package routers

import (
	"ERP_user/conf"
	"ERP_user/logs"
	"ERP_user/models/Account"
	"github.com/beego/beego/v2/server/web/context"
	"gogs.baozhida.cn/zoie/ERP_libs/lib"
	"strings"
)

var (
	filterExcludeURLMap        = make(map[string]int) // 不鉴权的URL
	filterOnlyLoginCheckURLMap = make(map[string]int) // 只鉴权登录的URL
)

func init() {
	//初始化配置 不鉴权的URL和只鉴权登录的URL
	logs.Println("=========== 初始化路由筛选信息 =========")

	excludeUrl := conf.FilterExcludeURL
	if len(excludeUrl) > 0 {
		excludeUrlSlice := strings.Split(excludeUrl, ",")
		if len(excludeUrlSlice) > 0 {
			for _, v := range excludeUrlSlice {
				filterExcludeURLMap[v] = 1
			}
		}
	}
	checkLoginUrl := conf.FilterOnlyLoginCheckURL
	if len(checkLoginUrl) > 0 {
		checkLoginUrlSlice := strings.Split(checkLoginUrl, ",")
		if len(checkLoginUrlSlice) > 0 {
			for _, v := range checkLoginUrlSlice {
				filterOnlyLoginCheckURLMap[v] = 1
			}
		}
	}
}

func RBACFilter(ctx *context.Context) {
	//判断URL是否排除
	if _, ok := filterExcludeURLMap[ctx.Request.URL.Path]; ok {
		return
	}
	b_, admin_r := Account.Verification(ctx.GetCookie("User_tokey"), ctx.Input.Query("User_tokey"))
	if !b_ {
		ctx.Output.JSON(lib.JSONS{Code: 201, Msg: "请重新登陆!"}, true, false)
		return
	}
	//判断是否只验证登录的URL
	if _, ok := filterOnlyLoginCheckURLMap[ctx.Request.URL.Path]; b_ && ok {
		return
	}

	power, _ := Account.Read_Power_ByT_id(admin_r.T_power)

	if power.T_menu == "*" {
		return
	}

	api := Account.Read_API_List_ByPower(power.T_id, power.T_menu)
	flag := false
	for _, v := range api {
		if v.T_uri == ctx.Request.URL.Path {
			flag = true
			break
		}
	}
	if !flag {
		data := lib.JSONS{Code: 202, Msg: "无权访问!"}
		ctx.Output.JSON(data, true, false)
		return
	}

}