package com.qianwen.core.secure.interceptor;

import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.qianwen.core.secure.constant.SecureConstant;
import com.qianwen.core.secure.props.BasicSecure;
import com.qianwen.core.secure.provider.HttpMethod;
import com.qianwen.core.secure.provider.ResponseProvider;
import com.qianwen.core.secure.utils.SecureUtil;
import com.qianwen.core.tool.jackson.JsonUtil;
import com.qianwen.core.tool.utils.WebUtil;
import org.springframework.lang.NonNull;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;


public class BasicInterceptor extends HandlerInterceptorAdapter {
    private static final Logger log = LoggerFactory.getLogger(BasicInterceptor.class);
    private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
    private final List<BasicSecure> basicSecures;

    public BasicInterceptor(final List<BasicSecure> basicSecures) {
        this.basicSecures = basicSecures;
    }

    public boolean preHandle(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response, @NonNull Object handler) {
        boolean check = ((Boolean) this.basicSecures.stream().filter(basicSecure -> {
            return checkAuth(request, basicSecure);
        }).findFirst().map(authSecure -> {
            return Boolean.valueOf(checkBasic(authSecure.getUsername(), authSecure.getPassword()));
        }).orElse(Boolean.TRUE)).booleanValue();
        if (!check) {
            log.warn("授权认证失败，请求接口：{}，请求IP：{}，请求参数：{}", new Object[]{request.getRequestURI(), WebUtil.getIP(request), JsonUtil.toJson(request.getParameterMap())});
            response.setHeader(SecureConstant.BASIC_REALM_HEADER_KEY, SecureConstant.BASIC_REALM_HEADER_VALUE);
            ResponseProvider.write(response);
            return false;
        }
        return true;
    }

    private boolean checkAuth(HttpServletRequest request, BasicSecure basicSecure) {
        return checkMethod(request, basicSecure.getMethod()) && checkPath(request, basicSecure.getPattern());
    }

    private boolean checkMethod(HttpServletRequest request, HttpMethod method) {
        return method == HttpMethod.ALL || (method != null && method == HttpMethod.of(request.getMethod()));
    }

    private boolean checkPath(HttpServletRequest request, String pattern) {
        String servletPath = request.getServletPath();
        String pathInfo = request.getPathInfo();
        if (pathInfo != null && pathInfo.length() > 0) {
            servletPath = servletPath + pathInfo;
        }
        return ANT_PATH_MATCHER.match(pattern, servletPath);
    }

    private boolean checkBasic(String username, String password) {
        try {
            String[] tokens = SecureUtil.extractAndDecodeHeader();
            if (username.equals(tokens[0])) {
                if (password.equals(tokens[1])) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            log.warn("授权认证失败，错误信息：{}", e.getMessage());
            return false;
        }
    }
}