package com.ruoyi.framework.security;

import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.web.service.SysPermissionService;
import com.ruoyi.system.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import java.util.Set;

/**
 * 微信登录认证提供者
 * 类似于DaoAuthenticationProvider
 * 
 * @author ruoyi
 */
@Component
public class WechatAuthenticationProvider implements AuthenticationProvider
{
    @Autowired
    private ISysUserService userService;

    @Autowired
    private SysPermissionService permissionService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException
    {
        WechatAuthenticationToken wechatToken = (WechatAuthenticationToken) authentication;
        
        String openId = (String) wechatToken.getPrincipal();
        String unionId = (String) wechatToken.getCredentials();
        
        // 根据OpenID查询用户
        SysUser user = userService.selectUserByOpenId(openId);
        
        if (user == null)
        {
            throw new BadCredentialsException("该微信账号尚未绑定系统用户");
        }
        
        // 如果传入了unionId,进行额外验证
        if (StringUtils.isNotEmpty(unionId))
        {
            if (StringUtils.isNotEmpty(user.getUnionId()))
            {
                if (!unionId.equals(user.getUnionId()))
                {
                    throw new BadCredentialsException("微信账号验证失败");
                }
            }
        }
        
        // 检查用户状态
        if ("1".equals(user.getStatus()))
        {
            throw new BadCredentialsException("用户已被停用，请联系管理员");
        }
        
        if ("1".equals(user.getDelFlag()))
        {
            throw new BadCredentialsException("用户已被删除，请联系管理员");
        }
        
        // 获取用户权限
        Set<String> permissions = permissionService.getMenuPermission(user);
        
        // 创建LoginUser对象
        LoginUser loginUser = new LoginUser(user.getUserId(), user.getDeptId(), user, permissions);
        
        // 返回已认证的Token
        return new WechatAuthenticationToken(loginUser, unionId, loginUser.getAuthorities());
    }

    @Override
    public boolean supports(Class<?> authentication)
    {
        return WechatAuthenticationToken.class.isAssignableFrom(authentication);
    }
}