package auth_jwt

import (
	"fmt"
	"github.com/dgrijalva/jwt-go"
	"github.com/gogf/gf/errors/gerror"
	"time"
)

const (
	SecretKey     = "ZHNmZ2Z5cnR5amttZ25iZGZzZ2V3dzQ1NDM2NHJkYXNnZGZnamdoajM0ZGZnaHJ0dTY="
	TokenDuration = 15 * time.Minute
)

// JWTManager is a JSON web token manager
type JWTManager struct {
	secretKey     string
	tokenDuration time.Duration
}

//UserClaims 自定义的JWT声明，包含一些用户信息
type UserClaims struct {
	jwt.StandardClaims
	Username string   `json:"username"`
	Roles    []string `json:"roles"`
}

// NewJWTManager returns a new JWT manager
func NewJWTManager(secretKey string, tokenDuration time.Duration) *JWTManager {

	if secretKey == "" {
		secretKey = SecretKey
	}
	return &JWTManager{secretKey, tokenDuration}
}

// Generate generates and signs a new token for a user
func (manager *JWTManager) CreateToken(Id, userName string, Roles []string) (string, error) {
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
		"iss":      "VioUser viodoc.com",             // Issuer，该JWT的签发者
		"aud":      "viodoc.com",                     //目标受众
		"nbf":      time.Now().Unix(),                //不早于
		"exp":      time.Now().Add(time.Hour).Unix(), // Expiration Time，过期时间
		"sub":      "VioUser viodoc.com",             // Subject，主题
		"Id":       Id,
		"username": userName,
		"Roles":    Roles,
	})

	return token.SignedString([]byte(manager.secretKey))
}

// Verify 验证token字符串，如果token有效，则返回用户声明
func (manager *JWTManager) Verify(accessToken string) (*UserClaims, error) {
	token, err := jwt.ParseWithClaims(
		accessToken, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
			if token.Header["alg"] != "HS256" {
				return nil, gerror.New("算法有误，只支持HS256算法")
			}
			return []byte(manager.secretKey), nil
		})

	if err != nil {
		return nil, fmt.Errorf(err.Error())
	}

	claims, ok := token.Claims.(*UserClaims)
	if !ok {
		return nil, fmt.Errorf("token定义无效")
	}

	return claims, nil
}

//从token中获取用户唯一标识
func userClaimFromToken(tokenInfo UserClaims) string {
	return tokenInfo.Username
}