package com.yaozhitech.spring5.intercept;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.yaozhitech.spring5.annotation.IgnoreClientToken;
import com.yaozhitech.spring5.common.exception.auth.ClientForbiddenException;
import com.yaozhitech.spring5.provider.AuthServerProvider;
import com.yaozhitech.spring5.utils.JwtUtils;

import lombok.extern.slf4j.Slf4j;

/**
 * 微服务之间的认证
 * @author EDZ
 *
 */
@Slf4j
public class ServiceAuthRestInterceptor extends HandlerInterceptorAdapter {

  @Autowired
  private AuthServerProvider clientAuthProvider;
  
  @Value("${spring.application.name}")
  private String applicationName;

  @Override
  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
		HandlerMethod handlerMethod = (HandlerMethod) handler;
		// ip
//		if (ClientUtil.isLocalhost(request)) {
//			return super.preHandle(request, response, handler);
//		}
		
		// 配置该注解，说明不进行服务拦截
		IgnoreClientToken annotation = handlerMethod.getBeanType().getAnnotation(IgnoreClientToken.class);
		if (annotation == null) {
			annotation = handlerMethod.getMethodAnnotation(IgnoreClientToken.class);
		}
		if (annotation != null) {
			return super.preHandle(request, response, handler);
		}

		if (request.getServletPath().startsWith("/actuator")) {
			return super.preHandle(request, response, handler);
		}
		

		String clientToken = request.getHeader("x-auth-client-" + applicationName);
		String client = request.getHeader("x-auth-client");

		try {
			if (StringUtils.isEmpty(clientToken)) {
				String clientName = JwtUtils.getUsername(client);
				// authServer校验 客户端是否合法&能否有权限访问
				if (Boolean.TRUE.equals(clientAuthProvider.verify(applicationName, clientName.split("\\.")[0],
						clientName.split("\\.")[1]))) {
					// 给该客户端签名
					String signToken = JwtUtils.sign(JwtUtils.generateSalt(), "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr",
							3600 * 12);
					response.addHeader("x-auth-client-response", signToken);

					log.info("auth-server verify success, sign with {}", signToken);

					return super.preHandle(request, response, handler);
				}

			} else {
				// jwt校验
				if (!JwtUtils.isTokenExpired(clientToken)
						&& JwtUtils.verifyToken(clientToken, "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr") != null) {
					log.info("local service jwt verify success");
					return super.preHandle(request, response, handler);
				}
			}

		} catch (Exception e) {
			log.error(e.getMessage(), e);
			throw new ClientForbiddenException("Client verfy error");
		}

		throw new ClientForbiddenException("Client is Forbidden!");
  }
}