package middleware

import (
	"errors"
	"gin-admin/internal/core/config"
	"gin-admin/pkg/auth"
	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt/v5"
	"net/http"
	"regexp"
	"strings"

	systemmodel "gin-admin/internal/model/system"
)

// @Author: yv1ing
// @Author: me@yvling.cn
// @Date: 2025/8/28 17:31
// @Desc: 鉴权中间件

func extractBearerToken(c *gin.Context) string {
	authorization := c.GetHeader("Authorization")
	if authorization == "" {
		return ""
	}

	parts := strings.SplitN(authorization, " ", 2)
	if len(parts) != 2 || !strings.EqualFold(parts[0], "Bearer") || parts[1] == "" {
		return ""
	}

	return parts[1]
}

func JwtMiddleware(whitelist []string) gin.HandlerFunc {
	var whitelistRegex []*regexp.Regexp
	for _, pattern := range whitelist {
		re, err := regexp.Compile(pattern)
		if err == nil {
			whitelistRegex = append(whitelistRegex, re)
		}
	}

	return func(c *gin.Context) {
		path := c.Request.URL.Path
		for _, re := range whitelistRegex {
			if re.MatchString(path) {
				c.Next()
				return
			}
		}

		tokenStr := extractBearerToken(c)
		if tokenStr == "" {
			c.AbortWithStatusJSON(http.StatusUnauthorized, systemmodel.Response{
				Code: http.StatusUnauthorized,
				Info: "请求头Authorization非法或缺失",
			})
			return
		}

		claims, err := auth.ParseAccessToken(tokenStr, config.Config.SecretKey)
		if err != nil {
			if errors.Is(err, jwt.ErrTokenExpired) {
				c.AbortWithStatusJSON(http.StatusUnauthorized, systemmodel.Response{
					Code: http.StatusUnauthorized,
					Info: "Token已过期",
				})
			} else {
				c.AbortWithStatusJSON(http.StatusUnauthorized, systemmodel.Response{
					Code: http.StatusUnauthorized,
					Info: "Token不合法",
				})
			}
			return
		}

		c.Set("UID", claims.ID)
		c.Next()
	}
}