using System;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Reflection;
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
using WebAPI.Models;
using WebAPI.Utility;

public class JwtAuthorizeAttribute : AuthorizationFilterAttribute
{
    private json objjson = new json();
    private SQLHelper.ClsCN oCN = new SQLHelper.ClsCN();
    private Pub_Class.ClsXt_SystemParameter oSystemParameter = new Pub_Class.ClsXt_SystemParameter();
    private string campanyName = "";

    public JwtAuthorizeAttribute()
    {
        if (oSystemParameter.ShowBill(ref DBUtility.ClsPub.sErrInfo))
        {
            campanyName = oSystemParameter.omodel.WMS_CampanyName;
        }
    }


    // 同步鉴权
    public override void OnAuthorization(HttpActionContext actionContext)
    {
        try
        {
            // 检查匿名访问(认证)
            if (IsAnonymousAllowed(actionContext)) return;

            // 获取Token
            var token = GetTokenFromHeader(actionContext);
            if (string.IsNullOrEmpty(token))
            {
                HandleUnauthorized(actionContext);
                return;
            }
            
            // 验证Token 
            // 可以增加更细粒度的控制，添加 根据组织ID 判断（问题: 公司名不能使用中文，可能需要添加英文字段）
            var principal = JWTHelper.ValidateToken(token);
            if (principal == null)
            {
                HandleUnauthorized(actionContext);
                return;
            }

            // 设置用户
            actionContext.RequestContext.Principal = principal;

            // 验证是否拥有访问模块的权限
            // 有两种判断方式 一种是通过角色去判断，一种是通过用户去判断 目前暂时不做区分，后续可增加系统参数来进行区分
            // 安全控制器描标签
            var controllerAttr = actionContext.ControllerContext?.ControllerDescriptor?.GetCustomAttributes<PermissionAttribute>().FirstOrDefault();

            // 安全获取Action标签
            var actionAttr = actionContext.ActionDescriptor?.GetCustomAttributes<PermissionAttribute>().FirstOrDefault();

            string PermissionStr = string.Empty;
            // 判断控制器级别上是否启用了鉴权标签
            if(controllerAttr != null && !string.IsNullOrWhiteSpace(controllerAttr?.HModName))
            {
                PermissionStr += controllerAttr.HModName;

                // 查看是否需要更细粒度的控制
                if(actionAttr != null && !string.IsNullOrWhiteSpace(actionAttr?.Operate))
                {
                    // 该动作对应的模块名和控制器名是否不一致
                    if (string.IsNullOrWhiteSpace(actionAttr.HModName))
                    {
                        PermissionStr = actionAttr.HModName + actionAttr.Operate;
                    }
                    else
                    {
                        PermissionStr += actionAttr.Operate;
                    }

                }

                if(!string.IsNullOrWhiteSpace(PermissionStr))
                {
                    if (!DBUtility.ClsPub.Security_Log(PermissionStr, 1, false, JWTHelper.getUserName(token)))
                    {
                        HandleForbidden(actionContext);
                        return;
                    }
                }
                
            }else if (actionAttr != null && !string.IsNullOrWhiteSpace(actionAttr?.HModName) && !string.IsNullOrWhiteSpace(actionAttr?.Operate))
            {
                // 单独在动作上启用鉴权功能
                PermissionStr = actionAttr.HModName + actionAttr.Operate;

                if (!string.IsNullOrWhiteSpace(PermissionStr))
                {
                    if (!DBUtility.ClsPub.Security_Log(PermissionStr, 1, false, JWTHelper.getUserName(token)))
                    {
                        HandleForbidden(actionContext);
                        return;
                    }
                }
            }

           
        }
        catch (Exception e)
        {
            HandleError(actionContext, e.Message);
        }
    }

    // 异步鉴权
    public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
    {
        OnAuthorization(actionContext);

        return Task.FromResult(0);
    }

    // 是否允许匿名访问(控制器级别和动作级别都可用)
    private bool IsAnonymousAllowed(HttpActionContext context)
    {
        return
            context.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0 ||
            context.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0;
    }

    // 从Header提取Token
    private string GetTokenFromHeader(HttpActionContext context)
    {
        var authHeader = context.Request.Headers.Authorization;
        if (authHeader != null
            && authHeader.Scheme.Equals("Bearer", StringComparison.OrdinalIgnoreCase)
            && !string.IsNullOrEmpty(authHeader.Parameter))
        {
            return authHeader.Parameter;
        }
        return null;
    }

    // 401 未授权
    private void HandleUnauthorized(HttpActionContext context)
    {
        var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
        objjson.code = "0";
        objjson.count = 0;
        objjson.Message = "未授权，请登录后重试";
        response.Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(objjson),
            System.Text.Encoding.UTF8, "application/json");
        context.Response = response;
    }

    // 403 无权限
    private void HandleForbidden(HttpActionContext context)
    {
        var response = new HttpResponseMessage(HttpStatusCode.Forbidden);
        objjson.code = "0";
        objjson.count = 0;
        objjson.Message = "您没有该模块权限,请与管理员联系！";
        response.Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(objjson),
            System.Text.Encoding.UTF8, "application/json");
        context.Response = response;
    }

    private void HandleError(HttpActionContext context, string ErrorInfo)
    {
        var response = new HttpResponseMessage(HttpStatusCode.InternalServerError);
        objjson.code = "0";
        objjson.count = 0;
        objjson.Message = "服务器异常: " + ErrorInfo;
        response.Content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(objjson),
            System.Text.Encoding.UTF8, "application/json");
        context.Response = response;
    }
}