using Microsoft.IdentityModel.Tokens;
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;

namespace Wood.Util.JwtAuthorization
{
	public class JwtHelper
	{
		/// <summary>
		/// 创建jwtToken
		/// </summary>
		/// <param name="info"></param>
		/// <returns></returns>
		public JwtToken CreateToken(JwtUserInfo info)
		{
			// 1. 定义需要使用到的Claims
			var claims = new[]
			{
				new Claim(nameof(info.RealName), info.RealName!), //HttpContext.User.Identity.Name
				new Claim(nameof(info.NickName), info.NickName!),
				new Claim(nameof(info.UserName), info.UserName!),
				new Claim(nameof(info.OrgId), info.OrgId.ToString()),
				new Claim(nameof(info.UserId), info.UserId.ToString()),
				new Claim(nameof(info.AccountType), ((int)info.AccountType).ToString()),
				new Claim(nameof(info.TenantId), info.TenantId.ToString())
			};

			// 2. 从 appsettings.json 中读取SecretKey
			var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(GlobalContext.JwtConfig!.SecretKey!));

			// 3. 选择加密算法
			var algorithm = SecurityAlgorithms.HmacSha256;

			// 4. 生成Credentials
			var signingCredentials = new SigningCredentials(secretKey, algorithm);

			// 5. 根据以上，生成token
			var tokenExpiresTime = DateTime.Now.AddMinutes(GlobalContext.JwtConfig!.TokenExpire);
			var jwtSecurityToken = new JwtSecurityToken(
				GlobalContext.JwtConfig!.Issuer!,     //Issuer
				GlobalContext.JwtConfig!.Audience!,   //Audience
				claims,                          //Claims,
				DateTime.Now,                    //notBefore
				tokenExpiresTime,    //expires
				signingCredentials               //Credentials
			);

			// 6. 将token变为string
			var token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
			var refreshToken = GenerateRefreshToken();
			return new JwtToken()
			{
				Token = token,
				RefreshToken = refreshToken,
				TokenExpiresTime= tokenExpiresTime,
				IssuedAt=DateTime.Now,
				RefreshTokenExpiresTime = DateTime.Now.AddDays(GlobalContext.JwtConfig.RefreshTokenExpire),
				Issuer= GlobalContext.JwtConfig!.Issuer!,
				Audience= GlobalContext.JwtConfig!.Audience!
			};
		}

		/// <summary>
		/// 生成 refreshToken
		/// </summary>
		/// <returns></returns>
		private string GenerateRefreshToken()
		{
			var randomNumber = new byte[32];
			using (var rng = RandomNumberGenerator.Create())
			{
				rng.GetBytes(randomNumber);
				return Convert.ToBase64String(randomNumber);
			}
		}
	}
}