package kingdee

import (
	"encoding/json"
	"strings"

	"kingdee-dbapi/config"
	"kingdee-dbapi/logger"
	"kingdee-dbapi/nsqclient"
)

func QueryMsgHandle(data []byte) error {
	var result []interface{}

	var sql = string(data)

	logger.Debug("接收到查询请求,%s", sql)

	if !sqlCheck(sql) {
		logger.Warn("识别到危险的sql语句, 拒绝执行. %s", sql)

		return nil
	}

	if db == nil {
		logger.Debug("数据库未连接")

		return nil
	}

	rows, err := db.Raw(`select * from users`).Rows()
	if err != nil {
		result = append(result, err.Error())
		return err
	}

	var colums []string
	for rows.Next() {
		//先获取所有的column
		if colums == nil {
			colums, _ = rows.Columns()
		}

		//建立俩个interface数组，columnPointers中存在columns的地址
		columns := make([]interface{}, len(colums))
		columnPointers := make([]interface{}, len(colums))
		for i, _ := range columns {
			//赋值地址
			columnPointers[i] = &columns[i]
		}

		//扫描结果
		rows.Scan(columnPointers...)
		m := make(map[string]interface{})
		for i, colName := range colums {
			val := columnPointers[i].(*interface{})
			m[colName] = *val
		}

		result = append(result, m)
		//result = append(result, row)
	}

	logger.Debug("数据库返回数据%+v", result)
	b, _ := json.Marshal(result)

	ok := nsqclient.Produce(config.Options.ReplyTopic, b)
	if !ok {
		logger.Warn("应答查询请求失败.")
	} else {
		logger.Debug("应答查询请求成功. 数据:%s", string(b))
	}

	return nil
}

// 简单过滤下sql语句,拒绝增删改操作
func sqlCheck(sql string) bool {
	var dangerousWords = []string{"INSERT", "UPDATE", "DELETE", "ALTER", "DROP", "DECLARE", "EXECUTE", "EXEC", "INTO", "TRANCATE"}

	var upperStr = strings.ToUpper(sql)

	for _, word := range dangerousWords {
		if strings.Contains(upperStr, word) {
			return false
		}
	}

	return true
}