package controller

import (
	"fmt"
	"net/http"
	"strconv"
	"time"
	"woord-core-service/global"

	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt/v4"
)

const (
	AuthUserKey  = "_user"
	AuthTokenKey = "_token"
)

var (
	ErrNotLoggedIn  = fmt.Errorf("请先登录")
	ErrInvalidToken = fmt.Errorf("登录失效，请重新登录")
)

// 根据用户 ID 生成 JWT
func newToken(userID uint) (string, error) {
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.RegisteredClaims{
		Subject:   strconv.FormatUint(uint64(userID), 10),
		ExpiresAt: jwt.NewNumericDate(time.Now().Add(720 * time.Hour)),
	})
	return token.SignedString(global.SecretKey)
}

// 根据 JWT 解析用户 ID
func parseToken(tokenString string) (uint, error) {
	token, err := jwt.ParseWithClaims(tokenString, &jwt.RegisteredClaims{}, func(token *jwt.Token) (any, error) {
		// 检查签名方法是否正确
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("unexpected signing method: %s", token.Method.Alg())
		}
		return global.SecretKey, nil
	})

	if claims, ok := token.Claims.(*jwt.RegisteredClaims); ok && token.Valid {
		userID, err := strconv.ParseUint(claims.Subject, 10, 0)
		return uint(userID), err
	}

	return 0, err
}

// JWT 认证中间件
func JWTAuth() gin.HandlerFunc {
	return func(c *gin.Context) {
		// 从 Cookie 获取 JWT
		token, err := c.Cookie(AuthTokenKey)
		if err != nil {
			respondError(c, http.StatusUnauthorized, ErrNotLoggedIn)
			c.Abort()
			return
		}

		// 解析 JWT
		userID, err := parseToken(token)
		if err != nil {
			respondError(c, http.StatusUnauthorized, ErrInvalidToken)
			c.Abort()
			return
		}

		// 将用户 ID 保存在上下文中
		c.Set(AuthUserKey, userID)
	}
}