// Admin.NET é¡¹ç›®çš„ç‰ˆæƒã€å•†æ ‡ã€ä¸“åˆ©å’Œå…¶ä»–ç›¸å…³æƒåˆ©å‡å—ç›¸åº”æ³•å¾‹æ³•è§„çš„ä¿æŠ¤ã€‚ä½¿ç”¨æœ¬é¡¹ç›®åº”éµå®ˆç›¸å…³æ³•å¾‹æ³•è§„å’Œè®¸å¯è¯çš„è¦æ±‚ã€‚
//
// æœ¬é¡¹ç›®ä¸»è¦éµå¾ª MIT è®¸å¯è¯å’Œ Apache è®¸å¯è¯ï¼ˆç‰ˆæœ¬ 2.0ï¼‰è¿›è¡Œåˆ†å‘å’Œä½¿ç”¨ã€‚è®¸å¯è¯ä½äºŽæºä»£ç æ ‘æ ¹ç›®å½•ä¸çš„ LICENSE-MIT å’Œ LICENSE-APACHE æ–‡ä»¶ã€‚
//
// ä¸å¾—åˆ©ç”¨æœ¬é¡¹ç›®ä»Žäº‹å±å®³å›½å®¶å®‰å…¨ã€æ‰°ä¹±ç¤¾ä¼šç§©åºã€ä¾µçŠ¯ä»–äººåˆæ³•æƒç›Šç‰æ³•å¾‹æ³•è§„ç¦æ¢çš„æ´»åŠ¨ï¼ä»»ä½•åŸºäºŽæœ¬é¡¹ç›®äºŒæ¬¡å¼€å‘è€Œäº§ç”Ÿçš„ä¸€åˆ‡æ³•å¾‹çº çº·å’Œè´£ä»»ï¼Œæˆ‘ä»¬ä¸æ‰¿æ‹…ä»»ä½•è´£ä»»ï¼

using System.Security.Claims;
using System.Security.Cryptography;

namespace Admin.NET.Core.Service;

/// <summary>
/// å¼€æ”¾æŽ¥å£èº«ä»½æœåŠ¡ ðŸ§©
/// </summary>
[ApiDescriptionSettings(Order = 244)]
public class SysOpenAccessService : IDynamicApiController, ITransient
{
    private readonly SqlSugarRepository<SysOpenAccess> _sysOpenAccessRep;
    private readonly SysCacheService _sysCacheService;

    /// <summary>
    /// å¼€æ”¾æŽ¥å£èº«ä»½æœåŠ¡æž„é€ å‡½æ•°
    /// </summary>
    public SysOpenAccessService(SqlSugarRepository<SysOpenAccess> sysOpenAccessRep,
        SysCacheService sysCacheService)
    {
        _sysOpenAccessRep = sysOpenAccessRep;
        _sysCacheService = sysCacheService;
    }

    /// <summary>
    /// ç”Ÿæˆç¾å
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [DisplayName("ç”Ÿæˆç¾å")]
    public string GenerateSignature(GenerateSignatureInput input)
    {
        // å¯†é’¥
        var appSecretByte = Encoding.UTF8.GetBytes(input.AccessSecret);

        // æ‹¼æŽ¥å‚æ•°
        var parameter = $"{input.Method.ToString().ToUpper()}&{input.Url}&{input.AccessKey}&{input.Timestamp}&{input.Nonce}";
        // ä½¿ç”¨ HMAC-SHA256 åè®®åˆ›å»ºåŸºäºŽå“ˆå¸Œçš„æ¶ˆæ¯èº«ä»½éªŒè¯ä»£ç  (HMAC)ï¼Œä»¥appSecretByte ä½œä¸ºå¯†é’¥ï¼Œå¯¹ä¸Šé¢æ‹¼æŽ¥çš„å‚æ•°è¿›è¡Œè®¡ç®—ç¾åï¼Œæ‰€å¾—ç¾åè¿›è¡Œ Base-64 ç¼–ç 
        using HMAC hmac = new HMACSHA256();
        hmac.Key = appSecretByte;
        var sign = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(parameter)));
        return sign;
    }

    /// <summary>
    /// èŽ·å–å¼€æ”¾æŽ¥å£èº«ä»½åˆ†é¡µåˆ—è¡¨ ðŸ”–
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [DisplayName("èŽ·å–å¼€æ”¾æŽ¥å£èº«ä»½åˆ†é¡µåˆ—è¡¨")]
    public async Task<SqlSugarPagedList<OpenAccessOutput>> Page(OpenAccessInput input)
    {
        return await _sysOpenAccessRep.AsQueryable()
            .LeftJoin<SysUser>((u, a) => u.BindUserId == a.Id)
            .LeftJoin<SysTenant>((u, a, b) => u.BindTenantId == b.Id)
            .LeftJoin<SysOrg>((u, a, b, c) => b.OrgId == c.Id)
            .WhereIF(!string.IsNullOrWhiteSpace(input.AccessKey?.Trim()), (u, a, b, c) => u.AccessKey.Contains(input.AccessKey))
            .Select((u, a, b, c) => new OpenAccessOutput
            {
                BindUserAccount = a.Account,
                BindTenantName = c.Name,
            }, true)
            .ToPagedListAsync(input.Page, input.PageSize);
    }

