package com.qs.serve.common.config;

import com.qs.serve.common.config.properties.PermitProperties;
import com.qs.serve.common.framework.security.filter.SecurityRequestFilter;
import com.qs.serve.common.framework.security.handler.SecurityAccessDeniedHandler;
import com.qs.serve.common.framework.security.handler.SecurityLogoutHandler;
import lombok.AllArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;

/**
 * @author YenHex
 * @since 2021/6/13
 */
@Configuration
@AllArgsConstructor
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final SecurityRequestFilter securityRequestFilter;
    private final UserDetailsService userService;
    private final PermitProperties permitProperties;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        List<String> permitUrls = new ArrayList<>();
        if(permitProperties.getPermits()!=null){ permitUrls.addAll(permitProperties.getPermits()); }
        if(permitProperties.getTenants()!=null){ permitUrls.addAll(permitProperties.getTenants()); }
        permitUrls = permitUrls.stream().distinct().collect(Collectors.toList());
        String[] permit_urls = new String[permitUrls.size()];
        permitUrls.toArray(permit_urls);
        http.csrf().disable();
        http.authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS.toString()).permitAll()
                .antMatchers(permit_urls).permitAll()
                //.antMatchers().permitAll() //测试用
                .anyRequest().authenticated();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.logout()
                .logoutUrl("/portal/logout")
                .addLogoutHandler(new SecurityLogoutHandler())
                .invalidateHttpSession(true);
        http.headers().cacheControl();
        http.addFilterBefore(securityRequestFilter, UsernamePasswordAuthenticationFilter.class);
        http.exceptionHandling().accessDeniedHandler(new SecurityAccessDeniedHandler());
        //http.formLogin().failureHandler(new SecurityAuthenticationFailureHandler());
    }

    @Override
    public UserDetailsService userDetailsService() {
        return userService;
    }

}