package timing.ukulele.auth.security.handler;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.jwt.*;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import timing.ukulele.auth.config.property.TimingSecurityProperties;
import timing.ukulele.auth.model.Result;
import timing.ukulele.auth.util.JsonUtils;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.util.List;
import java.util.stream.Collectors;

/**
 * 登录成功处理类
 */
@Slf4j
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
    private final JwtEncoder encoder;
    private final TimingSecurityProperties securityProperties;

    public LoginSuccessHandler(JwtEncoder encoder, TimingSecurityProperties securityProperties) {
        this.encoder = encoder;
        this.securityProperties = securityProperties;
    }

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
        log.debug("登录成功.");
        Result<String> success = Result.success();
        Instant now = Instant.now();
        long expiry = 36000L;
        // @formatter:off
        List<String> scopes = authentication.getAuthorities().stream()
                .map(GrantedAuthority::getAuthority)
                .collect(Collectors.toList());
        JwtClaimsSet claims = JwtClaimsSet.builder()
                .issuer(securityProperties.getIssuerUrl())
                .issuedAt(now)
                .expiresAt(now.plusSeconds(expiry))
                .subject(authentication.getName())
                .claim("scope", scopes)
                .claim("userInfo", authentication.getPrincipal())
                .claim("authorities", authentication.getAuthorities())
                .build();
        String tokenValue = encoder.encode(JwtEncoderParameters.from(claims)).getTokenValue();
        success.setData(tokenValue);
        response.setCharacterEncoding(StandardCharsets.UTF_8.name());
        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
        response.getWriter().write(JsonUtils.objectCovertToJson(success));
        response.getWriter().flush();
    }

}