using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using System.Text;
using Volo.Abp.Modularity;

namespace Syc.Authorize.JwtBearer
{
    public class JwtBearerAuthenticationModule:AbpModule
    {
        public override void PreConfigureServices(ServiceConfigurationContext context)
        {
            base.PreConfigureServices(context);
        }


        public override void ConfigureServices(ServiceConfigurationContext context)
        {
            base.ConfigureServices(context);
            var jwtSection = context.Services.GetConfiguration()?.GetSection("JwtSetting");

            if (jwtSection is null)
                throw new FieldAccessException("配置文件中未找到 JwtSetting 节点");

            JwtBearerAuthenticationOptions jwtBearerAuthorizeOptions = jwtSection?.Get<JwtBearerAuthenticationOptions>();
            Configure<JwtBearerAuthenticationOptions>(jwtSection);

            Action<JwtBearerOptions> action = options =>
            {
                options.TokenValidationParameters = jwtBearerAuthorizeOptions.TokenValidationParameters ?? new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
                {
                    ValidateIssuerSigningKey = jwtBearerAuthorizeOptions.ValidateIssuerSigningKey,
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtBearerAuthorizeOptions.SecurityKey)),
                    ValidateIssuer = jwtBearerAuthorizeOptions.ValidateIssuer,
                    ValidIssuer = jwtBearerAuthorizeOptions.Issuer,
                    ValidateAudience = jwtBearerAuthorizeOptions.ValidateAudience,
                    ValidAudience = jwtBearerAuthorizeOptions.Audience,
                    ValidateLifetime = jwtBearerAuthorizeOptions.ValidateLifetime,
                    ClockSkew = TimeSpan.FromMinutes(jwtBearerAuthorizeOptions.ClockSkew)
                };
                options.Events = new JwtBearerEvents();
                options.Events.OnChallenge = jwtBearerAuthorizeOptions.OnChallenge;
                options.Events.OnForbidden = jwtBearerAuthorizeOptions.OnForbidden;
                options.Events.OnAuthenticationFailed = jwtBearerAuthorizeOptions.OnAuthenticationFailed;
            };

            context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(action);
            context.Services.AddAuthorization();
            context.Services.AddTransient<IAuthorizationMiddlewareResultHandler, AppAuthorizationMiddlewareResultHandler>();
        }
    }
}