package middleware

import (
	"log/slog"
	"regexp"
	"strings"

	"github.com/gin-gonic/gin"
	"joylink.club/bj-rtsts-server/db/model"
	"joylink.club/bj-rtsts-server/dto"
	"joylink.club/bj-rtsts-server/service"
	"joylink.club/bj-rtsts-server/sys_error"
)

// 用户权限缓存
var userAuthPathMap = make(map[int32]*dto.AuthUserStorageDto)

var PermissMiddleware = permissionMiddleware()

// 权限验证信息0
func permissionMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		user, _ := c.Get(IdentityKey)
		if user == nil { // 用户未登录
			c.Next()
			return
		}
		uid := user.(*model.User).ID
		userAuth := userAuthPathMap[uid]
		if userAuth == nil {
			userAuthPathMap[uid] = service.QueryUserAuthApiPath(uid)
			userAuth = userAuthPathMap[uid]
		}
		if userAuth.IsAdmin { // 用户是超级管理员
			c.Next()
			return
		}
		path, method := c.Request.URL.Path, c.Request.Method
		if validateUserPath(path, method, userAuth.AuthPaths) { // 用户有权限
			c.Next()
			return
		}
		slog.Error("无权限操作请求路径", "path", path, "method", method)
		panic(sys_error.New("权限不足"))
	}
}

// 验证路径
func validateUserPath(path, method string, paths []*dto.AuthPath) bool {
	for _, p := range paths {
		if p.Method != "*" && !strings.Contains(p.Method, method) { // 判断方法是否匹配
			continue
		}
		if p.Path == path {
			return true
		}
		authReg, _ := regexp.Compile(p.Path)
		if authReg.MatchString(path) { // 匹配路径
			return true
		}
	}
	return false
}

// 重新登录时移除权限
func ClearUserPermission(userId int32) {
	delete(userAuthPathMap, userId)
}

// 修改角色后清理用户权限
func ClearUserPermissionByRid(roleId int32) {
	var uids []int32
	for uid, u := range userAuthPathMap {
		for _, r := range u.RoleIds {
			if r == roleId {
				uids = append(uids, uid)
				break
			}
		}
	}
	if len(uids) == 0 {
		return
	}
	for _, uid := range uids {
		ClearUserPermission(uid)
	}
}