<?php

namespace app\middleware;

use app\support\AdminAuthService;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;

class AdminAuthMiddleware implements MiddlewareInterface
{
    public function process(Request $request, callable $handler): Response
    {
        $path = $request->path();
        if (!str_starts_with($path, '/api/admin')) {
            return $handler($request);
        }

        if (in_array($path, ['/api/admin/ping', '/api/admin/auth/login'], true)) {
            return $handler($request);
        }

        $authService = new AdminAuthService();
        $adminInfo = $authService->current($request);
        if (!$adminInfo) {
            return api_error('未登录或登录已过期', 401);
        }

        $permissionCodes = $this->permissionCodes($path, (string)$request->method());
        if ($permissionCodes && !$this->hasAnyPermission($authService, $adminInfo, $permissionCodes)) {
            return api_error('无权访问该后台功能', 403);
        }

        $request->setHeader('x-admin-id', (string)$adminInfo['id']);
        $request->setHeader('x-admin-name', (string)$adminInfo['name']);

        return $handler($request);
    }

    private function hasAnyPermission(AdminAuthService $authService, array $adminInfo, array $permissionCodes): bool
    {
        foreach ($permissionCodes as $permissionCode) {
            if ($authService->hasPermission($adminInfo, $permissionCode)) {
                return true;
            }
        }

        return false;
    }

    private function permissionCodes(string $path, string $method): array
    {
        return match (true) {
            str_starts_with($path, '/api/admin/dashboard') => ['dashboard.view'],
            str_starts_with($path, '/api/admin/file-upload/') => ['warehouse_workbench.manage', 'appraisal_tasks.manage', 'orders.manage'],
            str_starts_with($path, '/api/admin/manual-order/') => ['orders.manage', 'warehouse_workbench.manage'],
            str_starts_with($path, '/api/admin/orders') && strtoupper($method) === 'GET' => ['orders.manage', 'warehouse_workbench.manage'],
            str_starts_with($path, '/api/admin/order/') && strtoupper($method) === 'GET' => ['orders.manage', 'warehouse_workbench.manage'],
            str_starts_with($path, '/api/admin/orders'),
            str_starts_with($path, '/api/admin/order/') => ['orders.manage'],
            str_starts_with($path, '/api/admin/appraisal-tasks'),
            str_starts_with($path, '/api/admin/appraisal-task/') => ['appraisal_tasks.manage'],
            str_starts_with($path, '/api/admin/catalog/') => ['catalog.manage'],
            str_starts_with($path, '/api/admin/reports'),
            str_starts_with($path, '/api/admin/report/') => ['reports.manage'],
            str_starts_with($path, '/api/admin/messages') => ['messages.manage'],
            str_starts_with($path, '/api/admin/tickets'),
            str_starts_with($path, '/api/admin/ticket/') => ['tickets.manage'],
            str_starts_with($path, '/api/admin/users'),
            str_starts_with($path, '/api/admin/user/') => ['users.manage'],
            str_starts_with($path, '/api/admin/customers'),
            str_starts_with($path, '/api/admin/customer/') => ['customers.manage'],
            str_starts_with($path, '/api/admin/warehouse-workbench/') => ['warehouse_workbench.manage'],
            str_starts_with($path, '/api/admin/warehouses'),
            str_starts_with($path, '/api/admin/warehouse/') => ['warehouses.manage'],
            str_starts_with($path, '/api/admin/material/') => ['materials.manage'],
            str_starts_with($path, '/api/admin/access/') => ['access.manage'],
            str_starts_with($path, '/api/admin/content/') => ['system.manage'],
            str_starts_with($path, '/api/admin/system-configs') => ['system.manage'],
            str_starts_with($path, '/api/admin/auth/me'),
            str_starts_with($path, '/api/admin/auth/logout') => [],
            default => [],
        };
    }
}