package com.aizuda.boot.config;

import com.aizuda.boot.system.service.ISysResourceApiService;
import com.aizuda.service.web.UserSession;
import com.baomidou.kisso.SSOAuthorization;
import com.baomidou.kisso.security.token.SSOToken;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import jakarta.annotation.Resource;
import org.apache.commons.collections.CollectionUtils;
import org.springframework.stereotype.Component;

import java.util.List;
import java.util.concurrent.TimeUnit;

/**
 * 权限授权处理器
 *
 * @author 青苗
 * @since 2021-11-16
 */
@Component
public class Authorization implements SSOAuthorization {
    @Resource
    private ISysResourceApiService sysResourceApiService;

    /**
     * 用户权限编码列表缓存 15 分钟
     */
    protected Cache<Long, List<String>> codeListCache = Caffeine.newBuilder()
            .expireAfterWrite(15, TimeUnit.MINUTES)
            .maximumSize(1000)
            .build();

    /**
     * 用户权限编码校验缓存 5 分钟
     */
    protected Cache<String, Boolean> codeCache = Caffeine.newBuilder()
            .expireAfterWrite(5, TimeUnit.MINUTES)
            .maximumSize(6000)
            .build();

    @Override
    public boolean isPermitted(SSOToken token, String permission) {
        Long userId = Long.valueOf(token.getId());
        if (UserSession.isAdmin(userId)) {
            // 超级管理员免鉴权
            return true;
        }
        final String key = userId + permission;
        Boolean legalKey = codeCache.getIfPresent(key);
        if (null != legalKey) {
            return legalKey;
        }
        List<String> codeList = codeListCache.getIfPresent(userId);
        if (CollectionUtils.isEmpty(codeList)) {
            codeList = sysResourceApiService.listCodesByUserId(userId);
            codeListCache.put(userId, codeList);
        }
        // 判断当前权限编码是否存在
        legalKey = codeList.contains(permission);
        codeCache.put(key, legalKey);
        return legalKey;
    }
}