using EntrustSettle.Common;
using EntrustSettle.Common.Const;
using EntrustSettle.IRepository.Base;
using EntrustSettle.Model.Models;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Security.Claims;

namespace EntrustSettle.Filter
{
    /// <summary>
    /// API接口调用用户鉴权Filter
    /// </summary>
    public class ApiUserFilter : IAsyncActionFilter
    {
        public Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            var actionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
            var attrAllowAnonymous = actionDescriptor.EndpointMetadata.FirstOrDefault(x => x.GetType() == typeof(AllowAnonymousAttribute));
            var attrApiUser = actionDescriptor.EndpointMetadata.FirstOrDefault(x => x.GetType() == typeof(ApiUserAttribute));
            if (attrAllowAnonymous != null && attrApiUser != null)
            {
                var apiUser = attrApiUser as ApiUserAttribute;
                if (context.HttpContext.Request.Headers.ContainsKey(CommonConst.API_USER_HEADER_KEY)
                    && context.HttpContext.Request.Headers.ContainsKey(CommonConst.API_USER_HEADER_SECRET))
                {
                    var key = context.HttpContext.Request.Headers[CommonConst.API_USER_HEADER_KEY].ToString();
                    var secret = context.HttpContext.Request.Headers[CommonConst.API_USER_HEADER_SECRET].ToString();

                    var httpContext = App.GetService<IHttpContextAccessor>().HttpContext;

                    var repApiAuth = App.GetService<IBaseRepository<ApiAuth>>();

                    //未设置ApiCode时，使用方法名称
                    if (string.IsNullOrEmpty(apiUser.ApiCode))
                    {
                        apiUser.ApiCode = actionDescriptor.MethodInfo.Name;
                    }
                    var auth = repApiAuth.Db.Queryable<ApiAuth>().Where(x => x.ApiKey == key
                                                                          && x.ApiSecret == secret
                                                                          && x.ApiCode == apiUser.ApiCode
                                                                          && x.IsDisable == false).First();

                    if (auth != null && (!auth.ExpireDate.HasValue || auth.ExpireDate > DateTime.Now))
                    {
                        ClaimsIdentity identity = new ClaimsIdentity("AuthenticationTypes.Federation");
                        identity.AddClaim(new Claim(type: ClaimConst.LOGIN_ID, value: auth.UserId));
                        identity.AddClaim(new Claim(type: ClaimConst.LOGIN_NAME, value: auth.UserName));
                        identity.AddClaim(new Claim(type: ClaimConst.LOGIN_COMPANYID, value: auth.CompanyId));
                        identity.AddClaim(new Claim(type: ClaimConst.LOGIN_COMPANYNAME, value: auth.CompanyName));
                        identity.AddClaim(new Claim(type: ClaimConst.LOGIN_MOBILE, value: ""));
                        ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(identity);
                        httpContext.User = claimsPrincipal;

                        return next();
                    }
                }
                throw new Exception("无权调用！请检查授权或联系管理员。");
            }

            return next();
        }
    }
}