package helpers

import (
	"github.com/TeaOSLab/EdgeUser/internal/utils/numberutils"
	"github.com/TeaOSLab/EdgeUser/internal/web/actions/default/login/loginutils"
	"github.com/iwind/TeaGo/actions"
	"net/http"
)

type UserShouldAuth struct {
	action *actions.ActionObject
}

func (this *UserShouldAuth) BeforeAction(actionPtr actions.ActionWrapper, paramName string) (goNext bool) {
	this.action = actionPtr.Object()

	// 检测注入
	if !safeFilterRequest(this.action.Request) {
		this.action.ResponseWriter.WriteHeader(http.StatusForbidden)
		_, _ = this.action.ResponseWriter.Write([]byte("Denied By WAF"))
		return false
	}

	var action = this.action
	action.AddHeader("X-Frame-Options", "SAMEORIGIN")
	action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:;")

	return true
}

// StoreUser 存储用户名到SESSION
func (this *UserShouldAuth) StoreUser(userId int64, remember bool) {
	loginutils.SetCookie(this.action, remember)
	this.action.Session().Write("userId", numberutils.FormatInt64(userId))
	this.action.Session().Write("@fingerprint", loginutils.CalculateClientFingerprint(this.action))
	this.action.Session().Write("@ip", loginutils.RemoteIP(this.action))
}

func (this *UserShouldAuth) IsUser() bool {
	return this.action.Session().GetInt("userId") > 0
}

func (this *UserShouldAuth) UserId() int64 {
	return this.action.Session().GetInt64("userId")
}

func (this *UserShouldAuth) Logout() {
	loginutils.UnsetCookie(this.action)
	this.action.Session().Delete()
}