package auth

import (
	"crypto/sha1"
	"errors"
	"fmt"
	"math/rand"
	"strings"

	"git.shuncheng.lu/bigthing/gocommon/pkg/conf"
	"git.shuncheng.lu/bigthing/gocommon/pkg/logger"
)

const (
	serviceKey = "30346876b3f45bab965823b9aa64a1a4"
	key        = "key"
	name       = "name"
)

var (
	serviceTokenVerifyFail = errors.New("service token verify fail")
	serviceTokenInvalid    = errors.New("service_token invalid")
)

//服务Service-token的生成
func GenerateToken(node string) string {
	// 需要配置 node 的 key 和 name
	keySec := conf.GetString(node, key, "")
	serviceName := conf.GetString(node, name, "")
	randInt := rand.Intn(10000)
	payload := fmt.Sprintf("%s.%d", serviceName, randInt)

	//sha1加密
	str := fmt.Sprintf("%s%s", payload, keySec)
	h := sha1.New()
	h.Write([]byte(str))
	bs := h.Sum(nil)

	return fmt.Sprintf("%s.%x", payload, bs)
}

//Service-token的验证
func VerifyToken(token string) (bool, error) {
	tokenArr := strings.Split(token, ".")
	if len(tokenArr) != 3 {
		return false, serviceTokenInvalid
	}

	h := sha1.New()
	str := fmt.Sprintf("%s.%s%s", tokenArr[0], tokenArr[1], serviceKey)
	_, err := h.Write([]byte(str))
	if err != nil {
		return false, err
	}

	bs := h.Sum(nil)
	sign := fmt.Sprintf("%x", bs)
	if !strings.EqualFold(sign, tokenArr[2]) {
		logger.Errorf("[service-token] service token verify fail, sign: %s, client_token: %s, token: %s, str: %s", sign, tokenArr[2], token, str)
		return false, serviceTokenVerifyFail
	}

	return true, nil
}