package interceptor

import (
	"net/http"

	"mini-chat/configs"
	"mini-chat/internal/code"
	"mini-chat/internal/pkg/core"
	"mini-chat/internal/pkg/jwtoken"
	"mini-chat/internal/pkg/utils"
	"mini-chat/internal/proposal"
	"mini-chat/internal/repository/mysql/dao"

	"gorm.io/gorm"
)

func (i *interceptor) AdminTokenAuthVerify(ctx core.Context) (sessionUserInfo proposal.SessionUserInfo, err core.BusinessError) {
	headerAuthorizationString := ctx.GetHeader("Authorization")
	if headerAuthorizationString == "" {
		err = core.Error(
			http.StatusUnauthorized,
			code.JWTAuthVerifyError,
			"无法确认您的身份，请进行登录。")

		return
	}

	// 验证 JWT 是否合法
	jwtClaims, jwtErr := jwtoken.New(configs.Get().JWT.AdminSecret).Parse(headerAuthorizationString)
	if jwtErr != nil {
		err = core.Error(
			http.StatusUnauthorized,
			code.JWTAuthVerifyError,
			"您的账号登录过期，请重新登录。")

		return
	}

	// 验证用户状态
	info, dbErr := dao.Use(i.db.GetDbR()).Admin.WithContext(ctx.RequestContext()).Where(dao.Use(i.db.GetDbR()).Admin.ID.Eq(jwtClaims.Id)).First()
	if dbErr != nil && dbErr != gorm.ErrRecordNotFound {
		err = core.Error(
			http.StatusUnauthorized,
			code.ServerError,
			"身份验证失败，如需帮助请联系我们。")

		return
	}

	if dbErr == gorm.ErrRecordNotFound {
		err = core.Error(
			http.StatusUnauthorized,
			code.ServerError,
			"无法确认您的身份，请进行登录。")

		return
	}

	if utils.MD5(headerAuthorizationString) != info.LastLoginHash {
		err = core.Error(
			http.StatusUnauthorized,
			code.JWTAuthVerifyError,
			"您的账号已在别处登录，为了保护您的账户安全，请重新登录。")
		return
	}

	// 验证登录状态
	if info.LoginStatus != 1 {
		err = core.Error(
			http.StatusUnauthorized,
			code.ServerError,
			"您的账号已被禁用，如需帮助请联系我们。").WithAlert()

		return
	}

	sessionUserInfo = jwtClaims.SessionUserInfo

	return
}