package project.web.api.filter;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashSet;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import apache.poi.assistant.MD5;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.alibaba.fastjson.JSON;

import email.Config;
import kernel.web.ApplicationUtil;
import kernel.web.PageActionSupport;
import kernel.web.ResultObject;
import project.syspara.Syspara;
import project.syspara.SysparaService;
import project.user.token.TokenService;
import util.IpUtil;

/**
 * @author 15308
 * @description SERVLET请求过滤器(不含静态页面文件)
 */
public class AllRequestFilter extends PageActionSupport implements Filter  {
	/**
	 * 白名单URL
	 */
	private static final HashSet<String> WHITE_URLS = new HashSet<String>();

	/**
	 * 白名单URL
	 */
	private static final HashSet<String> WHITE_URLS2 = new HashSet<String>();

	/**
	 * 日志工具
	 */
	private static final Logger logger = LoggerFactory.getLogger(AllRequestFilter.class);

	@Override
	public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {
		//白名单接口地址直接(断网用户也可以访问白名单)


		//SERVLET请求响应对象
		HttpServletRequest request = (HttpServletRequest)req;
		HttpServletResponse response = (HttpServletResponse)res;
		response.setHeader("Access-Control-Allow-Origin", "*");
		response.setHeader("Access-Control-Allow-Headers", "Content-Type,X-Requested-With,sign,tissuePaper");
		String servletPath = request.getServletPath();
		if(WHITE_URLS2.contains(servletPath)) {
			filterChain.doFilter(request, response);
			return;
		}

		if(ObjectUtils.isNotEmpty(Config.VERSION_NUMBER)) {
			//验证时间戳签名
			if(checkSign(request,response)) {
				return;
			}
		}
		//校验IP是否合法(如果为null则直接返回)
		String requestIP = this.getIp(request);
		if (!IpUtil.isCorrectIpRegular(requestIP)) {
			logger.error("校验IP不合法,参数: {}", requestIP);
			return;
		}

		//校验IP是否存在于黑名单中(如果存在则直接返回)
		SysparaService sysparaService = ApplicationUtil.getBean(SysparaService.class);
		Syspara blackListSyspara = sysparaService.find("blacklist_ip");
		if(null!=blackListSyspara) {
			String blackIPS=blackListSyspara.getValue();
			if(null!=blackIPS && !(blackIPS=blackIPS.trim()).isEmpty() && blackIPS.contains(requestIP)) {
				logger.error("黑名单IP,参数: {}", requestIP);
				return;
			}
		}

		if(WHITE_URLS.contains(servletPath)) {
			filterChain.doFilter(request, response);
			return;
		}

		//校验用户是否登录(通过判断是否提交Token来辨别)
		TokenService tokenService = ApplicationUtil.getBean(TokenService.class);
		String token = request.getParameter("token");
		if(null==token || (token=token.trim()).isEmpty()) {
			logger.error("浏览器端未提交token值,用户必须先登录才能有token,当前请求接口地址:{}",servletPath);
			return;
		}


		String userName = tokenService.getUserName(token,servletPath);
		if (StringUtils.isBlank(userName)) {
			logger.error("token已失效路径:token值{},访问路径{}",token,servletPath);
			ResultObject resultObject = new ResultObject();
			resultObject.setCode("403");
			resultObject.setMsg("请重新登录");
			response.getWriter().print(JSON.toJSONString(resultObject));
			return;
		}

		//被设置为断网的用户无法访问
		Syspara stopUserInternets = sysparaService.findByDB("stop_user_internet");
		logger.error("当前配置的断网用户对象:{},当前访问的用户名:{},用户访问的路径:{}", stopUserInternets,userName,servletPath);
		if(StringUtils.isNotBlank(userName)) {
			if(null!=stopUserInternets) {
				String value = stopUserInternets.getValue();
				logger.error("当前配置的断网用户:{},当前访问的用户名:{},用户访问的路径:{}", value,userName,servletPath);
				if(null!=value && value.contains(userName)) {
					logger.error("当前配置的断网用户:{},不能访问的用户名:{},用户访问的路径:{}", value,userName,servletPath);
					((HttpServletResponse)response).sendError(405, "请求超时");
					return;
				}
			}
		}

		//检查提交数据包中是否存在静态脚本
		if (checkParameter(request)) return;
		//放行到后端的SERVLET
		filterChain.doFilter(request, response);
	}

	/**
	 * 请求参数中包含"script"的过滤
	 * @param request 请求对象
	 * @return 检查是否通过(返回true表示不通过)
	 */
	private boolean checkParameter(HttpServletRequest request) {
		Enumeration<String> enu = request.getParameterNames();
		while (enu.hasMoreElements()) {
			String paraName = enu.nextElement();
			if(null==paraName || (paraName=paraName.trim()).isEmpty()) continue;
			String value = request.getParameter(paraName).trim().toLowerCase();
			if (-1!=value.indexOf("script")) {
				logger.error("请求参数中包含script的过滤,参数: " + request.getParameter(paraName) + "请求地址: " + request.getServletPath());
				return true;
			}
		}

		Enumeration<String> heads = request.getHeaderNames();
		while (heads.hasMoreElements()) {
			String headName = (String) heads.nextElement();
			if(null==headName || (headName=headName.trim()).isEmpty()) continue;
			String value = request.getHeader(headName).trim().toLowerCase();
			if(-1!=value.indexOf("<")) {
				logger.error("head参数中包含<的过滤,参数: " + request.getHeader(headName) + "请求地址: " + request.getServletPath());
				return true;
			}
		}

		return false;
	}

	/**
	 * 初始化白名单
	 */
	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// 访问图片
		WHITE_URLS2.add("/public/showimg!showImg.action");
		// 访问充值地址
		WHITE_URLS2.add("/api/channelBlockchain!getBlockchainName.action");
		//H5注册
		WHITE_URLS.add("/api/localuser!registerNoVerifcode.action");

