using AspNetCore.Authentication.Basic;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using System.Security.Claims;
using System.Text;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

builder.Services.AddControllers();
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
builder.Services.AddOpenApi();
//ConfigureSwagger(builder.Services);
//ConfigureAuthentication(builder.Services);
builder.Services.AddSwaggerGen(x =>
{
    x.AddSecurityDefinition("OAuth2", new OpenApiSecurityScheme
    {
        Description = "OAuth2 Authorization: Click the authorize button below to redirect to third-party authentication.",
        Name = "Authorization",
        In = ParameterLocation.Header,
        BearerFormat = "JWT",
        Scheme = "Bearer",
        Type = SecuritySchemeType.OAuth2,
        Flows = new OpenApiOAuthFlows
        {
            AuthorizationCode = new OpenApiOAuthFlow
            {
                AuthorizationUrl = new Uri("http://localhost:32769/connect/authorize"), // OAuth授权端点
                TokenUrl = new Uri("http://localhost:32769/connect/token"), // OAuth令牌端点
                Scopes = new Dictionary<string, string>
                {
{ "Account", "User registration and login" },
{ "Email", "Email verification, send verification code" }
                }
            }
        },

    });
    x.AddSecurityRequirement(new OpenApiSecurityRequirement
        {
            {
                new OpenApiSecurityScheme
                {
                    Reference = new OpenApiReference
                    {
                        Type = ReferenceType.SecurityScheme,
                        Id = "OAuth2"
                    }
                },
                new string[] { }
            }
        });
});
builder.Services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; // 默认使用 Cookie 身份验证
    //options.DefaultChallengeScheme = OpenIddictDefaults.AuthenticationScheme; // 默认挑战方案
})
    .AddCookie(options =>
    {
        options.LoginPath = "/Account/Login"; // 配置登录路径
        options.LogoutPath = "/Account/Logout"; // 配置登出路径
        options.Cookie.HttpOnly = true; // 启用 Cookie 的 HttpOnly 属性
        options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // 配置 Cookie 的安全策略
    }).AddOAuth("OAuth2", x =>
{
    x.SignInScheme = "cookie";
    x.ClientId = "test1";
    x.ClientSecret = "test1";
    x.AuthorizationEndpoint = "http://localhost:5278/oauth/authorize";
    x.TokenEndpoint = "http://localhost:5278/oauth/token";
    x.CallbackPath = "/back/path";
});
var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.MapOpenApi();
}

app.UseSwagger();
app.UseSwaggerUI();
app.UseAuthorization();

app.MapControllers();

app.Run();
void ConfigureSwagger(IServiceCollection services)
{

    services.AddSwaggerGen(x =>
    {
        x.SwaggerDoc("v1", new OpenApiInfo { Title = builder.Environment.ApplicationName, Version = "v1" });
        //var baseDirectory = AppDomain.CurrentDomain.BaseDirectory;
        //var xmlFile = AppDomain.CurrentDomain.FriendlyName + ".xml";
        //var xmlPath = Path.Combine(baseDirectory, xmlFile);
        //x.IncludeXmlComments(xmlPath, true);
        //x.OrderActionsBy(x => x.RelativePath);
        //x.CustomOperationIds(x =>
        //{
        //    var controllerAction = x.ActionDescriptor as ControllerActionDescriptor;
        //    return controllerAction.ControllerName + "-" + controllerAction.ActionName;
        //});
        //x.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, xmlFile), true);

        // 添加JWT
        x.AddSecurityDefinition("Bearer", new Microsoft.OpenApi.Models.OpenApiSecurityScheme()
        {
            Description = "Enter the JWT authorization token in the request header: Bearer Token",
            Name = "Authorization",
            In = ParameterLocation.Header,
            Type = SecuritySchemeType.ApiKey,
            BearerFormat = "JWT",
            Scheme = "Bearer",
        });
        x.AddSecurityRequirement(new Microsoft.OpenApi.Models.OpenApiSecurityRequirement()
    {
        {
            new OpenApiSecurityScheme(){
                Reference = new OpenApiReference(){
                    Type=ReferenceType.SecurityScheme,
                    Id="Bearer"
                }
            },new string[]{ }
        }
    });
        // 添加 OAuth 认证支持
        x.AddSecurityDefinition("OAuth2", new OpenApiSecurityScheme
        {
            Description = "OAuth2 Authorization: Click the authorize button below to redirect to third-party authentication.",
            Name = "Authorization",
            In = ParameterLocation.Header,
            BearerFormat = "JWT",
            Scheme = "Bearer",
            Type = SecuritySchemeType.OAuth2,
            Flows = new OpenApiOAuthFlows
            {
                AuthorizationCode = new OpenApiOAuthFlow
                {
                    AuthorizationUrl = new Uri("http://localhost:32769/connect/authorize"), // OAuth授权端点
                    TokenUrl = new Uri("http://localhost:32769/connect/token"), // OAuth令牌端点
                    Scopes = new Dictionary<string, string>
                {
{ "Account", "User registration and login" },
{ "Email", "Email verification, send verification code" }
                }
                }
            },

