package server

import (
	apiUser "admin/apps/user/api"
	"admin/internal/context"
	"admin/internal/errcode"
	"admin/internal/permission"
	"strings"
)

func (srv *Server) CheckToken(ctx *context.WebContext) {
	if strings.Contains(ctx.GinCtx().Request.URL.Path, "/login") {
		return
	}

	err := ctx.ExtractHeader()
	if err != nil {
		ctx.Fail(errcode.New(errcode.HeaderParamsInvalid, "header invalid"))
		return
	}

	authRsp, err := apiUser.GetUserApiInstance().Auth(ctx, &apiUser.AuthReq{
		Token:  ctx.Header.Token,
		UserId: ctx.Header.UserId,
	})
	if err != nil {
		ctx.Fail(err)
		return
	}

	ctx.Header.UserName = authRsp.User.NickName

	ctx.GinCtx().Set("userInfo", authRsp)
	return
}

func (srv *Server) CheckPermissions(ctx *context.WebContext) {
	userInfoI, find := ctx.GinCtx().Get("userInfo")
	if !find {
		ctx.Fail(errcode.New(errcode.TokenInvalid, "not found ctx userInfo"))
		return
	}
	userInfo, _ := userInfoI.(*apiUser.UserInfo)

	projectId, resource := getCtxURIProjectIdAndResource(ctx)
	if projectId <= 0 {
		if ctx.GinCtx().Request.URL.Path == "/api/project" {
			if userInfo.Character != "admin" {
				ctx.Fail(errcode.New(errcode.NoPermission, "user %v is not admin, can't operate project", ctx.Header.UserId))
				return
			}
			ctx.GinCtx().Next()
			return
		}
		ctx.Fail(errcode.New(errcode.NoPermission, "project_id %v in ctx invalid", projectId))
		return
	}
	if resource == "" {
		ctx.Fail(errcode.New(errcode.NoPermission, "resource %v in ctx invalid", resource))
		return
	}

	reqPermission := permission.GetProjectResourcePermission(projectId, resource, ctx.GinCtx().Request.Method)

	if userInfo.Character == "admin" {
		ctx.GinCtx().Next()
		return
	}

	for _, v := range userInfo.Permissions {
		if reqPermission == v {
			ctx.GinCtx().Next()
			return
		}
	}

	ctx.Fail(errcode.New(errcode.NoPermission, "user %v don't have permission %v", ctx.Header.UserId, reqPermission))
	return
}