package project.web.api;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.mysql.cj.util.StringUtils;

import kernel.exception.BusinessException;
import kernel.web.BaseAction;
import kernel.web.ResultObject;
import project.Constants;
import project.log.Log;
import project.log.LogService;
import project.party.PartyService;
import project.party.model.Party;
import project.user.googleauth.GoogleAuthService;
import security.SecUser;
import security.internal.SecUserService;
import util.GoogleAuthenticator;

/**
 * 谷歌身份认证器
 *
 */
@RestController
@CrossOrigin
public class GoogleAuthController extends BaseAction {
	
	private Logger logger=LoggerFactory.getLogger(GoogleAuthController.class);
	
	@Autowired
	private GoogleAuthService googleAuthService;
	@Autowired
	private SecUserService secUserService;
	@Autowired
	private PartyService partyService;
	
	@Autowired
	private LogService logService;
	
	private final String action = "/api/googleauth!";
	
	/**
	 * 谷歌身份验证器 获取密钥及二维码
	 */
	@RequestMapping(action + "get.action")
	public Object get() {

		ResultObject resultObject = new ResultObject();
		resultObject = readSecurityContextFromSession(resultObject);
		if (!"0".equals(resultObject.getCode())) {
			return resultObject;
		}
		try {
			Map<String, Object> data = new HashMap<String, Object>();
			String partyId = getLoginPartyId();
			SecUser secUser = secUserService.findUserByPartyId(partyId);
			// 未绑定则
			if (!secUser.isGoogle_auth_bind()) {
				String secretKey = GoogleAuthenticator.generateSecretKey();
				data.put("google_auth_secret", secretKey);
				data.put("google_auth_url", googleAuthService.getGoogleAuthUrl(secUser.getUsername(), secretKey));
			}
			data.put("google_auth_bind", secUser.isGoogle_auth_bind());
			resultObject.setData(data);
			resultObject.setCode("0");
		} catch (BusinessException e) {
			resultObject.setCode("1");
			resultObject.setMsg(e.getMessage());
		} catch (Exception e) {
			resultObject.setCode("1");
			resultObject.setMsg("Program error!");
			logger.error("error:", e);
		}

		return resultObject;
	}

	/**
	 * 谷歌身份绑定
	 */
	@RequestMapping(action + "bind.action")
	public Object bind(HttpServletRequest request) {

		ResultObject resultObject = new ResultObject();
		resultObject = readSecurityContextFromSession(resultObject);
		if (!"0".equals(resultObject.getCode())) {
			return resultObject;
		}
		
		try {
			
			String secret = request.getParameter("secret");
			String code = request.getParameter("code");
			if (StringUtils.isNullOrEmpty(secret)) {
				throw new BusinessException("secret is null");
			}
			if (StringUtils.isNullOrEmpty(code)) {
				throw new BusinessException("code is null");
			}
			
			Map<String, Object> data = new HashMap<String, Object>();
			String partyId = getLoginPartyId();
			Party party = this.partyService.cachePartyBy(partyId, false);			

            // 绑定结果
            boolean binded = this.googleAuthService.saveGoogleAuthBind(party.getUsername(), secret, code);
            if (binded) {
    			
    			// 获取用户系统等级：1/新注册；2/邮箱谷歌手机其中有一个已验证；3/用户实名认证； 4/用户高级认证；
    			int userLevelSystem = this.partyService.getUserLevelByAuth(party);

    			// 十进制个位表示系统级别：1/新注册；2/邮箱谷歌手机其中有一个已验证；3/用户实名认证；4/用户高级认证；
    			// 十进制十位表示自定义级别：对应在前端显示为如VIP1 VIP2等级、黄金 白银等级；
    			// 如：级别11表示：新注册的前端显示为VIP1；
    			int userLevel = party.getUser_level();
    			party.setUser_level(((int) Math.floor(userLevel / 10)) * 10 + userLevelSystem);
    			
    			this.partyService.update(party);
    			
    			Log log = new Log();
    			log.setCategory(Constants.LOG_CATEGORY_SECURITY);
    			log.setLog("用户谷歌绑定,ip[" + this.getIp(getRequest()) + "]");
    			log.setPartyId(party.getId());
    			log.setUsername(party.getUsername());
    			logService.saveAsyn(log);
            }

            data.put("google_auth_bind", binded);
			
			resultObject.setData(data);
			resultObject.setCode("0");
			
		} catch (BusinessException e) {
			resultObject.setCode("1");
			resultObject.setMsg(e.getMessage());
		} catch (Exception e) {
			resultObject.setCode("1");
			resultObject.setMsg("Program error!");
			logger.error("error:", e);
		}

		return resultObject;
	}

	public Object checkCode(HttpServletRequest request) {

		ResultObject resultObject = new ResultObject();
		resultObject = readSecurityContextFromSession(resultObject);
		if (!"0".equals(resultObject.getCode())) {
			return resultObject;
		}
		String code = request.getParameter("code");
		try {
			Map<String, Object> data = new HashMap<String, Object>();
			String partyId = getLoginPartyId();
			SecUser secUser = secUserService.findUserByPartyId(partyId);
			if (!secUser.isGoogle_auth_bind()) {// 未绑定则
				throw new BusinessException("请先绑定谷歌验证器");
			}
			data.put("check_result", googleAuthService.checkCode(secUser.getGoogle_auth_secret(), code));
			resultObject.setData(data);
			resultObject.setCode("0");
		} catch (BusinessException e) {
			resultObject.setCode("1");
			resultObject.setMsg(e.getMessage());
		} catch (Exception e) {
			resultObject.setCode("1");
			resultObject.setMsg("Program error!");
			logger.error("error:", e);
		}

		return resultObject;
	}

}