package com.fr.plugin;

import com.fanruan.api.net.http.HttpKit;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.BaseHttpHandler;
import com.fr.decision.webservice.utils.DecisionStatusService;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.json.JSONObject;
import com.fr.log.FineLoggerFactory;
import com.fr.store.StateHubService;
import com.fr.third.jodd.util.StringUtil;
import com.fr.third.org.apache.commons.lang3.StringUtils;
import com.fr.third.springframework.web.bind.annotation.RequestMethod;
import com.fr.web.utils.WebUtils;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.DocumentHelper;
import org.dom4j.Element;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;

public class TCAuthCallbackApi extends BaseHttpHandler {
    @Override
    public RequestMethod getMethod() {
        return null;
    }

    @Override
    public String getPath() {
        return "/authCallBack";
    }

    @Override
    public boolean isPublic() {
        return true;
    }

    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String code = WebUtils.getHTTPRequestParameter(httpServletRequest, "code");
        if (StringUtils.isBlank(code)) {
            WebUtils.printAsString(httpServletResponse, "code授权码不存在");
            return;
        }
        //第一步获取token

        String accessToken = getAccessToken(code);
        if (StringUtils.isBlank(accessToken)) {
            WebUtils.printAsString(httpServletResponse, "授权码无效，请重新授权");
            return;
        }
        String uid = getUserInfo(accessToken);
        User user = UserService.getInstance().getUserByUserName(uid);
        if (user == null) {
            WebUtils.printAsString(httpServletResponse, "登录失败:" + uid + " 在帆软用户体系不存在,请联系管理员添加");
            return;
        }
        login(httpServletRequest, httpServletResponse, uid);
        StateHubService stateHubService = DecisionStatusService.originUrlStatusService();
        Object callback = stateHubService.get("loginCallBack");
        if (callback != null) {
            sendRedirect(httpServletResponse, callback.toString());
            return;
        }
        sendRedirect(httpServletResponse, HttpUtils.getDefaultUrl(httpServletRequest));
    }

    private String getAccessToken(String code) throws IOException {
        Oauth2Config config = Oauth2Config.getInstance();
        String valAddr = config.getValAddr();
        String appId = config.getAppId();
        String clientSecret = config.getClientSecret();
        String frUrl = Oauth2Config.getInstance().getFrUrl();
        String redirectUrl = String.format("%s/url/iam/authCallBack", frUrl);
        Map<String, String> params = new HashMap<>();
        String tokenUrl = String.format("%s/oauth2/rest/token", valAddr);
        params.put("redirect_uri", redirectUrl);
        params.put("grant_type", "AUTHORIZATION_CODE");
        params.put("code", code);
        Map<String, String> header = new HashMap<>();
        header.put("X-OAUTH-IDENTITY-DOMAIN-NAME", "IdmDomain");
        header.put("Authorization", "Basic " + Base64.getEncoder().encodeToString(String.format("%s:%s", appId, clientSecret).getBytes(StandardCharsets.UTF_8)));
        String json = HttpKit.post(tokenUrl, params, "utf-8", "utf-8", header);
        FineLoggerFactory.getLogger().info("获取AccessToken 请求返回:{}", json);
        JSONObject obj = new JSONObject(json);
        return obj.getString("access_token");
    }

    public static String getUserInfo(String accessToken) throws DocumentException, IOException {
        Map<String, String> header = new HashMap<>();
        Oauth2Config config = Oauth2Config.getInstance();
        String valAddr = config.getValAddr();
        String url = String.format("%s/oauth2/rest/userinfo?access_token=%s", valAddr, accessToken);
        header.put("Authorization", "Bearer " + accessToken);
        String json = HttpKit.get(url, new HashMap<>(), header);
        FineLoggerFactory.getLogger().info("获取userinfo 请求返回:{}", json);
        JSONObject obj = new JSONObject(json);
        return obj.getString("sub");
    }


    private String login(HttpServletRequest req, HttpServletResponse res, String username) throws Exception {
        String token = LoginService.getInstance().login(req, res, username);
        req.setAttribute("fine_auth_token", token);
        FineLoggerFactory.getLogger().info("fr FrFilter is over with username is ###" + username);
        return token;
    }

    private void sendRedirect(HttpServletResponse res, String url) throws IOException {
        Map<String, String> params = new HashMap<>();
        params.put("callBack", url);
        WebUtils.writeOutTemplate("com/fr/plugin/redirect.html", res, params);
    }

}