package auth

import (
	"errors"
	"github.com/loveuer/nf"
	"github.com/loveuer/nf/nft/resp"
	"time"
	"uauth/internal/store/cache"
	"uauth/internal/tool"
	"uauth/model"
)

type Config struct {
	IgnoreFn  func(c *nf.Ctx) bool
	TokenFn   func(c *nf.Ctx) (string, bool)
	GetUserFn func(c *nf.Ctx, token string) (*model.User, error)
}

var (
	defaultIgnoreFn = func(c *nf.Ctx) bool {
		return false
	}

	defaultTokenFn = func(c *nf.Ctx) (string, bool) {
		var token string

		if token = c.Request.Header.Get("Authorization"); token != "" {
			return token, true
		}

		if token = c.Query("access_token"); token != "" {
			return token, true
		}

		if token = c.Cookies("access_token"); token != "" {
			return token, true
		}

		return "", false
	}

	defaultGetUserFn = func(c *nf.Ctx, token string) (*model.User, error) {
		var (
			err error
			op  = new(model.User)
		)

		if err = cache.Client.GetExScan(tool.Timeout(3), cache.Prefix+"token:"+token, 24*time.Hour).Scan(op); err != nil {
			if errors.Is(err, cache.ErrorKeyNotFound) {
				return nil, resp.Resp401(c, nil, "用户认证信息不存在或已过期, 请重新登录")
			}

			return nil, resp.Resp500(c, err)
		}

		return op, nil
	}
)

func New(cfgs ...*Config) nf.HandlerFunc {
	var cfg = &Config{}

	if len(cfgs) > 0 && cfgs[0] != nil {
		cfg = cfgs[0]
	}

	if cfg.IgnoreFn == nil {
		cfg.IgnoreFn = defaultIgnoreFn
	}

	if cfg.TokenFn == nil {
		cfg.TokenFn = defaultTokenFn
	}

	if cfg.GetUserFn == nil {
		cfg.GetUserFn = defaultGetUserFn
	}

	return func(c *nf.Ctx) error {
		if cfg.IgnoreFn(c) {
			return c.Next()
		}

		token, ok := cfg.TokenFn(c)
		if !ok {
			return resp.Resp401(c, nil, "请登录")
		}

		op, err := cfg.GetUserFn(c, token)
		if err != nil {
			return err
		}

		c.Locals("user", op)

		return c.Next()
	}
}