package jws

import (
	"errors"
	"github.com/dgrijalva/jwt-go"
	"github.com/gin-gonic/gin"
	"github.com/spf13/viper"
	"strings"
	"time"
)

// JWT 签名结构
type JWT struct {
	SigningKey []byte
}

// 一些常量
var (
	TokenExpired     = errors.New("授权已过期")
	TokenNotValidYet = errors.New("授权未生效")
	TokenMalformed   = errors.New("无权限访问")
	TokenInvalid     = errors.New("无权限访问")
	TokenHeaderName  = "Authorization"
	Claims           = "claims"
	DefaultSignKey   = "defaultSignKey"
	TokenTimeout     = 2592000 // 60 * 60 * 24 * 30
)

// 载荷，可以加一些自己需要的信息
type TokenClaims struct {
	ID    int64  `json:"id"`
	Token string `json:"-"`
	jwt.StandardClaims
}

// 新建一个jwt实例
func NewJWT(args ...string) *JWT {
	var signKey string
	if key := viper.GetString("jws.sign_key"); len(strings.TrimSpace(key)) > 0 {
		signKey = strings.TrimSpace(key)
	} else if len(args) > 0 {
		signKey = strings.TrimSpace(args[0])
	} else {
		signKey = DefaultSignKey
	}
	return &JWT{SigningKey: []byte(signKey)}
}

func GetToken(ctxt *gin.Context) string {
	if nil == ctxt || nil == ctxt.Request ||
		nil == ctxt.Request.Header || len(ctxt.Request.Header) == 0 {
		return ""
	}
	token := ctxt.Request.Header.Get(TokenHeaderName)
	if token == "" {
		token = ctxt.Request.Header.Get(strings.ToLower(TokenHeaderName))
	}
	return strings.TrimSpace(token)
}

// CreateToken 生成一个token
func (j *JWT) CreateToken(claims TokenClaims) (string, error) {
	jwt.TimeFunc = time.Now
	claims.StandardClaims.ExpiresAt = time.Now().Add(time.Duration(TokenTimeout) * time.Second).Unix()
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	token.Header["exp"] = claims.StandardClaims.ExpiresAt
	return token.SignedString(j.SigningKey)
}

// 解析Tokne
func (j *JWT) ParseToken(tokenString string) (*TokenClaims, error) {
	token, err := jwt.ParseWithClaims(tokenString, &TokenClaims{}, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, TokenInvalid
		}

		return j.SigningKey, nil
	})
	if err != nil {
		if ve, ok := err.(*jwt.ValidationError); ok {
			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
				return nil, TokenMalformed
			} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
				// Token is expired
				return nil, TokenExpired
			} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
				return nil, TokenNotValidYet
			} else {
				return nil, TokenInvalid
			}
		}
	}
	if claims, ok := token.Claims.(*TokenClaims); ok && token.Valid {
		return claims, nil
	}
	return nil, TokenInvalid
}

// 更新token
func (j *JWT) RefreshToken(tokenString string) (string, error) {
	jwt.TimeFunc = func() time.Time {
		return time.Unix(0, 0)
	}
	token, err := jwt.ParseWithClaims(tokenString, &TokenClaims{}, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, TokenInvalid
		}

		return j.SigningKey, nil
	})
	if err != nil {
		return "", err
	}
	if claims, ok := token.Claims.(*TokenClaims); ok && token.Valid {
		return j.CreateToken(*claims)
	}
	return "", TokenInvalid
}