using System.Security.Claims;
using System.Text;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using CompetitionAPI.api.unity;
using Microsoft.EntityFrameworkCore.Metadata.Internal;
using Org.BouncyCastle.Asn1.Ocsp;
using Newtonsoft.Json.Linq;

namespace CompetitionAPI
{
    public class TokenService
    {
        private readonly string _secretKey;
        private readonly string _issuer;

        public TokenService(string secretKey, string issuer)
        {
            _secretKey = secretKey;
            _issuer = issuer;
        }

        public string GenerateToken(string userId, string roleId, int hour)
        {
            var tokenHandler = new JwtSecurityTokenHandler();
            var key = Encoding.ASCII.GetBytes(_secretKey);
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, userId), new Claim(ClaimTypes.Role, roleId) }),
                Expires = DateTime.UtcNow.AddHours(hour), // Token 过期时间
                Issuer = _issuer,
                SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
            };
            //注意：使用高版本下面这行代码会报错
            var token = tokenHandler.CreateToken(tokenDescriptor);
            var tokenString = tokenHandler.WriteToken(token);
            return tokenString;
        }

        public bool GenerateRefreshToken(string token, out string newToken, out string user_id)
        {
            var tokenHandler = new JwtSecurityTokenHandler();
            var key = Encoding.ASCII.GetBytes(_secretKey);
            newToken = "";
            user_id = "";
            try
            {
                tokenHandler.ValidateToken(token, new TokenValidationParameters
                {
                    ValidateIssuer = true,
                    ValidIssuer = _issuer,
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(key),
                    ValidateAudience = false, // 可选：是否验证 Audience
                    ValidateLifetime = true, // 是否验证 Token 是否过期
                    ClockSkew = TimeSpan.Zero // 设置时间偏差
                }, out var validatedToken);

                if (validatedToken != null)
                {
                    var model = ((System.IdentityModel.Tokens.Jwt.JwtSecurityToken)validatedToken).Claims;
                    // 从旧token中提取用户信息
                    var userId = model.First(claim => claim.Type == "nameid").Value;
                    var roleId = model.First(claim => claim.Type == "role").Value;
                    var result = false;
                    if (roleId == "2")
                    {
                        Competition.Mysql.BLL.admin_user bll = new Competition.Mysql.BLL.admin_user();
                        var user_model = bll.GetModel(userId);
                        if (user_model != null)
                        {
                            if (user_model.r4 == token)
                            {
                                result = true;
                            }
                        }
                    }
                    else
                    {
                        result = true;
                    }
                    if (result)
                    {
                        user_id = userId;
                        newToken = GenerateToken(userId, roleId, 3);
                        return true;
                    }
                    else
                    {
                        return false;
                    }
                }
                else
                {
                    return false;
                }
            }
            catch (Exception)
            {
                return false;
            }
        }
    }
}