package ldap

import (
	"encoding/json"
	"errors"
	"ferry/global/orm"
	"ferry/models/system"
	"ferry/pkg/logger"
	"fmt"

	"github.com/go-ldap/ldap/v3"
	"github.com/spf13/viper"
)

/*
  @Author : lanyulei
*/

func getLdapFields() (ldapFields []map[string]string, err error) {
	var (
		settingsValue system.Settings
		contentList   []map[string]string
	)

	err = orm.Eloquent.Model(&settingsValue).Where("classify = 2").Find(&settingsValue).Error
	if err != nil {
		return
	}

	err = json.Unmarshal(settingsValue.Content, &contentList)
	if err != nil {
		return
	}

	for _, v := range contentList {
		if v["ldap_field_name"] != "" {
			ldapFields = append(ldapFields, v)
		}
	}
	return
}

func searchRequest(username string) (userInfo *ldap.Entry, err error) {
	var (
		ldapFields       []map[string]string
		cur              *ldap.SearchResult
		ldapFieldsFilter = []string{
			"dn",
		}
	)
	ldapFields, err = getLdapFields()
	for _, v := range ldapFields {
		ldapFieldsFilter = append(ldapFieldsFilter, v["ldap_field_name"])
	}
	// 用来获取查询权限的用户。如果 ldap 禁止了匿名查询，那我们就需要先用这个帐户 bind 以下才能开始查询
	if !viper.GetBool("settings.ldap.anonymousQuery") {
		err = conn.Bind(
			fmt.Sprintf("cn=%v,%v",
				viper.GetString("settings.ldap.bindUser"),
				viper.GetString("settings.ldap.baseDn")),
			viper.GetString("settings.ldap.bindPwd"))
		if err != nil {
			logger.Error("用户或密码错误。", err)
			return
		}
	}

	sql := ldap.NewSearchRequest(
		viper.GetString("settings.ldap.baseDn"),
		ldap.ScopeWholeSubtree,
		ldap.DerefAlways,
		0,
		0,
		false,
		fmt.Sprintf("(cn=%s)", username),
		ldapFieldsFilter,
		nil)

	if cur, err = conn.Search(sql); err != nil {
		err = errors.New(fmt.Sprintf("在Ldap搜索用户失败, %v", err))
		logger.Error(err)
		return
	}

	if len(cur.Entries) == 0 {
		err = errors.New("未查询到对应的用户信息。")
		logger.Error(err)
		return
	}

	userInfo = cur.Entries[0]

	return
}