namespace ZhiYi.Core.Application.Middleware
{
    /// <summary>
    /// 签名与鉴权中间件
    /// </summary>
    public class SignatureValidationMiddleware
    {
        private readonly RequestDelegate _next;
        private readonly string _appSecret;
        private readonly string[] _excludedPaths;
        private readonly IServiceProvider _serviceProvider;

        public SignatureValidationMiddleware(RequestDelegate next, IConfiguration configuration, IServiceProvider serviceProvider)
        {
            _next = next;
            _appSecret = configuration["AppSecret"];
            _excludedPaths = new string[]
            {
                "/api/user/login", // 登录接口
                "/api/user/register", // 注册接口
                "/api/user/getsignature", //签名获取接口
                "/api/captcha/getcaptcha" //验证码获取接口
            };
            _serviceProvider = serviceProvider;
        }

        public async Task InvokeAsync(Microsoft.AspNetCore.Http.HttpContext context)
        {
            /*var contentType = context.Request.ContentType;
            if (contentType.IndexOf("grpc") > 0)
            {
                await _next(context);
                return;
            }*/
            var path = context.Request.Path;
            if (_excludedPaths.Any(p => path.StartsWithSegments(p)))
            {
                await _next(context);
                return;
            }
            var timestamp = context.Request.Headers["X-Timestamp"].ToString();
            var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
            var signature = context.Request.Headers["X-Signature"].ToString();

            //请求头过滤
            /*if (string.IsNullOrEmpty(timestamp) || string.IsNullOrEmpty(token) || string.IsNullOrEmpty(signature))
            {
                context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                await context.Response.WriteAsync("非法请求");
                return;
            }

            // 简单验证 signature 是否有效
            using (var scope = _serviceProvider.CreateScope())
            {
                var expectedSignature = scope.ServiceProvider.GetService<TokenService>().GenerateSignature(_appSecret, path, timestamp, token);
                if (signature != expectedSignature)
                {
                    context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                    await context.Response.WriteAsync("签名不正确");
                    return;
                }
            };*/

            // 简单验证 Token 是否有效
            var tokenService = context.RequestServices.GetRequiredService<TokenService>();
            var username = context.User.Identity?.Name;
            var userid = context.User.FindFirst(ClaimTypes.Sid)?.Value;
            if (userid == null || !tokenService.ValidateToken(userid, token))
            {
                context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                await context.Response.WriteAsync("token无效");
                return;
            }

            await _next(context);
        }
    }
}