package com.fdkankan.contro.Interceptor;

import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSONObject;
import com.fdkankan.common.constant.ErrorCode;
import com.fdkankan.common.constant.ServerCode;
import com.fdkankan.common.exception.BusinessException;
import com.fdkankan.contro.common.Result;
import com.fdkankan.contro.httpclient.MyClient;
import com.fdkankan.sign.RsaUtils;
import com.fdkankan.sign.SignUtils;
import lombok.extern.log4j.Log4j2;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;

@Log4j2
@Aspect
@Component
@Order(101)
public class SignVerificationAspect {

	private static final String GET_PRIVATEKEY_API = "/ucenter/_inner/pdsfsdfsrvateddsfeky/";

	@Value("${ucenter.publicKey}")
	private String publicKey;
	@Value("${ucenter.appId}")
	private String ucenterAppId;

	@Value("${4dkk.fdService.basePath}")
	private String fdServiceBasePath;

	@Resource
	private MyClient myClient;

	/**
	 * 前置通知 用于判断用户协作场景是否有协作权限
	 *
	 * @param joinPoint
	 *            切点
	 * @throws IOException
	 */
	@Before("@annotation(com.fdkankan.contro.annotation.SignVerification)")
	public void doBefore(JoinPoint joinPoint) throws Exception {
		HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
		String sign = request.getHeader("sign");
		String appId = request.getHeader("appId");
		if(StrUtil.isEmpty(sign) || StrUtil.isEmpty(appId)){
			throw new BusinessException(ErrorCode.AUTH_FAIL);
		}

		//通过appid查询私钥
		Instant now = Instant.now();
		long epochSecond = now.getEpochSecond();
		JSONObject playload = new JSONObject();
		playload.put("appId", ucenterAppId);
		playload.put("timestamp", epochSecond);
		String ucenterSign = RsaUtils.encipher(playload.toJSONString(), publicKey);
		Map<String, String> headerMap = new HashMap<>();
		headerMap.put("sign", ucenterSign);
		headerMap.put("appId", ucenterAppId);
		String url = fdServiceBasePath + GET_PRIVATEKEY_API + appId;
		Result result = myClient.get(url, headerMap);
		if(result.getCode() != ServerCode.SUCCESS.code()){
			throw new RuntimeException("系统异常");
		}
		String privateKey = (String) result.getData();

		//签名解密
		if(!SignUtils.checkSign(sign, appId, privateKey)){
			throw new BusinessException(ErrorCode.AUTH_FAIL);
		}
	}

}