<?php
/**
 * Author: cfn <cfn@leapy.cn>
 */

namespace App\Aspect;

use App\Annotation\Auth;
use App\Model\AccountLog;
use Hyperf\Context\ApplicationContext;
use Hyperf\Di\Annotation\Aspect;
use Hyperf\Di\Annotation\Inject;
use Hyperf\Di\Aop\AbstractAspect;
use Hyperf\Di\Aop\ProceedingJoinPoint;
use Hyperf\Di\Exception\AnnotationException;
use Hyperf\HttpServer\Contract\RequestInterface;
use Hyperf\HttpServer\Contract\ResponseInterface;

#[Aspect]
class AuthAspect extends AbstractAspect
{
    #[Inject]
    protected RequestInterface $request;
    #[Inject]
    protected ResponseInterface $response;

    public array $annotations = [
        Auth::class
    ];


    /**
     * Author: cfn <cfn@leapy.cn>
     * @param ProceedingJoinPoint $proceedingJoinPoint
     * @return mixed|\Psr\Http\Message\ResponseInterface
     * @throws AnnotationException|\Hyperf\Di\Exception\Exception
     */
    public function process(ProceedingJoinPoint $proceedingJoinPoint)
    {
        // 切面切入后，执行对应的方法会由此来负责
        $authorization = $this->getAuthorizationAnnotation($proceedingJoinPoint);
        $isLogin = $this->request->getAttribute("isLogin",false);
        if ($authorization->needLogin && !$isLogin) {
            return $this->response->json(['code' => 3,'msg' => '登录已过期']);
        }
        $admin = $this->request->getAttribute("account");
        if ($authorization->needLogin && $authorization->needAuth) {
            if (!$isLogin || empty($admin) || !$this->checkPermission($authorization->auth, $this->request->getMethod(), $admin)) {
                return $this->response->json(['code' => 2,'msg' => '权限不足']);
            }
        }
        $response = $proceedingJoinPoint->process();
        // 记录日志
        if ($isLogin && !empty($admin) && $authorization->needLog && $authorization->auth != "*") {
            AccountLog::recordLog($this->request, $admin, $authorization->auth, $response);
        }
        return $response;
    }

    /**
     * desc: 获取注解类
     * @param ProceedingJoinPoint $proceedingJoinPoint
     * @return Auth
     * @throws AnnotationException
     */
    protected function getAuthorizationAnnotation(ProceedingJoinPoint $proceedingJoinPoint): Auth {
        $annotation = $proceedingJoinPoint->getAnnotationMetadata()->method[Auth::class] ?? null;
        if (!$annotation instanceof Auth) {
            throw new AnnotationException("Annotation Auth couldn't be collected successfully.");
        }
        return $annotation;
    }

    /**
     * desc: 校验操作权限
     * Author: cfn <cfn@leapy.cn>
     * @param string $auth
     * @param string $method
     * @param array $account
     * @return bool
     */
    protected function checkPermission(string $auth, string $method, array $account): bool {
        if ($auth == "*" || $account['master_flag']) return true;
        $container = ApplicationContext::getContainer();
        $redis = $container->get(\Hyperf\Redis\Redis::class);
        $auths = $redis->get("AUTH:".$account['account_id']);
        if (!$auths) return false;
        $auths = json_decode($auths, true);
        if (!empty($auths)) {
            return in_array(strtolower($method.':'.$auth), $auths);
        }
        return false;
    }
}