<?php
declare (strict_types=1);

namespace app\middleware;

use app\service\MenuService;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use think\facade\Config;
use think\Response;

class AuthMiddleware
{
    /**
     * 处理请求
     */
    public function handle($request, \Closure $next)
    {
        // 获取当前控制器和操作
        $controller = $request->controller();
        $action = $request->action();
        
        // 白名单：不需要登录验证的操作
        $whiteList = [
            'User.login',
            'User.logout',
        ];
        
        $current = $controller . '.' . $action;
        if (in_array($current, $whiteList)) {
            return $next($request);
        }
        
        // 验证登录状态
        $userInfo = $this->checkLogin($request);
        if (!$userInfo) {
            return json_error([], '请先登录', 401);
        }
        
        // 将用户信息注入请求
        $request->userInfo = $userInfo;
        $request->userId = (int)$userInfo['user_id'];
        
        // 验证权限
        if (!$this->checkPermission((int)$userInfo['user_id'], $controller, $action)) {
            return json_error([], '无权限访问', 403);
        }
        
        return $next($request);
    }
    
    /**
     * 检查登录状态
     */
    protected function checkLogin($request): ?array
    {
        $token = $request->cookie('auth_token');
        if (!$token) {
            return null;
        }
        
        $decoded = parseToken($token);
        if (!$decoded) {
            return null;
        }
        
        return $decoded;
    }
    
    /**
     * 检查权限
     */
    protected function checkPermission(int $userId, string $controller, string $action): bool
    {
        // 使用MenuService检查权限
        return MenuService::checkPermission($userId, $controller, $action);
    }
}