package middleware

import (
	"github.com/gin-gonic/gin"
	"github.com/tidwall/gjson"
	"io/ioutil"
	"kefu/common"
	"kefu/models"
	"kefu/tools"
	"log"
	"strings"
)

/*
*
域名中间件
*/
func DomainLimitMiddleware(c *gin.Context) {
	//离线或者远程
	// if !CheckSystemAuthCode(c) && !CheckBindOffcial(c) {
	// 	c.Abort()
	// 	return
	// }

}

// 验证离线本地授权码
func CheckSystemAuthCode(c *gin.Context) bool {
	authCode := models.FindConfig("SystemAuthCode")
	privateKey := common.RsaPrivateKey
	if authCode == "" {
		authCodeByte, err := ioutil.ReadFile(common.RootPath + "/authorization")
		if err != nil || string(authCodeByte) == "" {
			log.Println("离线授权码本地文件错误:", err)
			return false
		}
		authCode = string(authCodeByte)
	}
	rsa := tools.NewRsa("", privateKey)
	decContent, _ := tools.Base64Decode2(authCode)
	jsonByte, err := rsa.Decrypt(decContent)
	if err != nil {
		log.Println("离线授权码解析失败:", err)
		jsonByte = []byte("")
	}
	allowHost := gjson.Get(string(jsonByte), "host").String()
	if allowHost == "" {
		log.Println("离线授权码解析字段失败")
		return false
	}
	domains := strings.Split(allowHost, "|")

	// 去除协议部分
	if strings.HasPrefix(c.Request.Host, "http://") {
		c.Request.Host = strings.TrimPrefix(c.Request.Host, "http://")
	} else if strings.HasPrefix(c.Request.Host, "https://") {
		c.Request.Host = strings.TrimPrefix(c.Request.Host, "https://")
	}
	// 去除末尾的斜杠
	c.Request.Host = strings.TrimSuffix(c.Request.Host, "/")

	for _, domain := range domains {
		if tools.IsMatchingDomain(domain, c.Request.Host) {
			return true
		}
	}
	//if !strings.Contains(allowHost, c.Request.Host) {
	//	log.Println("离线授权码域名不一致:", allowHost, c.Request.Host)
	//	return false
	//}
	log.Println("离线授权码域名不一致:", allowHost, c.Request.Host)
	return false
}

// 绑定官网账户
func CheckBindOffcial(c *gin.Context) bool {
	res, err := tools.HTTPGet("https://gofly.v1kf.com/2/isBindOfficial")
	if err != nil {
		log.Println("离线授权码失败,认证连接失败")
		c.Redirect(302, "/bind")
		c.Abort()
	}
	if string(res) != "success" {
		c.Redirect(302, "/bind")
		c.Abort()
	}
	return true
}