    {
        return
            context.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0 ||
            context.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0;
    }

    // 从Header提取Token
    private string GetTokenFromHeader(HttpActionContext context)
    {
        var authHeader = context.Request.Headers.Authorization;
        if (authHeader != null
            && authHeader.Scheme.Equals("Bearer", StringComparison.OrdinalIgnoreCase)
            && !string.IsNullOrEmpty(authHeader.Parameter))
        {
            return authHeader.Parameter;
        }
        return null;
    }

    // 401 未授权
    private void HandleUnauthorized(HttpActionContext context)
    {
        var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
        objjson.code = "0";
        objjson.count = 0;
        objjson.Message = "未授权，请登录后重试";
        response.Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(objjson),
            System.Text.Encoding.UTF8, "application/json");
        context.Response = response;
    }

    // 403 无权限
    private void HandleForbidden(HttpActionContext context)
    {
        var response = new HttpResponseMessage(HttpStatusCode.Forbidden);
        objjson.code = "0";
        objjson.count = 0;
        objjson.Message = "当前角色无权限";
        response.Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(objjson),
            System.Text.Encoding.UTF8, "application/json");
        context.Response = response;
    }

    private void HandleError(HttpActionContext context, string ErrorInfo)
    {
        var response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
        objjson.code = "0";
        objjson.count = 0;
        objjson.Message = "服务器异常: " + ErrorInfo;
        response.Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(objjson),
            System.Text.Encoding.UTF8, "application/json");
        context.Response = response;
    }
}