    /// <summary>
    /// å¢žåŠ å¼€æ”¾æŽ¥å£èº«ä»½ ðŸ”–
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Add"), HttpPost]
    [DisplayName("å¢žåŠ å¼€æ”¾æŽ¥å£èº«ä»½")]
    public async Task AddOpenAccess(AddOpenAccessInput input)
    {
        if (await _sysOpenAccessRep.AsQueryable().AnyAsync(u => u.AccessKey == input.AccessKey && u.Id != input.Id))
            throw Oops.Oh(ErrorCodeEnum.O1000);

        var openAccess = input.Adapt<SysOpenAccess>();
        await _sysOpenAccessRep.InsertAsync(openAccess);
    }

    /// <summary>
    /// æ›´æ–°å¼€æ”¾æŽ¥å£èº«ä»½ ðŸ”–
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Update"), HttpPost]
    [DisplayName("æ›´æ–°å¼€æ”¾æŽ¥å£èº«ä»½")]
    public async Task UpdateOpenAccess(UpdateOpenAccessInput input)
    {
        if (await _sysOpenAccessRep.AsQueryable().AnyAsync(u => u.AccessKey == input.AccessKey && u.Id != input.Id))
            throw Oops.Oh(ErrorCodeEnum.O1000);

        var openAccess = input.Adapt<SysOpenAccess>();
        _sysCacheService.Remove(CacheConst.KeyOpenAccess + openAccess.AccessKey);

        await _sysOpenAccessRep.UpdateAsync(openAccess);
    }

    /// <summary>
    /// åˆ é™¤å¼€æ”¾æŽ¥å£èº«ä»½ ðŸ”–
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Delete"), HttpPost]
    [DisplayName("åˆ é™¤å¼€æ”¾æŽ¥å£èº«ä»½")]
    public async Task DeleteOpenAccess(DeleteOpenAccessInput input)
    {
        var openAccess = await _sysOpenAccessRep.GetFirstAsync(u => u.Id == input.Id);
        if (openAccess != null)
            _sysCacheService.Remove(CacheConst.KeyOpenAccess + openAccess.AccessKey);

        await _sysOpenAccessRep.DeleteAsync(u => u.Id == input.Id);
    }

    /// <summary>
    /// åˆ›å»ºå¯†é’¥ ðŸ”–
    /// </summary>
    /// <returns></returns>
    [DisplayName("åˆ›å»ºå¯†é’¥")]
    public async Task<string> CreateSecret()
    {
        return await Task.FromResult(Convert.ToBase64String(Guid.NewGuid().ToByteArray())[..^2]);
    }

    /// <summary>
    /// æ ¹æ® Key èŽ·å–å¯¹è±¡
    /// </summary>
    /// <param name="accessKey"></param>
    /// <returns></returns>
    [NonAction]
    public async Task<SysOpenAccess> GetByKey(string accessKey)
    {
        return await Task.FromResult(
            _sysCacheService.GetOrAdd(CacheConst.KeyOpenAccess + accessKey, _ =>
            {
                return _sysOpenAccessRep.AsQueryable()
                    .Includes(u => u.BindUser)
                    .Includes(u => u.BindUser, p => p.SysOrg)
                    .First(u => u.AccessKey == accessKey);
            })
        );
    }

    /// <summary>
    /// Signature èº«ä»½éªŒè¯äº‹ä»¶é»˜è®¤å®žçŽ°
    /// </summary>
    [NonAction]
    public static SignatureAuthenticationEvent GetSignatureAuthenticationEventImpl()
    {
        return new SignatureAuthenticationEvent
        {
            OnGetAccessSecret = context =>
            {
                var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<SysOpenAccessService>>();
                try
                {
                    var openAccessService = context.HttpContext.RequestServices.GetRequiredService<SysOpenAccessService>();
                    var openAccess = openAccessService.GetByKey(context.AccessKey).GetAwaiter().GetResult();
                    return Task.FromResult(openAccess == null ? "" : openAccess.AccessSecret);
                }
                catch (Exception ex)
                {
                    logger.LogError(ex, "å¼€æ”¾æŽ¥å£èº«ä»½éªŒè¯");
                    return Task.FromResult("");
                }
            },
            OnValidated = context =>
            {
                var openAccessService = context.HttpContext.RequestServices.GetRequiredService<SysOpenAccessService>();
                var openAccess = openAccessService.GetByKey(context.AccessKey).GetAwaiter().GetResult();
                var identity = ((ClaimsIdentity)context.Principal!.Identity!);

                identity.AddClaims(new[]
                {
                    new Claim(ClaimConst.UserId, openAccess.BindUserId + ""),
                    new Claim(ClaimConst.TenantId, openAccess.BindTenantId + ""),
                    new Claim(ClaimConst.Account, openAccess.BindUser.Account + ""),
                    new Claim(ClaimConst.RealName, openAccess.BindUser.RealName),
                    new Claim(ClaimConst.AccountType, ((int)openAccess.BindUser.AccountType).ToString()),
                    new Claim(ClaimConst.OrgId, openAccess.BindUser.OrgId + ""),
                    new Claim(ClaimConst.OrgName, openAccess.BindUser.SysOrg?.Name + ""),
                    new Claim(ClaimConst.OrgType, openAccess.BindUser.SysOrg?.Type + ""),
                });
                return Task.CompletedTask;
            }
        };
    }
}