package com.qianwen.core.secure.handler;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.util.AntPathMatcher;

import com.qianwen.core.cache.utils.CacheUtil;
import com.qianwen.core.secure.BladeUser;
import com.qianwen.core.secure.constant.PermissionConstant;
import com.qianwen.core.secure.utils.AuthUtil;
import com.qianwen.core.tool.utils.Func;
import com.qianwen.core.tool.utils.StringUtil;
import com.qianwen.core.tool.utils.WebUtil;


public class BladePermissionHandler implements IPermissionHandler {
    private static final String GATEWAY_REQUEST_URI = "original.gatewayRequestUrl";
    private static final String SCOPE_CACHE_CODE = "apiScope:code:";
    private final JdbcTemplate jdbcTemplate;

    public BladePermissionHandler(final JdbcTemplate jdbcTemplate) {
        this.jdbcTemplate = jdbcTemplate;
    }

    @Override // org.springblade.core.secure.handler.IPermissionHandler
    public boolean permissionAll() {
        HttpServletRequest request = WebUtil.getRequest();
        BladeUser user = AuthUtil.getUser();
        if (request == null || user == null) {
            return false;
        }
        String uri = request.getRequestURI();
        List<String> paths = permissionPath(user.getRoleId());
        if (paths.size() == 0) {
            return false;
        }
        return paths.stream().anyMatch(uri::contains);
    }

    @Override // org.springblade.core.secure.handler.IPermissionHandler
    public boolean hasPermission(String permission) {
        HttpServletRequest request = WebUtil.getRequest();
        BladeUser user = AuthUtil.getUser();
        if (request == null || user == null) {
            return false;
        }
        List<String> codes = permissionCode(permission, user.getRoleId());
        return codes.size() != 0;
    }

    private List<String> permissionPath(String roleId) {
        List<String> permissions = (List) CacheUtil.get("blade:sys", SCOPE_CACHE_CODE, roleId, List.class, Boolean.FALSE);
        if (permissions == null) {
            List<Long> roleIds = Func.toLongList(roleId);
            permissions = this.jdbcTemplate.queryForList(PermissionConstant.permissionAllStatement(roleIds.size()), roleIds.toArray(), String.class);
            CacheUtil.put("blade:sys", SCOPE_CACHE_CODE, roleId, permissions, Boolean.FALSE);
        }
        return permissions;
    }

    private List<String> permissionCode(String permission, String roleId) {
        
        List<String> permissions = (List<String>)CacheUtil.get("blade:sys", SCOPE_CACHE_CODE, roleId, List.class, Boolean.FALSE);
        if (permissions == null) {
            List<Object> args = new ArrayList<>();
            List<Long> roleIds = Func.toLongList(roleId);
            args.addAll(roleIds);
            args.addAll(Collections.singletonList(permission));
            permissions = this.jdbcTemplate.queryForList(PermissionConstant.permissionStatement(roleIds.size()), args.toArray(), String.class);
            
            CacheUtil.put("blade:sys", SCOPE_CACHE_CODE, permission + ":" + roleId, permissions, Boolean.FALSE);
        }
        return permissions;
    }

    private String getOriginalURI(HttpServletRequest request) {
        String uri = request.getRequestURI();
        String requestOriginal = request.getHeader(GATEWAY_REQUEST_URI);
        if (StringUtil.isNotBlank(requestOriginal)) {
            uri = requestOriginal;
        }
        return uri;
    }

    @Override // org.springblade.core.secure.handler.IPermissionHandler
    public boolean hasApiPermission() {
        HttpServletRequest request = WebUtil.getRequest();
        BladeUser user = AuthUtil.getUser();
        if (request == null || user == null) {
            return false;
        }
        String uri = getOriginalURI(request);
        String method = request.getMethod().toUpperCase();
        List<String> paths = permissionApiPath(method, user.getRoleId());
        if (paths.size() == 0) {
            return false;
        }
        return paths.stream().anyMatch(patter -> {
            AntPathMatcher matcher = new AntPathMatcher(System.getProperty("file.separator"));
            return matcher.match(patter, uri);
        });
    }

    private List<String> permissionApiPath(String method, String roleId) {
        List<String> permissions = (List) CacheUtil.get("blade:sys", SCOPE_CACHE_CODE, method + ":" + roleId, List.class, Boolean.FALSE);
        if (permissions == null) {
            List<Object> args = new ArrayList<>();
            List<Long> roleIds = Func.toLongList(roleId);
            args.addAll(roleIds);
            args.addAll(Arrays.asList(method));
            permissions = this.jdbcTemplate.queryForList(PermissionConstant.permissionApiStatement(roleIds.size()), args.toArray(), String.class);
            CacheUtil.put("blade:sys", SCOPE_CACHE_CODE, method + ":" + roleId, permissions, Boolean.FALSE);
        }
        return permissions;
    }
}