<?php

declare(strict_types=1);

namespace App\Middleware\Auth;

use App\Model\v3\User;
use App\TaskWorker\SSDBTask;
use Hashids\Hashids;
use Hyperf\HttpServer\Contract\RequestInterface as HttpRequest;
use Hyperf\HttpServer\Contract\ResponseInterface as HttpResponse;
use Hyperf\Utils\ApplicationContext;
use Psr\Container\ContainerInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;

class ApiMiddleware implements MiddlewareInterface
{
    /**
     * @var ContainerInterface
     */
    protected $container;

    /**
     * @var HttpResponse
     */
    protected $response;

    /**
     * @var HttpRequest
     */
    protected $request;

    public function __construct(ContainerInterface $container, HttpResponse $response, HttpRequest $request)
    {
        $this->container = $container;
        $this->response = $response;
        $this->request = $request;
    }

    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        // 签名校验

        # 获取参数
        $params = $this->request->all();

        # 必须参数，签名、时间戳、随机数
        if (!(
            isset($params['sign'])
            &&isset($params['timestamp'])
            &&isset($params['rand'])
        ) && env('APP_ENV') == 'prod') {

            $content = [
                "status" => 'ok',
                "code" => 9001,
                "result" => [],
                "message" => '接口验签失败：缺少参数'
            ];

            return $this->response->json($content);
        }

        if (!$this->checkSign($params)) {

            $content = [
                "status" => 'ok',
                "code" => 9002,
                "result" => [],
                "message" => '接口验签失败：签名错误或已失效'
            ];

            return $this->response->json($content);
        }

        $this->request->user = null;
        $userToken = $params['user_token'] ?? '';

        if ($userToken) {
            $ssdb = ApplicationContext::getContainer()->get(SSDBTask::class);
            $exists = $ssdb->exec('exists', $userToken);
            if ($exists) {
                $hashIds = ApplicationContext::getContainer()->get(Hashids::class);
                $user = $hashIds->decode($userToken);
                $this->request->user = User::query()->find($user[0]);
            }
        }

        return $handler->handle($request);
    }

    private function checkSign($params)
    {
        if (env('APP_ENV') != 'prod') {
            return true;
        }
        $sign = $params['sign'];
        unset($params['sign']);
        $timestamp = $params['timestamp'];

        if (empty($sign) || ($timestamp+config('auth.api.sign.expire_time')) < time()) {
            return false;
        }

        return $sign == $this->signature($params);
    }

    private function signature($params)
    {
        ksort($params);

        $http_query = [];
        foreach ($params as $key => $value) {
            $http_query[] = $key.'='.$value;
        }

        return sha1(md5(implode('&', $http_query)).config('auth.api.sign.secret_key'));
    }
}