<?php
/**
 * Controller is the customized base controller class.
 * All controller classes for this application should extend from this base class.
 */
class Controller extends CController
{
	/**
	 * @var string the default layout for the controller view. Defaults to '//layouts/column1',
	 * meaning using a single column layout. See 'protected/views/layouts/column1.php'.
	 */
	public $layout='//layouts/column1';

    public array $authIds = [];
    public array $companyIds = [];
    public array $schoolIds = [];
    private int $_userId = 0;

    /**
     * 检查请求方是否合法
     * @return void
     * @throws CHttpException
     */
    public function checkRequest(): void
    {
        if (LWM_ENV == 'dev') {
            header("Access-Control-Allow-Origin: *");
        } else {
            if (!str_contains(Yii::app()->request->hostInfo, Yii::app()->params['url'])) {
                throw new CHttpException(403, '非法访问');
            }
            header("Access-Control-Allow-Origin:" . Yii::app()->request->hostInfo);
        }
        
        header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
        header("Access-Control-Allow-Headers: Content-Type, Authorization, Cookie");
        if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
            exit(0); // 预检请求直接返回
        }
    }

    public function checkSign()
    {
        if (!\Yii::app()->request->isPostRequest || !empty($_FILES)) {
            return true;
        }
        if (!isset($_POST['sign'])) {
            return false;
        }
        if (!isset($_POST['timestamp']) || $_POST['timestamp'] < time() - 10) {
            return false;
        }
        $postSign = $_POST['sign'];
        unset($_POST['sign']); // 签名不计算sign
        $stringArray = []; // 对参与签名的参数进行排序
        foreach ($_POST as $k => $v) {
            if (is_array($v)) {
                $v = implode(',', $v);
            }
            $stringArray[] = $k . '=' . trim($v);
        }
        sort($stringArray, SORT_STRING);
        $query = implode('&', $stringArray);
        $sign = strtoupper(hash('sha256', $query . 'qwer'));
        if ($sign != $postSign) {
            Logger::errorMult($query, $sign);
            \CVarDumper::dump([$query, $sign, $postSign], 6, 1);die;
        }
        return $postSign == $sign;
    }

    /**
     * 限制操作频率
     * @param $second
     * @return void|null
     * @throws RedisException
     */
    public function dobuleCheck($second = 3)
    {
        $key = 'dobule_' . $this->_userId;
        if (!RedisInstance::getInstance()->setNx($key, 1, $second)) {
            return Helper::error('操作过于频繁');
        }
    }

    /**
     * @throws CHttpException
     */
    public function beforeAction($action): bool
    {
        $this->checkRequest();

        $token = $_SERVER['HTTP_AUTHORIZATION']?? '';
        $data = RedisInstance::getInstance()->get('user_token:'.$token);
        $this->_userId = $data['id']?? 0;

        Yii::app()->language = 'zh_cn';
		$controller = Yii::app()->controller->id;
		$action = $this->getAction()->getId();
        $path = strtolower($controller . '/'. $action);
		if( !in_array($controller, ['site'])
            &&!in_array($path, LewaimaiAdminPingtaiAuth::$noLoginRouters)
            && !$this->_userId
        ){
            Helper::error('请先登入', 401);
		}

        if (!$this->checkSign()) {
            Helper::error('签名错误', 402);
        }

        // 获取权限相关数据
        $this->_formatAuth();

		if (!LewaimaiAdminPingtaiAuth::adminAuth($controller, $action)
            && ($this->_userId && $this->_userId != 1)
        ) {
            Helper::error('您没有相应的权限');
		}

		return true;
	}

    private function _formatAuth(): void
    {
        $key = 'user_auth_' . $this->_userId;
        $data = RedisInstance::getInstance()->get($key);
        if (!$data) {
            $model = Useradmin::model()->findByPk($this->_userId);
            $authIds = DB::getScalerWithCriteria(
                'role',
                DbCriteria::simpleCompare(['id' => $model->role_id])->setSelect('auth_ids')
            );
            $this->authIds = $authIds ? explode(',', $authIds) : [];
            $this->companyIds = $model->company_ids ? explode(',', $model->company_ids) : [];
            $this->schoolIds = $model->school_ids ? explode(',', $model->school_ids) : [];
            $json = json_encode([
                'authIds' => $this->authIds,
                'companyIds' => $this->companyIds,
                'schoolIds' => $this->schoolIds,
            ]);
            RedisInstance::getInstance()->set($key, $json, 86400);
        } else {
            $data = json_decode($data, true);
            $this->authIds = $data['authIds'];
            $this->companyIds = $data['companyIds'];
            $this->schoolIds = $data['schoolIds'];
        }
        LewaimaiAdminPingtaiAuth::$authIds = $this->authIds;
    }

    public function clearAuth($id = 0)
    {
        $id = $id ? : $this->_userId;
        RedisInstance::getInstance()->delete('user_auth_' . $id);
    }

    public function getUserId()
    {
        return $this->_userId;
    }

    public function getSchoolFilter($filed = 'school_id'):?array
    {
        if ($this->_userId == 1 || in_array(-1, $this->companyIds)) {
            return null;
        }
        return $this->schoolIds;
    }

    public function checkSchoolId(int $id):bool
    {
        if ($this->_userId == 1 || in_array(-1, $this->schoolIds)) {
            return true;
        }
        return in_array($id, $this->schoolIds);
    }

    public function getCompanyFilter():?array
    {
        if ($this->_userId == 1 || in_array(-1, $this->companyIds)) {
            return null;
        }
        return $this->companyIds;
    }

    public function checkCompanyId(int $id):bool
    {
        if ($this->_userId == 1 || in_array(-1, $this->companyIds)) {
            return true;
        }
        return in_array($id, $this->companyIds);
    }
}