package middleware

import (
	"net/http"

	"management/internal/erpserver/model/dto"
	v1 "management/internal/erpserver/service/v1"
	"management/internal/pkg/know"
	"management/internal/pkg/session"
)

var publicRoutes = map[string]bool{
	"/home.html":          true,
	"/dashboard":          true,
	"/system/menus":       true,
	"/upload/img":         true,
	"/upload/file":        true,
	"/upload/multi_files": true,
	"/pear.json":          true,
	"/logout":             true,
}

func Authorize(
	sess session.Manager,
	menuService v1.MenuService,
) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			ctx := r.Context()
			path := r.URL.Path

			// 登陆检查
			user, err := sess.GetUser(ctx, know.StoreName)
			if err != nil || user.ID == 0 {
				http.Redirect(w, r, "/", http.StatusFound)
				return
			}

			// 公共路由放行
			if publicRoutes[path] {
				next.ServeHTTP(w, r)
				return
			}

			// 权限检查
			menus, err := menuService.ListByRoleIDToMap(ctx, user.RoleID)
			if err != nil || !hasPermission(menus, path) {
				http.Error(w, "Forbidden", http.StatusForbidden)
				return
			}

			next.ServeHTTP(w, r)
		})
	}
}

func hasPermission(menus map[string]*dto.OwnerMenuDto, path string) bool {
	_, ok := menus[path]
	return ok
}