<?php
// +----------------------------------------------------------------------
// | CRMEB [ CRMEB赋能开发者，助力企业发展 ]
// +----------------------------------------------------------------------
// | Copyright (c) 2016~2023 https://www.crmeb.com All rights reserved.
// +----------------------------------------------------------------------
// | Licensed CRMEB并不是自由软件，未经许可不能去掉CRMEB相关版权
// +----------------------------------------------------------------------
// | Author: CRMEB Team <admin@crmeb.com>
// +----------------------------------------------------------------------
namespace app\adminapi\controller;

use app\services\user\UserServices;
use crmeb\services\CacheService;
use think\facade\App;
use crmeb\utils\Captcha;
use app\services\system\admin\SystemAdminServices;
use think\facade\Log;
use think\facade\Db;
/**
 * 后台登陆
 * Class Login
 * @package app\adminapi\controller
 */
class Login extends AuthController
{

    /**
     * Login constructor.
     * @param App $app
     * @param SystemAdminServices $services
     */
    public function __construct(App $app, SystemAdminServices $services)
    {
        parent::__construct($app);
        $this->services = $services;
    }

    protected function initialize()
    {
        // TODO: Implement initialize() method.
    }

    /**
     * 验证码
     * @return $this|\think\Response
     */
    public function captcha()
    {
        return app()->make(Captcha::class)->create();
    }

    /**
     * @return mixed
     */
    public function ajcaptcha()
    {
        $captchaType = $this->request->get('captchaType');
        return app('json')->success(aj_captcha_create($captchaType));
    }

    /**
     * 一次验证
     * @return mixed
     */
    public function ajcheck()
    {
        [$token, $pointJson, $captchaType] = $this->request->postMore([
            ['token', ''],
            ['pointJson', ''],
            ['captchaType', ''],
        ], true);
        try {
            aj_captcha_check_one($captchaType, $token, $pointJson);
            return app('json')->success();
        } catch (\Throwable $e) {
            return app('json')->fail(400336);
        }
    }

    /**
     * 登陆
     * @return mixed
     * @throws \think\db\exception\DataNotFoundException
     * @throws \think\db\exception\DbException
     * @throws \think\db\exception\ModelNotFoundException
     */
    public function login()
    {
        [$account, $password, $key, $captchaVerification, $captchaType] = $this->request->postMore([
            'account',
            'pwd',
            ['key', ''],
            ['captchaVerification', ''],
            ['captchaType', '']
        ], true);

        if ($captchaVerification != '') {
            try {
                aj_captcha_check_two($captchaType, $captchaVerification);
            } catch (\Throwable $e) {
                return app('json')->fail(400336);
            }
        }

        if (strlen(trim($password)) < 6 || strlen(trim($password)) > 32) {
            return app('json')->fail(400762);
        }

        $this->validate(['account' => $account, 'pwd' => $password], \app\adminapi\validate\setting\SystemAdminValidata::class, 'get');
        $result = $this->services->login($account, $password, 'admin', $key);
        if (!$result) {
            $num = CacheService::get('login_captcha', 1);
            if ($num > 1) {
                return app('json')->fail(400140, ['login_captcha' => 1]);
            }
            CacheService::set('login_captcha', $num + 1, 60);
            return app('json')->fail(400140, ['login_captcha' => 0]);
        }
        CacheService::delete('login_captcha');
        return app('json')->success($result);
    }

    /**
     * 获取后台登录页轮播图以及LOGO
     * @return mixed
     */
    public function info()
    {
        return app('json')->success($this->services->getLoginInfo());
    }


    private function validateRequest($time,$sign) {
        $end_key = "hunantianmuzhineng_2025";
        // 2. 检查参数是否存在
        if ($time === null || $sign === null) {
            return false;
        }

        // 3. 验证时间戳有效性（可选但推荐）
        $currentTime = time();
        $timeDiff = abs($currentTime - (int)$time);
        $maxAllowedDiff = 300; // 允许的最大时间差（5分钟）

        if ($timeDiff > $maxAllowedDiff) {
            return false;
        }

        // 4. 计算服务端签名
        $serverSign = md5($time . $end_key);

        // 5. 安全比较签名（防止时序攻击）
        if (!hash_equals($serverSign, $sign)) {
            return false;
        }

        // 验证通过，继续后续业务逻辑
        return true;
    }
    public function getUserScore(){
        $unionid = $this->request->get('unionid');
        $time = $this->request->get('time');
        $sign = $this->request->get('sign');
        $isRight = $this->validateRequest($time,$sign);
        if(!$isRight){
            return app('json')->fail("无权限");
        }
        $userService = app()->make(UserServices::class);
        $userInfo = $userService->getUserScore($unionid);
        $info = array('unionid' => $unionid,'integral' => $userInfo['integral']);
        if(!$userInfo['uid']){
            $info['code'] = 0;
        }else{
            $info['code'] = 1;
        }
        return app('json')->success($info);
    }


    private function checkLock($orderId, $unionId, $score){
        // 2. 准备 INSERT IGNORE SQL 语句
        // 使用 IGNORE 关键字，如果 order_id 主键冲突，则忽略本次插入
        $sql = "INSERT IGNORE INTO `eb_score_record` (`order_id`, `create_time`, `uniond_id`, `score`) VALUES (?, NOW(), ?, ?)";

        // 3. 准备绑定的参数，防止SQL注入
        $params = [$orderId, $unionId, $score];

        try {
            // 4. 执行 SQL
            $affectedRows = Db::execute($sql, $params);

            // 5. 判断执行结果
            if ($affectedRows > 0) {
                return true;
            } else {
              return false;
            }

        } catch (\Exception $e) {
            Log::error($e->getMessage());
            return false;
        }
    }
    public function addScore(){
        [$unionid, $score, $integration_status,$title,$mark,$order_id,$time,$sign] = $this->request->postMore([
            ['unionid', ''],
            ['score', ''],
            ['integration_status', ''],
            ['title', ''],
            ['mark', ''],
            ['order_id', ''],
            ['time', ''],
            ['sign', ''],
        ], true);
        $isRight = $this->validateRequest($time,$sign);
        if(!$isRight){
            return app('json')->fail("无权限");
        }
        $canAdd = $this->checkLock($order_id,$unionid,$score);
        if(!$canAdd){
            return app('json')->fail("流水号已经存在");
        }
        $userService = app()->make(UserServices::class);
        $userInfo = $userService->getUserScore($unionid);

        $uid = $userInfo['uid'];
        $data = array('integration' => $score,'integration_status'=>$integration_status);
        $data['title'] = $title;
        $data['mark'] = $mark;
        $data['is_other'] = true;
        Log::error($data);
        $result = $userService->addScore($uid,$data);
        $info = array('unionid' => $unionid);
        if($result){
            $info['code'] = 1;
        }else{
            $info['code'] = 0;
        }
        return app('json')->success($info);
    }
}