package com.qianwen.core.secure.aspect;

import java.lang.reflect.Method;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import com.qianwen.core.secure.annotation.PreAuth;
import com.qianwen.core.secure.auth.AuthFun;
import com.qianwen.core.secure.exception.SecureException;
import com.qianwen.core.secure.utils.AuthUtil;
import com.qianwen.core.tool.api.ResultCode;
import com.qianwen.core.tool.utils.ClassUtil;
import com.qianwen.core.tool.utils.StringUtil;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.expression.BeanFactoryResolver;
import org.springframework.core.MethodParameter;
import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.lang.NonNull;

@Aspect
public class AuthAspect implements ApplicationContextAware {
    private static final ExpressionParser EXPRESSION_PARSER = new SpelExpressionParser();
    private ApplicationContext applicationContext;

    public boolean doTenantFilter() {
        return AuthUtil.isAdministrator();
    }

    @Around("@annotation(com.qianwen.core.secure.annotation.PreAuth) || @within(com.qianwen.core.secure.annotation.PreAuth)")
    public Object preAuth(ProceedingJoinPoint point) throws Throwable {
        if (doTenantFilter()) {
            return point.proceed();
        }
        if (handleAuth(point)) {
            return point.proceed();
        }
        throw new SecureException(ResultCode.API_UN_AUTHORIZED);
    }

    private boolean handleAuth(ProceedingJoinPoint point) {
        //MethodSignature ms = point.getSignature();
        MethodSignature ms = (MethodSignature)point.getSignature();
        Method method = ms.getMethod();
        PreAuth preAuth = (PreAuth) ClassUtil.getAnnotation(method, PreAuth.class);
        String condition = preAuth.value();
        if (StringUtil.isNotBlank(condition)) {
            Expression expression = EXPRESSION_PARSER.parseExpression(condition);
            Object[] args = point.getArgs();
            StandardEvaluationContext context = getEvaluationContext(method, args);
            return ((Boolean) expression.getValue(context, Boolean.class)).booleanValue();
        }
        return new AuthFun().hasApiPermission();
    }

    private StandardEvaluationContext getEvaluationContext(Method method, Object[] args) {
        StandardEvaluationContext context = new StandardEvaluationContext(new AuthFun());
        context.setBeanResolver(new BeanFactoryResolver(this.applicationContext));
        for (int i = 0; i < args.length; i++) {
            MethodParameter methodParam = ClassUtil.getMethodParameter(method, i);
            context.setVariable(methodParam.getParameterName(), args[i]);
        }
        return context;
    }

    public void setApplicationContext(@NonNull ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }
}