using System;
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
using WebAPI.Utility;

public class JwtAuthorizeAttribute : AuthorizationFilterAttribute
{
    // 同步鉴权
    public override void OnAuthorization(HttpActionContext actionContext)
    {
        // 检查匿名访问
        if (IsAnonymousAllowed(actionContext)) return;

        // 获取Token
        var token = GetTokenFromHeader(actionContext);
        if (string.IsNullOrEmpty(token))
        {
            HandleUnauthorized(actionContext);
            return;
        }

        // 验证Token
        var principal = JWTHelper.ValidateToken(token, "123");
        if (principal == null)
        {
            HandleUnauthorized(actionContext);
            return;
        }

        // 设置用户
        actionContext.RequestContext.Principal = principal;
    }

    // 异步鉴权（满足WebAPI 2要求，兼容.NET4.5）
    public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
    {
        OnAuthorization(actionContext);

        return Task.FromResult(0);
    }

    // 是否允许匿名访问
    private bool IsAnonymousAllowed(HttpActionContext context)
    {
        return
            context.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0 ||
            context.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0;
    }

    // 从Header提取Token
    private string GetTokenFromHeader(HttpActionContext context)
    {
        var authHeader = context.Request.Headers.Authorization;
        if (authHeader != null
            && authHeader.Scheme.Equals("Bearer", StringComparison.OrdinalIgnoreCase)
            && !string.IsNullOrEmpty(authHeader.Parameter))
        {
            return authHeader.Parameter;
        }
        return null;
    }

    // 401 未授权
    private void HandleUnauthorized(HttpActionContext context)
    {
        var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
        response.Content = new StringContent("未授权，请登录后重试");
        context.Response = response;
    }
}