package http

import (
	"errors"
	"framework_v2/internal/app/config"
	"framework_v2/internal/app/facades"
	"framework_v2/internal/app/helpers"
	"framework_v2/internal/app/jwks"
	"framework_v2/internal/app/user"
	"github.com/gin-gonic/gin"
	"github.com/mitchellh/mapstructure"
	"net/http"
	"strings"
)

var (
	ErrNotValidToken  = errors.New("无效的 JWT 令牌。")
	ErrJWTFormatError = errors.New("JWT 格式错误。")
	ErrNotBearerType  = errors.New("不是 Bearer 类型。")
	ErrEmptyResponse  = errors.New("我们的服务器返回了空请求，可能某些环节出了问题。")
)

const AnonymousUser = "anonymous"

// DIJWTAuth 用于注入到方法签名中。我觉得下面的代码以后可以优化。
func DIJWTAuth(c *gin.Context) *user.User {
	var sub = AnonymousUser
	var jwtIdToken = &user.User{}

	if config.Config.DebugMode.Enable {
		jwtIdToken.Token.Sub = sub
	} else {
		// get authorization header
		authorization := c.Request.Header.Get("Authorization")

		if authorization == "" {
			helpers.ResponseError(c, http.StatusUnauthorized, ErrJWTFormatError)
			return nil
		}

		authSplit := strings.Split(authorization, " ")
		if len(authSplit) != 2 {
			helpers.ResponseError(c, http.StatusUnauthorized, ErrJWTFormatError)
			return nil
		}

		if authSplit[0] != "Bearer" {
			helpers.ResponseError(c, http.StatusUnauthorized, ErrNotBearerType)
			return nil
		}

		token, err := jwks.ParseJWT(authSplit[1])
		if err != nil {
			helpers.ResponseError(c, http.StatusUnauthorized, ErrJWTFormatError)
			return nil
		}
		sub, err = token.Claims.GetSubject()
		if err != nil {
			helpers.ResponseError(c, http.StatusUnauthorized, ErrNotValidToken)
			return nil
		}

		err = mapstructure.Decode(token.Claims, &jwtIdToken.Token)
		if err != nil {
			facades.Logger.Error("Failed to map token claims to JwtIDToken struct.\nError: " + err.Error())
			helpers.ResponseError(c, http.StatusUnauthorized, ErrNotValidToken)
			return nil
		}
	}

	return jwtIdToken
}

func MiddlewareJSONResponse(c *gin.Context) {
	c.Header("Content-Type", "application/json; charset=utf-8")
	c.Next()
}