        });
        x.AddSecurityRequirement(new OpenApiSecurityRequirement
        {
            {
                new OpenApiSecurityScheme
                {
                    Reference = new OpenApiReference
                    {
                        Type = ReferenceType.SecurityScheme,
                        Id = "OAuth2"
                    }
                },
                new string[] { }
            }
        });
        // Basic  认证
        x.AddSecurityDefinition("Basic", new OpenApiSecurityScheme
        {
            Name = "Authorization",
            Type = SecuritySchemeType.Http,
            Scheme = "basic",
            In = ParameterLocation.Header,
            Description = "Basic Authentication"
        });
        x.AddSecurityRequirement(new OpenApiSecurityRequirement{
        {
            new OpenApiSecurityScheme
            {
                Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "Basic" }
            },
            Array.Empty<string>()
        }
        });

        // Cookie 认证配置
        x.AddSecurityDefinition("Cookie", new OpenApiSecurityScheme
        {
            Name = "Cookie",
            Type = SecuritySchemeType.ApiKey,
            In = ParameterLocation.Cookie,
            Description = "Enter your session cookie"
        });
        x.AddSecurityRequirement(new OpenApiSecurityRequirement
        {
            {
                new OpenApiSecurityScheme
                {
                    Reference = new OpenApiReference
                    {
                        Type = ReferenceType.SecurityScheme,
                        Id = "Cookie"
                    }
                },
                new string[] { }
            }
        });

        x.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme()
        {
            In = ParameterLocation.Header,
            Name = "X-API-KEY",
            Type = SecuritySchemeType.ApiKey,
            Description = "API KEY Authentication"
        });
        x.AddSecurityRequirement(new OpenApiSecurityRequirement()
        {
            {
                new OpenApiSecurityScheme
            {
                Reference = new OpenApiReference
                {
                    Type = ReferenceType.SecurityScheme,
                    Id = "ApiKey"
                }
            },
            new string[] { }
            }
        });
    });


}
void ConfigureAuthentication(IServiceCollection services)
{
    services.AddAuthentication(x =>
    {
        x.DefaultAuthenticateScheme = "MultiAuthSchemes";
        x.DefaultChallengeScheme = "MultiAuthSchemes";
        x.DefaultForbidScheme = "MultiAuthSchemes";


    }).AddPolicyScheme("MultiAuthSchemes", "MultiAuthSchemes", options =>
    {
        // 这个策略方案会根据请求头决定使用哪个具体方案
        options.ForwardDefaultSelector = context =>
        {
            // 检查Authorization头
            string authorization = context.Request.Headers["Authorization"].FirstOrDefault();

            if (!string.IsNullOrEmpty(authorization))
            {
                if (authorization.StartsWith("Bearer "))
                    return JwtBearerDefaults.AuthenticationScheme;

                if (authorization.StartsWith("Basic "))
                    return "Basic";
            }

            // 检查cookie
            if (context.Request.Cookies.ContainsKey("AuthCookie"))
                return CookieAuthenticationDefaults.AuthenticationScheme;

            // 默认返回JWT（可根据需要修改）
            return JwtBearerDefaults.AuthenticationScheme;
        };
    })

        .AddJwtBearer(x =>
        {
            x.RequireHttpsMetadata = false;
            x.SaveToken = true;
            x.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
            {
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("12345678123456781234567812345678")),
                ValidIssuer = "token.Issuer",
                ValidAudience =" token.Audience",
                ValidateIssuerSigningKey = true,//是否验证SecurityKey
                ValidateIssuer = true,          //是否验证Issuer
                ValidateAudience = true,         //是否验证Audience
                ValidateLifetime = true,        //是否验证失效时间
                ClockSkew = TimeSpan.FromSeconds(30),//过期时间容错值
                RequireExpirationTime = true
            };
        })
        .AddOAuth("OAuth", x =>
        {
            x.ClientId = "Yu_App";
            x.ClientSecret = "123456";
            x.CallbackPath = "/signin-oauth";
            x.AuthorizationEndpoint = "1";
            x.TokenEndpoint = "1";
            x.Scope.Add("");
            x.SaveTokens = true;
            x.Events = new Microsoft.AspNetCore.Authentication.OAuth.OAuthEvents()
            {
                OnCreatingTicket = context =>
                {
                    // 在这里处理 OAuth 返回的数据，例如提取用户信息等

                    var identity = context.Principal.Identity;
                    var tokens = context.AccessToken;
                    var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
                    claimsIdentity?.AddClaim(new Claim("access_token", context.AccessToken));

                    return Task.CompletedTask;
                }
            };
        }).AddCookie()

    .AddBasic("Basic", x =>
    {
        x.Realm = "CloudTrade";
        x.ClaimsIssuer = "admin";
        x.SuppressWWWAuthenticateHeader = false;

        x.Events = new BasicEvents()
        {
            OnValidateCredentials = context =>
            {
                if (context.Username == "admin" && context.Password == "admin")
                {
                    var claims = new[] {
                        new Claim(ClaimTypes.Name,context.Username)
                    };
                    context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, context.Scheme.Name));
                    context.Success();
                }
                return Task.CompletedTask;
            }
        };
    })

    ;

    // services.AddAuthentication("ApiKey").AddScheme<AuthenticationSchemeOptions,>


    //  services.AddAuthentication("Basic").AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("Basic", null);
}