<?php
/**
 * Controller is the customized base controller class.
 * All controller classes for this application should extend from this base class.
 */
class Controller extends CController
{
	/**
	 * @var string the default layout for the controller view. Defaults to '//layouts/column1',
	 * meaning using a single column layout. See 'protected/views/layouts/column1.php'.
	 */
	public $layout='//layouts/column1';

    /**
     * 检查请求方是否合法
     * @return void
     * @throws CHttpException
     */
    private function _checkRequest(): void
    {
        if (LWM_ENV == 'dev') {
            header("Access-Control-Allow-Origin: *");
        } else {
            if (!str_contains(Yii::app()->request->hostInfo, Yii::app()->params['url'])) {
                throw new CHttpException(403, '非法访问');
            }
            header("Access-Control-Allow-Origin:" . Yii::app()->request->hostInfo);
        }
        
        header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
        header("Access-Control-Allow-Headers: Content-Type, Authorization, Cookie");
        if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
            exit(0); // 预检请求直接返回
        }
    }

    private function _checkSign()
    {
        if (!\Yii::app()->request->isPostRequest) {
            return true;
        }
        if (!isset($_POST['sign'])) {
            return false;
        }
        $paramArray = [];
        unset($paramArray['sign']); // 签名不计算sign
        $stringArray = []; // 对参与签名的参数进行排序
        foreach ($_POST as $k => $v) {
            $stringArray[] = "{$k}={$v}";
        }
        sort($stringArray, SORT_STRING);
        $query = implode('&', $stringArray) . 'v1wqe21wmjhop';
        $sign = strtoupper(hash('sha256', $query));
        Logger::errorMult($query, $sign, $sign == $_POST['sign']);
        return $_POST['sign'] == $sign;
    }

    /**
     * @throws CHttpException
     */
    public function beforeAction($action): bool
    {
        $this->_checkRequest();

        Yii::app()->language = 'zh_cn';
		$controller = Yii::app()->controller->id;
		$action = $this->getAction()->getId();
        $path = strtolower($controller . '/'. $action);

		if($controller != 'common'
            &&!in_array($path, LewaimaiAdminPingtaiAuth::$noLoginRouters)
            && Yii::app()->user->isGuest
        ){
            Helper::error('请先登入', 401);
		}

		if (!LewaimaiAdminPingtaiAuth::adminAuth($controller, $action)
            && (!Yii::app()->user->isGuest && Yii::app()->user->_id != 1)
        ) {
            Helper::error('您没有相应的权限');
		}
		return true;
	}
}