<?php

namespace App\Module\OAuth\Controllers;

use App\Http\Controllers\Controller;
use App\Module\OAuth\Services\OAuth;
use App\Module\OAuth\Services\AuthService;
use Illuminate\Http\Request;
use Illuminate\Http\JsonResponse;
use Illuminate\View\View;

class AuthorizeController extends Controller
{
    protected $auth;

    public function __construct(AuthService $auth)
    {
        $this->auth = $auth;
    }

    /**
     * 显示授权页面
     */
    public function authorize(Request $request)
    {
        // 验证请求参数
        $request->validate([
            'response_type' => 'required|in:code,token',
            'client_id' => 'required|string',
            'redirect_uri' => 'required|url',
            'scope' => 'nullable|string',
            'state' => 'nullable|string',
        ]);

        // 获取客户端信息
        $client = OAuth::getClient($request->client_id);
        if (!$client) {
            return response()->json([
                'error' => 'invalid_client',
                'error_description' => '无效的客户端'
            ], 400);
        }

        // 验证回调地址
//        dd($request->redirect_uri);
        if ($client->redirect_uri !== $request->redirect_uri) {
            return response()->json([
                'error' => 'invalid_redirect_uri',
                'error_description' => '无效的回调地址'
            ], 400);
        }

        // 如果用户未登录，保存授权请求参数并重定向到登录页面
        if (!$this->auth->check()) {
            // 保存授权请求参数到session
            session(['oauth_authorize_params' => $request->all()]);
            return redirect()->route('login');
        }

        $user = $this->auth->user();

        // 显示授权页面
        return view('oauth::authorize', [
            'client' => $client,
            'scopes' => $request->scope ? explode(' ', $request->scope) : [],
            'redirect_uri' => $request->redirect_uri,
            'response_type' => $request->response_type,
            'state' => $request->state,
            'scope' => $request->scope,
        ]);
    }

    /**
     * 处理授权请求
     */
    public function approve(Request $request)
    {
        // 验证请求
        $request->validate([
            'client_id' => 'required|string',
            'redirect_uri' => 'required|url',
            'response_type' => 'required|in:code,token',
            'scope' => 'nullable|string',
            'state' => 'nullable|string',
            'approve' => 'required|boolean',
        ]);

        // 如果用户未登录，保存授权请求参数并重定向到登录页面
        if (!$this->auth->check()) {
            session(['oauth_authorize_params' => $request->all()]);
            return redirect()->route('login');
        }

        $user = $this->auth->user();

        // 如果用户拒绝授权
        if (!$request->approve) {
            $params = [
                'error' => 'access_denied',
                'error_description' => '用户拒绝授权'
            ];
            if ($request->state) {
                $params['state'] = $request->state;
            }
            $url= $request->redirect_uri . '?' . http_build_query($params);


        }else{


            // 根据响应类型处理
            if ($request->response_type === 'token') {
                // 简化模式，直接返回访问令牌
                $token = OAuth::createAccessToken(
                    $request->client_id,
                    $user['id'],
                    $request->scope ? explode(' ', $request->scope) : []
                );

                $params = [
                    'access_token' => $token->access_token,
                    'token_type' => 'Bearer',
                    'expires_in' => $token->expires_at->diffInSeconds(now()),
                    'scope' => implode(' ', $token->scope ?? []),
                ];

                if ($request->state) {
                    $params['state'] = $request->state;
                }
                $url =$request->redirect_uri . '#' . http_build_query($params);


            } else {
                // 授权码模式，生成授权码
                $code = bin2hex(random_bytes(32));

                // 存储授权码信息
                cache()->put('oauth_auth_code:' . $code, [
                    'client_id' => $request->client_id,
                    'user_id' => $user['id'],
                    'scope' => $request->scope,
                    'redirect_uri' => $request->redirect_uri,
                ], 600); // 10分钟有效期

                $params = ['code' => $code];
                if ($request->state) {
                    $params['state'] = $request->state;
                }
                $url =  $request->redirect_uri . '?' . http_build_query($params);


            }
        }

        return response()->redirectTo($url);

    }
}