package auth

import (
	"github.com/go-oauth2/oauth2/v4/errors"
	"github.com/go-oauth2/oauth2/v4/manage"
	"github.com/go-oauth2/oauth2/v4/models"
	"github.com/go-oauth2/oauth2/v4/server"
	"github.com/go-oauth2/oauth2/v4/store"
	"math/rand"
	oauth2gorm "src.techknowlogick.com/oauth2-gorm"
	"basic.com/valib/logger.git"
	"net/http"
	"time"
	vamicroModel "vamicro/api-gateway/models"
	"vamicro/extend/util"
)

var (
	Oauth2Serv  *server.Server
	ClientStore *store.ClientStore
	AclList     = make(map[string]bool, 0)
	//	store = oauth2gorm.NewStore(oauth2gorm.NewConfig("../config/oauth2.db", oauth2gorm.SQLite, ""), 1)
)

func Oauth2Init() {
	manager := manage.NewDefaultManager()
	//manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg)
	tokenStore := oauth2gorm.NewStore(oauth2gorm.NewConfig("../oauth2.db", oauth2gorm.SQLite, "tokens"), 6000)
	// token store
	manager.MustTokenStorage(tokenStore, nil)
	// generate jwt access token
	// manager.MapAccessGenerate(generates.NewJWTAccessGenerate("", []byte("00000000"), jwt.SigningMethodHS512))
	//manager.MapAccessGenerate(generates.NewAccessGenerate())

	ClientStore = store.NewClientStore()
	var oauth2Model vamicroModel.Oauth2Client
	clients, err := oauth2Model.FindAll()
	if err == nil {
		for _, client := range clients {
			ClientStore.Set(client.ID, &models.Client{
				ID:     client.ID,
				Secret: client.Secret,
				Domain: client.Domain,
			})
		}
	}

	manager.MapClientStorage(ClientStore)

	Oauth2Serv = server.NewServer(server.NewConfig(), manager)

	//Oauth2Serv = server.NewDefaultServer(manager)
	Oauth2Serv.SetAllowGetAccessRequest(true)
	/**
	Oauth2Serv.SetPasswordAuthorizationHandler(func(username, password string) (userID string, err error) {
		if username == "test" && password == "test" {
			userID = "test"
		}
		return
	})**/
	Oauth2Serv.SetClientInfoHandler(server.ClientFormHandler)
	Oauth2Serv.SetUserAuthorizationHandler(userAuthorizeHandler)

	Oauth2Serv.SetInternalErrorHandler(func(err error) (re *errors.Response) {
		logger.Error("Internal Error:", err.Error())
		return
	})

	Oauth2Serv.SetResponseErrorHandler(func(re *errors.Response) {
		logger.Error("Response Error:", re.Error.Error())
	})

	logger.Debug("Oauth2Serv init down")
}

func userAuthorizeHandler(w http.ResponseWriter, r *http.Request) (userID string, err error) {
	userID = r.Header.Get("Login_user_id")
	return
}

func NewClient(domain string, intro string) error {
	r := rand.New(rand.NewSource(time.Now().Unix()))
	bytes := make([]byte, 32)
	for i := 0; i < 32; i++ {
		b := r.Intn(26) + 65
		bytes[i] = byte(b)
	}
	secret := string(bytes)
	clent := vamicroModel.Oauth2Client{ID: util.PseudoUuid(), Domain: domain, Secret: secret, Intro: intro}
	ClientStore.Set(clent.ID, &models.Client{
		ID:     clent.ID,
		Secret: clent.Secret,
		Domain: clent.Domain,
	})
	return clent.Insert()
}

func DelClient(id string) error {
	var oauth2c vamicroModel.Oauth2Client
	return oauth2c.DeleteById(id)
}

func AclInit(operations []vamicroModel.Operations) {
	for _, item := range operations {
		AclList[item.Path] = item.ApiEnable
	}
}

func CheckAcl(path string) bool {
	pass, ok := AclList[path]
	return ok && pass
}