<?php

namespace app\middleware;

use app\model\Camp;
use app\model\CampEmployee;
use app\model\Employee;
use Exception;
use Firebase\JWT\JWT;
use openssl\Aes;
use think\exception\HttpException;
use app\model\Company;
use app\model\AgentUser;
use app\logics\AgentsLogic;
use app\model\Setting;

/**
 * 接口权限验证中间件
 */
class Token
{
    public function handle($request, \Closure $next)
    {
        // 请求控制器获取
        $controller = lcfirst($request->controller());
        // 请求方法获取
        $action = lcfirst($request->action());

        // 调试信息
        trace('控制器：' . $controller, 'debug');
        trace('方法名：' . $action, 'debug');
        trace('参数：' . json_encode($request->param()), 'debug');

        // 无需jwt验证控制器与方法获取
        $notNeed = config('app.jwt_not_check');
        // 判断控制器是否需要验证jwt
        if (isset($notNeed['CONTROLLER']) && in_array($controller, $notNeed['CONTROLLER'])) return $next($request);

        // 判断控制器中是否有方法无需验证jwt
        if (isset($notNeed[$controller])) {
            // 是否是要判断都选项
            $rs = in_array($action, $notNeed[$controller]);
            // 如果是， 判断是否是排除还是包含关系
            if ($rs && !(isset($notNeed[$controller]['EXCEPT']) && $notNeed[$controller]['EXCEPT'] == true)) return $next($request);
        }

        $jwt = $request->header('Authorization');
        if (empty($jwt)) return json(['code' => 1, 'msg' => '请登录']);
        $jwt =  str_replace('bearer ', '', $jwt);

        try {
            JWT::$leeway = 60; //token的弹性有效时间
            $decoded = JWT::decode($jwt, config('app.jwt_key'), ['HS256']);
            $arr = (array) $decoded;
            $aes = new Aes(config('app.jwt_key'));
            $queryData = $aes->decrypt($arr['data']);
            parse_str($queryData, $token);
        } catch (Exception $e) {
            if ($request->isAjax()) {
                return json(['code' => 1, 'msg' => 'Token验证失败,请重新登录']);
            }

            throw new HttpException(404, 'Token验证失败,请重新登录');
        }

        $request->token = $token;
        //跳转添加经纪人控制器
        if ($controller == 'agentsWork') {
            $agtdata = Agentuser::where([['uid','=',$token['uid']],['root_id','=',$token['root_org']]])->find();
            if (!empty($agtdata) && $agtdata['status'] != 1) {
                return json(['code' => 1, 'msg' => '你的经纪人账号已停用']);
            } elseif (empty($agtdata)) {
                return json(['code' => 1, 'msg' => '你不属于经济人']);
            }
            $agentlog = new AgentsLogic();
            $daoday = 0;
            $agentlog->call_agt_integral($daoday, $agtdata['id'],$token['root_org']);
            $request->agtdata = $agtdata;
        }
        // 检测是否需要员工检测
        $employeeCheck = config('app.employee_check');
        if (!isset($employeeCheck['CONTROLLER']) || !in_array($controller, $employeeCheck['CONTROLLER'])) return $next($request);
        if (isset($employeeCheck[$controller]) && !in_array($action, $notNeed[$controller])) return $next($request);
        if (!$token['isEmployee'] || empty($token['employee_id'])) return json(['code' => 1, 'msg' => '请求失败']);

        // 判断是否离职
        if ($token['isEmployee']) {
            $employee = Employee::where(['id' => $token['employee_id']])->find();
            if ($employee->state == '离职' || $employee->disable == 1) return json(['code' => 403, 'msg' => '请重新登录']);
            if ($token['org_id'] != $employee->org_id) return json(['code' => 403, 'msg' => '部门变动，请重新登录']);
            $info = Company::where(['root_id' => $token['root_org']])->find();
            if ($info['end_date'] < date('Y-m-d') || $info['status'] == 1) return json(['code' => 403, 'msg' => '账号过期,请重新登录']);

            // 员工N天未登录限制进入小程序 设置是否开启
            $disable_day_setting = Setting::where([['name', '=', 'disable_day'], ['root_id', '=', $token['root_org']]])->findOrEmpty();
            if (!$disable_day_setting->isEmpty()) {
                $disable_switch = $disable_day_setting['content'];
                if ($disable_switch && $employee['last_login_time']) {
                    // 不受限制人员
                    $unlimit_check = false;
                    $unlimited_employee = Setting::where([['name', '=', 'disable_day_unlimited'], ['root_id', '=', $token['root_org']]])->findOrEmpty();
                    if (!$unlimited_employee->isEmpty()) {
                        $unlimited_ids = explode(',', $unlimited_employee['content']);
                        if (in_array($token['employee_id'], $unlimited_ids)) {
                            $unlimit_check = true;
                        }
                    }
                    if (!$unlimit_check) {
                        $last_login_time = time() - strtotime($employee['last_login_time']);
                        if ($last_login_time > 24*3600*5) {
                            // 限制进入
                            $employee->disable = 1;
                            $employee->save();
                            return json(['code' => 403, 'msg' => '请重新登录']);
                        }
                    }
                }
            }
            // 更新员工的上次登录时间
            $employee->last_login_time = date('Y-m-d H:i:s', time());
            $employee->save();
            //是否在新兵训练营中
            $camps = Camp::where([['root_id', '=', $token['root_org']], ['del', '=', 0]])->column('id');
            if ($camps && !in_array($controller,['train','exam']) && !in_array($action,['empdetail','haveOutCall','ticket'])) {
                $tw[] = ['camp_id', 'in', $camps];
                $check = CampEmployee::where([['state', '<>', '转正'], ['now', '=', 1], ['employee_id', '=', $token['employee_id']], ['root_id', '=', $token['root_org']]])->where($tw)->count();
                if ($check) {
                    $detail = Employee::with([
                        'company' => function ($query) {
                            $query->withField(['id', 'info', 'name', 'org_type']);
                        }, 'user' => function ($query) {
                            $query->withField(['id', 'phone', 'headimgurl', 'nickname', 'sex']);
                        }, 'org' => function ($query) {
                            $query->withField(['id', 'info', 'name', 'org_type']);
                        }
                    ])->field('id,phone,image_photo,is_manager,is_newbie,media_id,name,org_id,role,root_id,uid,qrcode,wx,position')->find($token['employee_id'])->toArray();
                    $res = array_merge($detail,$token);
                    return json(['code' => 601, 'msg' => '有未转正的新兵训练营。', 'data' => $res]);
                }
            }
        }

        return $next($request);
    }
}