package com.monkeylessey.framework.config;

import com.monkeylessey.framework.security.filter.JwtTokenFilter;
import com.monkeylessey.framework.security.handler.CustomLogoutSuccessHandler;
import com.monkeylessey.framework.security.handler.exception.AccessHandler;
import com.monkeylessey.framework.security.handler.exception.AuthenticationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


/**
 * @author 29443
 * @date 2022/4/4
 */
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Configuration
@ConditionalOnProperty(prefix = "xp-start.security", name = "session", havingValue = "false")
public class TokenSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomLogoutSuccessHandler customLogoutSuccessHandler;

    @Autowired
    private AccessHandler accessHandler;

    @Autowired
    private AuthenticationException authenticationException;


    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public JwtTokenFilter jwtTokenFilter() throws Exception {
        JwtTokenFilter jwtTokenFilter = new JwtTokenFilter(authenticationManagerBean());
        return jwtTokenFilter;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin();

        // 使用自定义异常处理
        http.exceptionHandling()
                .accessDeniedHandler(accessHandler)
                .authenticationEntryPoint(authenticationException);

        http.authorizeRequests()
                .antMatchers("/**").permitAll()
                .antMatchers(HttpMethod.POST, "/xpstart/login").permitAll()
                .antMatchers("/sys-table/columns/**").permitAll()
                .antMatchers("/ws/**").permitAll()
                .antMatchers("/register", "/captcha", "/sms", "/file/**").permitAll()
                .antMatchers("/doc.html", "/webjars/**", "/img.icons/**", "/swagger-resources/**", "/v2/api-docs", "/files/**").permitAll()
                .anyRequest().authenticated();

        // 退出登录
        http.logout()
                .logoutUrl("/logout")
                .logoutSuccessHandler(customLogoutSuccessHandler);

        // 暂时先关闭跨站请求伪造
        http.csrf().disable();
        // 开启跨域
        http.cors();

        // 不会创建session
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        // 添加jwt过滤器
        http.addFilter(jwtTokenFilter());


    }

    //忽略websocket拦截
    @Override
    public void configure(WebSecurity webSecurity){
        webSecurity.ignoring().antMatchers(
                "/ws/**"
        );
    }

}