		WHITE_URLS.add("/api/newOnlinechat!send.action");

		WHITE_URLS.add("/api/onlinechat!send.action");

		WHITE_URLS.add("/api/newOnlinechat!list.action");

		WHITE_URLS.add("/api/onlinechat!list.action");

		//H5注册
		WHITE_URLS.add("/api/localuser!register.action");
		//平仓参数接口
		WHITE_URLS.add("/api/contractApplyOrder!closeview.action");
		//开仓参数接口
		WHITE_URLS.add("/api/contractApplyOrder!openview.action");

		//平仓参数接口
		WHITE_URLS.add("/api/futuresOrder!closeview.action");
		//开仓参数接口
		WHITE_URLS.add("/api/futuresOrder!openview.action");

		//PC注册
		WHITE_URLS.add("/api/localuser!getImageCode.action");
		//PC发送邮箱功能
		WHITE_URLS.add("/api/idcode!execute.action");
		WHITE_URLS.add("/api/callback!execute.action");

		WHITE_URLS.add("/api/localuser!register_username.action");

		WHITE_URLS.add("/api/exchangerateuserconfig!get.action");
		// 登录
		WHITE_URLS.add("/api/dapp!login.action");
		// 热门币种
		WHITE_URLS.add("/api/item!list.action");
		//
		WHITE_URLS.add("/api/dapp!pooldata.action");
		// 轮播日志
		WHITE_URLS.add("/api/dapp!get_notice_logs.action");
		// 上传文件
		WHITE_URLS.add("/public/uploadimg!execute.action");
		WHITE_URLS.add("/public/showimg!showImg.action");
		WHITE_URLS.add("/api/monitor!getAutoMonitorPoolData.action");

		// 实时数据
		WHITE_URLS.add("/api/hobi!getRealtime.action");
		// Kline
		WHITE_URLS.add("/api/hobi!getKline.action");
		// 分时图
		WHITE_URLS.add("/api/hobi!getTrend.action");

		// onlineChat
		WHITE_URLS.add("/api/onlinechat!list.action");
		WHITE_URLS.add("/api/onlinechat!send.action");
		WHITE_URLS.add("/api/cms!list.action");
		WHITE_URLS.add("/api/news!list.action");
		WHITE_URLS.add("/api/news!get.action");
		WHITE_URLS.add("/api/exchangerate!list.action");
		WHITE_URLS.add("/api/user!login.action");
		WHITE_URLS.add("/api/syspara!getSyspara.action");
		WHITE_URLS.add("/api/news!list_v2_popup.action");
		WHITE_URLS.add("/api/banner!list.action");
		WHITE_URLS.add("/api/cms!get.action");
		WHITE_URLS.add("/api/user!getUserNameVerifTarget.action");
		WHITE_URLS.add("/api/localuser!registerNoVerifcode.action");
		WHITE_URLS.add("/api/localuser!resetpsw.action");
		WHITE_URLS.add("/api/user!resetpsw.action");
		WHITE_URLS.add("/api/user!getUserNameVerifTarget.action");
		WHITE_URLS.add("/api/hobi!getDepth.action");
		WHITE_URLS.add("/api/user!rechargeCallback.action");



	}

	@Override
	public void destroy() {}


	/**
	 * 普通请求处理处理
	 * @throws IOException
	 */
	public boolean checkSign(HttpServletRequest request, ServletResponse response) throws IOException {
		String servletPath2 = request.getServletPath();
		// 响应请求前参数校验
		// 获取请求头中的时间戳参数
		String timestamp = request.getHeader("tissuePaper");
		Enumeration<String> heads = request.getHeaderNames();
		if (timestamp == null) {
			// 没有时间戳参数返回验签失败
			logger.error("时间戳为空"+servletPath2);
			((HttpServletResponse)response).sendError(201, "时间戳为空");
			return true;
		}

		try {
			// 3分钟内有效
			long timestampDate = Long.parseLong(timestamp) + (60 * 1);
			// 10位时间戳
			long currDate = System.currentTimeMillis() / 1000L;
			if (timestampDate < currDate) {
				// 请求过期
				logger.error("请求过期"+servletPath2);
				((HttpServletResponse)response).sendError(202, "请求过期");
				return true;
			}
			/*
			 * if (timestampDate-60 > currDate) { // 请求过期 logger.info("时间超前");
			 * System.out.println("时间超前"+servletPath2+"时间:"+timestampDate);
			 * ((HttpServletResponse)response).sendError(203, "时间超前"); return true; }
			 */
		} catch (NumberFormatException e) {
			assert response != null;
			logger.error("请求异常"+servletPath2);
			((HttpServletResponse)response).sendError(204, "请求异常");
			return true;
		}

		String sign = request.getHeader("sign");
		if (sign == null || "".equals(sign.trim())) {
			// 没有签名返回验签失败
			assert response != null;
			logger.error("签名为空"+servletPath2);
			((HttpServletResponse)response).sendError(205, "签名为空");
			//((HttpServletResponse)response).sendError(201, "验签失败");
			return true;
		}

		// 验签， 根据时间戳生成签名加盐值反复加密两次， 对比是否一致
		// 第一个参数为加密内容， 第二个参数为加密时的盐值
		// 获取后台管理MD5盐值
		String waitSign = Config.ENCRYPTION_KEY+timestamp;
		String md5_result = MD5.sign(waitSign).toUpperCase();
		if (!md5_result.equals(sign)) {
			// 验签失败
			logger.error("签名失败"+servletPath2);
			((HttpServletResponse)response).sendError(206, "签名失败");
			return true;
		}

		return false;
	}

}