package com.javaweb.platform.interceptor;

import java.io.OutputStream;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.javaweb.common.annotation.UserAuth;
import com.javaweb.platform.domain.FrontUser;
import com.javaweb.platform.utils.UserAuthCacheUtils;

/**
 * 权限验证拦截器
 * @author Admin
 *
 */
@Component
public class UserAuthInterceptor extends HandlerInterceptorAdapter{
	

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        // 验证权限
        if (this.hasPermission(handler,request)) {
            return true;
        }

		response.setHeader("content-type", "text/html;charset=utf-8");

		String data = "authInvalid";

		OutputStream out = response.getOutputStream();
		// 以什么编码打入
		out.write(data.getBytes("utf-8"));
		return false;


       // return false;
    }

    /**
     * 是否有权限，
     *  后续可以考虑写入 redis 或者 数据表，
     *  目前以Cache 形式实现
     */
    private boolean hasPermission(Object handler,HttpServletRequest request) {
        if (handler instanceof HandlerMethod) {
			HandlerMethod handlerMethod = (HandlerMethod) handler;
			// 获取方法上的注解
			UserAuth requiredPermission = handlerMethod.getMethod().getAnnotation(UserAuth.class);
			// 如果方法上的注解为空 则获取类的注解
			if (requiredPermission == null) {
				requiredPermission = handlerMethod.getMethod().getDeclaringClass().getAnnotation(UserAuth.class);
			}
			if (requiredPermission == null) {
				return true;
			}

			//验证前端传递的token
			String token = request.getParameter("token");
			if (token != null) {
				//如果还有token值
				if(UserAuthCacheUtils.userCaches.containsKey(token)){
					//验证传递的token  和用户的token 是否一致
					FrontUser  frontUser = (FrontUser) UserAuthCacheUtils.getCahce(token);
					if(token.equals(frontUser.getAccessToken())){
						return true;
					}		
					
				}		
				return false;
				
			} else {
				return false;
			}
                  
        }
        return true;
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
    }

}