package router

import (
	"context"
	"errors"
	"time"

	"github.com/gin-gonic/gin"
	"github.com/go-redis/redis/v8"
	cfacade "github.com/mhaya/facade"
	"github.com/mhaya/game/game_cluster/internal/code"
	"github.com/mhaya/game/game_cluster/internal/constant"
	"github.com/mhaya/game/game_cluster/internal/mdb"
	"github.com/mhaya/game/game_cluster/internal/mdb/models"
	"github.com/mhaya/game/game_cluster/nodes/webadmin/common"
	mhayaLogger "github.com/mhaya/logger"
	"go.mongodb.org/mongo-driver/bson"
	"go.mongodb.org/mongo-driver/mongo"
)

func Auth(settingObj cfacade.ProfileJSON) gin.HandlerFunc {
	return func(c *gin.Context) {
		tokenString := c.GetHeader("Token")
		if tokenString == "" {
			common.PackUnauthorizedResult(c, code.UnauthorizedError, "token is empty")
			return
		}

		result, err := mdb.RDB.Get(context.Background(), tokenString).Result()
		if err != nil && err != redis.Nil {
			mhayaLogger.Warnf("Auth Get error: %s", err.Error())
			common.PackUnauthorizedResult(c, code.InternalError, "token is empty")
			return
		}
		if result == "" {
			common.PackUnauthorizedResult(c, code.UnauthorizedError, "token is invalid")
			return
		}

		// 获取请求URL
		// url := c.Request.URL.Path
		// s, err := mdb.RDB.HGet(context.Background(), common.GetTokenKey(tokenString), url).Result()
		// if err != nil {
		// 	mhayaLogger.Warnf("Auth HGet s error: %s", err.Error())
		// 	common.PackUnauthorizedResult(c, code.InternalError, "")
		// 	return
		// }

		ss, err := mdb.RDB.HGet(context.Background(), common.GetTokenKey(tokenString), constant.AdminAccess).Result()
		if err != nil {
			mhayaLogger.Warnf("Auth HGet ss error: %s", err.Error())
			common.PackUnauthorizedResult(c, code.InternalError, "")
			return
		}

		// 检查是否有权限
		if ss == "" && result == "" {
			common.PackUnauthorizedResult(c, code.UnauthorizedError, "token is no auth")
			return
		}

		openIpWhitelist := settingObj.Get("open_ip_whitelist").ToBool()
		if openIpWhitelist {
			err = checkIPWhitelist(c)
			if err != nil {
				mhayaLogger.Warnf("Auth checkIPWhitelist error: %s", err.Error())
				common.PackForbiddenResult(c, code.ForbiddenError, "ip is no auth")
				return
			}
		}

		c.Next()
	}
}

// checkIP
func checkIPWhitelist(c *gin.Context) error {
	// 获取请求的ip
	ip := c.ClientIP()
	var whitelistModel *models.Whitelist
	collection := mdb.MDB.Collection(whitelistModel.TableName())

	// 设置超时时间
	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
	defer cancel() // 确保在函数退出时取消上下文

	// 示例：查询 IP 是否在白名单中
	err := collection.FindOne(ctx, bson.M{"ip": ip}).Decode(&whitelistModel)
	if err != nil && err != mongo.ErrNoDocuments {
		return err
	}

	// 根据查询结果决定是否允许访问
	if whitelistModel == nil {
		return errors.New("IP not in whitelist") // 拒绝访问
	}

	return nil // 允许访问
}